Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: faster scans? (nmap)

From: Steve Maks <smaks () verisign com>
Date: Mon, 3 Jun 2002 12:09:10 -0500 
Take a look at the rtt options in nmap (min/max/initial_rtt_timeout), it's
pretty much required to modify them when you are scanning hosts with -P0.
Depending on your connection and the target's connection, you can greatly
improve the scan speed.

Steve

-----Original Message-----
From: wirepair [mailto:wirepair () roguemail net]
Sent: Saturday, June 01, 2002 4:36 PM
To: pen-test () securityfocus com
Subject: faster scans? (nmap)


lo all.
I'm sure most of you at some point in time need to scan 
class c after class c for hosts responding (most likely 
using nmap). Here's the issue, multiple class C's, must 
scan every ip with the -P0 option. Doing some testing with 
various flags to decrease the timing and still have the 
results be reliable. 1-1000 ports takes about 1293 
seconds... x 65.5 x 254 == hella long time. I'm doing 
vanilla tcp connect scans (Syns aren't reliable in this 
case), so I was wondering if any of you have any tips on 
speeding up the process and not loosing reliablity. Here's 
the actual syntax nmap -sT -v -n -P0 -p 1- ip.ip.ip.ip-ip. 
I've tried setting the amount of sockets to use to 100 and 
that increased it from 1293 to 588seconds. Still there's 
gotta be a better way. The reason they take this long is 
because there is no host at the ips i'm trying to scan, 
but still this is discovery and every ip needs to be 
scanned. Maybe changing timeouts in /proc/sys ? I'm 
running out of ideas any suggestions would be helpful 
(there really isn't much out there in the way of 
increasing timing on scans) Hell maybe i should be using a 
different scanner? Thanks,
wire
_____________________________
For the best comics, toys, movies, and more,
please visit <http://www.tfaw.com/?qt=wmf>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: