Nmap Development mailing list archives
[OT] How To Ask Questions The Smart Way - Re: Question about timings
From: kx <kxmail () gmail com>
Date: Sat, 18 Mar 2006 22:47:33 -0500
Ron, I have an itching feeling that your post might just get ignored. But, I am feeling helpful (and verbose) tonight so here are a few pointers, and this might help anyone posting to the nmap-dev list in the future. These are my opinions solely, and Fyodor may just trounce this later, but these are guidelines I've tried to follow while posting here and elsewhere... and has generally been received well. While I think the nmap-dev community is pretty helpful, and Fyodor is one of the most accessible hacker rock stars out there, realize that the "hacker" and open source development community is pretty snobby and elitist. Not because we all think we are l33t (I definitely am not), but because we have full time jobs, do this as a hobby, and in many cases, would charge big bucks in our real jobs to answer a question like yours. So to start, I recommend taking a look at ESR's "How To Ask Questions The Smart Way" http://catb.org/~esr/faqs/smart-questions.html "How To Become A Hacker" http://www.catb.org/~esr/faqs/hacker-howto.html is also some great reading and is relevant as well. Fyodor recommends it on his good reading list. So let's look at a few things, from the "questions" article: "Before You Ask" http://catb.org/~esr/faqs/smart-questions.html#before "When you ask your question, display the fact that you have done these things first; this will help establish that you're not being a lazy sponge and wasting people's time. Better yet, display what you have learned from doing these things. We like answering questions for people who have demonstrated they can learn from the answers." In your question, you showed a little understanding of what you know, but in no way demonstrated what you did to figure it out. Have you searched the nmap-dev archives? Have you read the man pages, especially: http://www.insecure.org/nmap/man/man-performance.html Have you run your own experiments in detail, and if so, what options did you set and what effects did they have? For example, in my quick experiment before this post, I had these results scanning from a Windows XP SP2 machine:
nmap -sS 192.168.1.1
Starting Nmap 4.01 ( http://www.insecure.org/nmap ) at 2006-03-18 22:18 Eastern Standard Time Interesting ports on 192.168.1.1: (The 1671 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 80/tcp open http MAC Address: 00:04:5A:EF:AE:13 (The Linksys Group) Nmap finished: 1 IP address (1 host up) scanned in 4.657 seconds
nmap -sT 192.168.1.1
Starting Nmap 4.01 ( http://www.insecure.org/nmap ) at 2006-03-18 22:01 Eastern Standard Time Interesting ports on 192.168.1.1: (The 1671 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE 80/tcp open http MAC Address: 00:04:5A:EF:AE:13 (The Linksys Group) Nmap finished: 1 IP address (1 host up) scanned in 94.641 seconds A SYN scan is dramatically faster in my scans of my home router using the default nmap settings. Posting a similar output, as well as providing information about your setup, would have dramatically aided in answering your question. In fact, you may have found some scanning setup, target OS, or options combination where a SYN scan was slower than a Connect scan, and we would want to investigate the reason why further, as it may aid other nmap users. "Choose your forum carefully" - While nmap-dev is an authoritative source, it is generally for technical development related discussions. Did you read the "About this list" page? http://cgi.insecure.org/mailman/listinfo/nmap-dev Perhaps the Security Basics mailing list might be a more appropriate forum? http://www.securityfocus.com/archive/105/description "it is also an excellent resource for the beginner who wants a non-threatening place to learn the ropes." And finally, perhaps the most relevant section: "Don't post homework questions" So here are my pointers, if you haven't been exposed to it already in school, I recommend understanding the scientific method, http://en.wikipedia.org/wiki/Scientific_method Read through the nmap manual, it isn't that long and it is essential if you want to understand what you are actually doing when using nmap. I've also enjoyed "Secrets of Network Cartography: A Comprehensive Guide to nmap" http://www.networkuptime.com/nmap/index.shtml I highly recommend using a packet sniffer like Ethereal http://www.ethereal.com/ when observing and understanding port scanners. Hope that helps, and best of luck on your assignment. You did pick a great topic. Cheers, kx On 3/18/06, Ron <iago () valhallalegends com> wrote:
Hello, I'm doing a school project on port mapping (why not?), and I was looking at the timings for different scans. I noticed that a SYN scan (-sS) takes a little bit more time than a Connect scan (-sT). Does anybody know why? I figured that -sS would be faster because it uses less packets, but apparently that's not the case. Thanks Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- [OT] How To Ask Questions The Smart Way - Re: Question about timings kx (Mar 18)