nmap questions

From: Steven A. Fletcher (sfletcher_at_integrityts.com)
Date: 06/04/04

  • Next message: John Floyd: "RE: Outlook Web Access"
    Date: Fri, 4 Jun 2004 00:34:19 -0500
    To: <security-basics@securityfocus.com>

    I'm not sure if this is the right place to ask this or not, but I
    thought I would give it a try.

    I have run into an interesting problem when trying to UDP port scans
    with nmap. TCP SYN scans work fine, but if I try doing a UDP scan, it
    comes back with "Too many drops ... increasing senddelay" numerous times
    in a row. It does seem that if I leave the scan running long enough, it
    eventually completes the scan. On a very small network, this is not a
    problem. However, on larger networks, I do not wish to wait that long.
    Also, it happens on an internal network, so the problem does not appear
    to be that the hosts are behind a firewall.

    I have been trying to do what I can to have the scan finish in a fairly
    reasonable amount of time, so I was hoping to improve the performance,
    if possible. A Google search returned nothing helpful, so that is why I
    am trying here.

    Just in case it is needed, here is the command line I am using:

                    nmap -sS -sU -O -v -oA test -T3 -F --min_parallelism 100

    Also, the machine is running MandrakeLinux 9.2 and kernel version

    Any help is greatly appreciated.

    Steve Fletcher
    Senior Network Engineer, MCSE, Master ASE, CCNA
    Integrity Technology Solutions
    Phone: (309)664-8129
    Toll Free: (888) 764-8100 ext. 129
    Fax: (309) 662-6421

    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:

  • Next message: John Floyd: "RE: Outlook Web Access"