Re: resuming scan

[Daniel Miller <bonsaiviking () gmail com>]

Gary,

Nmap scans targets in groups called "hostgroups" and writes output to a
file when all of the hosts in one hostgroup have finished scanning. The
size of a hostgroup depends on several factors including:

* Duration of the scan (first hostgroup is usually smaller in order to give
results sooner)
* Number of total hosts scanned
* Timing template (-T option)
* Value of --max-hostgroup or --min-hostgroup option

If you have a scan with lots of scan phases (like -A, which includes port
scan, version scan, NSE script scan, OS detection, and traceroute), then it
can take a while for a hostgroup to finish. You can get results sooner with
a small --max-hostgroup value, but it can slow down the whole scan by using
less parallelism. You can also set a --host-timeout value to simply drop
results from hosts that are slowing you down.

Dan

On Fri, May 27, 2016 at 5:55 AM, Gary Madarm <gmadarm () gmail com> wrote:

> The nmap man page says that I can resume a scan via the --resume flag.
> Based on the nmap book it looks like I need to point --resume to the -oN or
> -oG output. However, when running long scans those files are always mostly
> empty besides for containing the command I used to kick of the scan. Where
> does nmap store the partial results after terminating a scan in the middle?
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/