Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: very nmap service scans

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 30 Jun 2011 07:08:38 -0500
To help answer this question, here's some information on version scanning: A
default version scan sends up to 22 probes per tcp port and 15 probes per
UDP port [1]. That's worst-case, since if the version is identified before
that the scan will stop for that port. To speed things up, you could specify
--version-light, which only sends the most likely probes, and reduces the
number to 3 TCP and 2 UDP probes (in addition to any probes designed
specifically for the ports that are open). This could result in a major
speedup, but will make the scan less likely to identify all services.

Dan

[1] awk '/^Probe/{p=$2};/^rarity/{for(i=$2;i<10;i++)f[p,i]++}END{for(i in
f)print i,f[i]}' nmap-service-probes | sort -n

On Wed, Jun 29, 2011 at 10:39 AM, Chris Clements <cclements () flatearth net>wrote:


When I run the following nmap (svn 24435) command on my local network:

Nmap ­A ­vvvv ­sSUCV ­O ­T4 ‹max-scan-delay 200ms ‹masx-rtt-timeout 200ms
192.168.2.25-254

The tcp and udp scans complete in ~14s and discover a total of 50 open
ports
across 11 hosts.  The service scan then starts and takes around an hour and
a half, followed by the NSE scan that takes around 15s.  Two questions
about
this:

1.  With the configured timings and responses of the tcp, udp, and nse
scans, is it expected that a default version scan would take 1.5h for 50
open ports (total, not per host)?

2.  Is there a way I can increase the speed of the version scan?  While it
is running, a tcpdump only shows between 3-10 packets per second being
sent,
and through put varying from 30 bytes/sec to 2 Kb/sec.

Chris Clements


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: