Nmap Development mailing list archives
Re: Host timeouts on large SYN scans
From: pierre.lalet () cea fr
Date: Mon, 24 Sep 2012 14:31:54 +0200
Hello,
When does this happen? Is it 15m after the start of the entire scan, or 15m after the start of the hostgroup? Or something else?This happens 15m after the start of the hostgroup.
Exactly, or whatever the --host-timeout value is.
Can you show us the rest of the command line you are using?I let Pierre answer this, but this we could also observe without any timing/performance related parameter.
Sure, we use : -vv -n -oX log.xml -iL - -PS -PA -PU -PE -PP -PO -sS -A --host-timeout 15m We've also tried --host-timeout 60m with the same results.
Does this same thing happen if you write 4096 IP addresses in random order to a file, and then read -iL from that file?This is one of the next things we wanted to try, not done yet.
This does exactly the same. So replacing "-iL -" with "-iL alltargets" (~20k lines) gives the same result :
$ grep -E '<task(begin|end) task="SYN' log.xml <taskbegin task="SYN Stealth Scan" time="1348472973"/><taskend task="SYN Stealth Scan" time="1348472975" extrainfo="4000 total ports"/>
<taskbegin task="SYN Stealth Scan" time="1348473114"/><taskend task="SYN Stealth Scan" time="1348473539" extrainfo="1 host timed out"/>
<taskbegin task="SYN Stealth Scan" time="1348475230"/><taskend task="SYN Stealth Scan" time="1348475300" extrainfo="64000 total ports"/>
<taskbegin task="SYN Stealth Scan" time="1348476424"/><taskend task="SYN Stealth Scan" time="1348476451" extrainfo="64000 total ports"/>
<taskbegin task="SYN Stealth Scan" time="1348477681"/><taskend task="SYN Stealth Scan" time="1348477703" extrainfo="64000 total ports"/>
<taskbegin task="SYN Stealth Scan" time="1348478885"/><taskend task="SYN Stealth Scan" time="1348478963" extrainfo="64000 total ports"/>
<taskbegin task="SYN Stealth Scan" time="1348480930"/><taskend task="SYN Stealth Scan" time="1348480953" extrainfo="64000 total ports"/>
<taskbegin task="SYN Stealth Scan" time="1348482185"/><taskend task="SYN Stealth Scan" time="1348482205" extrainfo="64000 total ports"/>
<taskbegin task="SYN Stealth Scan" time="1348483324"/><taskend task="SYN Stealth Scan" time="1348484218" extrainfo="1 host timed out"/>
<taskbegin task="SYN Stealth Scan" time="1348485433"/><taskend task="SYN Stealth Scan" time="1348486366" extrainfo="64 hosts timed out"/>
<taskbegin task="SYN Stealth Scan" time="1348486622"/><taskend task="SYN Stealth Scan" time="1348487498" extrainfo="64 hosts timed out"/>
I don't always get these "1 host timed out" messages, and I think they are OK (i.e., some hosts really need more than 15m to get scanned).
Regards, Pierre _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Host timeouts on large SYN scans pierre . lalet (Sep 21)
- Re: Host timeouts on large SYN scans David Fifield (Sep 21)
- Re: Host timeouts on large SYN scans Henri Doreau (Sep 22)
- Re: Host timeouts on large SYN scans David Fifield (Sep 22)
- Message not available
- Re: Host timeouts on large SYN scans pierre . lalet (Sep 24)
- Re: Host timeouts on large SYN scans Henri Doreau (Sep 22)
- Re: Host timeouts on large SYN scans pierre . lalet (Sep 24)
- Re: Host timeouts on large SYN scans David Fifield (Sep 21)