Nmap Development mailing list archives
Re: Scans jamming
From: David Fifield <david () bamsoftware com>
Date: Fri, 26 Feb 2010 11:42:46 -0700
On Thu, Dec 03, 2009 at 04:57:49PM +0200, Mika Arasola wrote:
I have a created a script that scans networks with nmap. I've scheduled it so it starts a new network about every 12 hours or so (each network scanned twice in the 12 hours), and it's run from cron. Occasionally some of these runs seem to jam completely, and I can't quite figure out what is causing it. It seems to me that it is not related to delays in the previous run (so there are several at a time) but to make sure I have changed the script so that each run has unique output files. Looking now at the currently jammed scan it seems to have gone through 191 ip-addresses of class C network. No errors in the output and this is the second run (meaning it has already completed the first more intensive scan). I'm doing 12 scans per week and at least one of them jams (changes every week). Any idea what could be going wrong?
Something you can do is run with the debugging option -d (or even higher, with -d2 for example) to see what is going on. If you start to see messages like this: Increased max_successful_tryno for 192.168.0.1 to 6 (packet drop) Increasing send delay for 192.168.0.1 from 100 to 200 due to max_successful_tryno increase to 6 it means that the sending rate-limiter has started. That can slow down scans a lot. Also try running with --packet-trace to see if the scan has really stopped. While the scan is running, you can press p and P (shift-p) to turn packet tracing on and off. Also while a scan is running, you can press the enter key to get a status report. That will tell you if the program is hanging during the port scan or during version scan. These interactive controls won't work if you're running Nmap from inside a script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Scans jamming David Fifield (Feb 26)