Re: Advice on Fastest NMAP Scan

From: GuidoZ (uberguidoz_at_gmail.com)
Date: 10/28/04

  • Next message: Locher Thomas: "RE: Log analyser for Exchange 5.5" 
    Date: Wed, 27 Oct 2004 21:23:47 -0400
To: security-basics@securityfocus.com

    Personally, I'd trust the author to give correct advice. ;)

    Good to see you on here Fyodor. When do you expect the book to be due out? 

    --
Peace. ~G
On Tue, 26 Oct 2004 16:05:57 -0700, Fyodor <fyodor@insecure.org> wrote:
> On Tue, Oct 26, 2004 at 09:58:50AM -0500, Mogren, Jack L. wrote:
> >
> > Here's what I've come up with so far.
> >
> > nmap -O -T4 -PE -F --osscan_limit -oX /home/security/test.xml -iL /home/security/ip_addresses.txt
> >
> >   Any comments or suggestions?
> 
> First off, make sure that you are using Nmap 3.75.  Nmap 3.70 included
> a complete port scan engine rewrite for better performance (among
> other advantages) and then 3.75 tweaked it to be even better.  You can
> obtain Nmap 3.75 from http://www.insecure.org/nmap .
> 
> Since you know your network, you may be able to help Nmap by setting a
> maximum retransmission timeout.  Are you scanning over multiple
> continents, or just a local network?  If you can assume that responses
> won't take more than 100ms, add --max_rtt_timeout 100 for a big speed
> boost.  Also, use a large host group such as --min_hostgroup 128 so
> that many hosts are scanned in parallel.  Play with the numbers a bit
> to figure out what works best on your particular network.  You could
> also consider a custom nmap-services file with just a couple hundred
> of the most common TCP ports.  Even the -F option still scans more
> than 1200 ports by default.
> 
> I would be interested to hear how it goes.  If you find that it is too
> slow for your needs, let me know.  I am working on a performance
> chapter of my upcoming O'Reilly Nmap book, so I have studied several
> such large network situations.  A class B and several class C's
> shouldn't be any problem at all for regular scanning.  Your "entire
> private address space" make take a while, depending on your setup.
> Scanning 10.0.0.0/8 is 16 million IPs, so don't expect it to complete
> during lunch.  Some of the tools that claim incredibly speeds don't
> even handle retransmissions or other reliability requirements.
> 
> I hope this helps,
> Fyodor
>
  • Next message: Locher Thomas: "RE: Log analyser for Exchange 5.5"

    Relevant Pages

    • Re: Advice on Fastest NMAP Scan
      ... when I try nmap scanning within Nessus, it just take ages to finish the ... initial scanning process. ... or just a local network? ...
      (Security-Basics)
    • Re: Nmap scanning speed
      ... > I have to scan a large network. ... is it possible to get good port scanning speed of over 700 ports per second from nmap? ...
      (Pen-Test)
    • Re: Advice on Fastest NMAP Scan
      ... make sure that you are using Nmap 3.75. ... or just a local network? ... of the most common TCP ports. ... shouldn't be any problem at all for regular scanning. ...
      (Security-Basics)
    • RE: Advice on Fastest NMAP Scan
      ... They do not have to modify NMAP, it is fine as it is. ... initial scanning process. ... or just a local network? ... > of the most common TCP ports. ...
      (Security-Basics)
    • RE: Nmap output
      ... Try using Nlog. ... NLog is a set of PERL scripts for managing and analyzing your nmap 2.0+ ... web based service gateway to an internal network. ...
      (Pen-Test)