Re: Scans jamming

[David Fifield <david () bamsoftware com>]

On Thu, Dec 03, 2009 at 04:57:49PM +0200, Mika Arasola wrote:
> I have a created a script that scans networks with nmap. I've scheduled it
> so it starts a new network about every 12 hours or so (each network scanned
> twice in the 12 hours), and it's run from cron. Occasionally some of these
> runs seem to jam completely, and I can't quite figure out what is causing
> it. It seems to me that it is not related to delays in the previous run (so
> there are several at a time) but to make sure I have changed the script so
> that each run has unique output files.
>
> Looking now at the currently jammed scan it seems to have gone through 191
> ip-addresses of class C network. No errors in the output and this is the
> second run (meaning it has already completed the first more intensive scan).
> I'm doing 12 scans per week and at least one of them jams (changes every
> week).
>
> Any idea what could be going wrong?

Something you can do is run with the debugging option -d (or even
higher, with -d2 for example) to see what is going on. If you start to
see messages like this:

Increased max_successful_tryno for 192.168.0.1 to 6 (packet drop)
Increasing send delay for 192.168.0.1 from 100 to 200 due to max_successful_tryno increase to 6

it means that the sending rate-limiter has started. That can slow down
scans a lot.

Also try running with --packet-trace to see if the scan has really
stopped. While the scan is running, you can press p and P (shift-p) to
turn packet tracing on and off. Also while a scan is running, you can
press the enter key to get a status report. That will tell you if the
program is hanging during the port scan or during version scan. These
interactive controls won't work if you're running Nmap from inside a
script.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/