Nmap Development mailing list archives
Re: massping issue
From: Justin Azoff <JAzoff () uamail albany edu>
Date: Mon, 06 Apr 2009 13:39:06 -0400
David Fifield wrote:
On Thu, Apr 02, 2009 at 09:06:50AM -0400, Justin Azoff wrote:Hi, since upgrading from debian etch nmap to debian lenny nmap (4.11 to 4.62) I noticed that a script that runs a ping scan across our /16 stopped finding 90% of the hosts.Thanks for your detailed report. I don't think --host-timeout is what you want here. You want --max-rtt-timeout instead. --host-timeout is an absolute start-to-finish limit on total time taken for each host. Because 4096 hosts are scanned in parallel during ping scan, you are only allowing 2 seconds to scan all 4096 of them.
That makes sense..
The reason you got more hosts with 4.11 is that massping didn't respect --host-timeout in that version. The option simply didn't have an effect during ping scans. Now host are allowed to time out during ping scans, and two seconds
ah, so it's been using the default timeouts all this time and I never noticed :-)
So try using --max-rtt-timeout instead. Host timeouts are usually specified in at least minutes, and RTT timeouts are usually in milliseconds. David Fifield
Yep, that fixed things right up. I usually use --max-rtt-timeout for port scans, ping sweeps were the only place I was still using --host-timeout. -- -- Justin Azoff -- Network Performance Analyst _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- massping issue Justin Azoff (Apr 02)
- Re: massping issue David Fifield (Apr 02)
- Re: massping issue Justin Azoff (Apr 06)
- Re: massping issue David Fifield (Apr 02)