Home page logo
/

basics logo Security Basics mailing list archives

Re: nmap udp scan takes too long
From: Armando Quintananieves <aquintananieves () gmail com>
Date: Thu, 5 Jul 2012 10:04:27 -0400

I am looking for a tool like nmap that would help me penetrate a filter port. 

Any idea in what I can use. 

The ip address is inside a proxy server. 

Armando Quintananieves


On Jul 5, 2012, at 2:55 AM, pentester <pentester () surfhier nl> wrote:

I agree that nmap is a cool tool. It just ain't the right tool to do a udp scan. The reason is that it waits for a 
response, if no response, then it retries a couple of times. There is no need to. There are other scanners who do a 
better job for udp scanning. unicornscan doesn't wait for answers, it just continues scanning. When you start 
unicornscan, it also starts a listener. Because the listener is catches all responses, the sender doesn't have to 
wait for responses, like nmap does. A typical full udp port scan costs less than 4 minutes per host and open ports 
are found. Also if a port is reported open, you can be sure it's open and not either open or filtered.

nmap has a lot of cool options that unicornscan doesn't have. But unicornscan beats nmap as it comes to udp scanning. 
It's just a matter of using the right tools for the job.

Cor


On Jul 4, 2012, at 11:16 PM, anonymous wrote:

On 06/29/2012 05:32 AM, pentester wrote:
Reason is that nmap waits for a response, retries, waits etc. Once it decides the port is not responding it 
continues. There is a little smartness, because nmap tries different ports simultaneously.
Another scanner solves this issue. unicornscan typically scans al 64k ports in 3 minutes and 45 seconds when you 
use a scan rate of 300 packets per seconds

To my knowledge, unicornscan is today still the best way to do a udp scan. Possible issue is that it is available 
in Linux only. I have not seen working versions on Windows or Mac (although I expect in theory it should be 
possible to get it working on Mac).

Cor

On Jun 29, 2012, at 9:13 AM, a bv wrote:

Hi,

Using mosly zenmap , udp scan takes so long mostly . I try to scan all
ports 1-65535 but also i do that at tcp scan too at the same port
range but tcp scan takes too little time according to udp. I start to
udp scan a few local hosts

and after a day when i turn to the screen i see that it gives %40.3
etc and not completed yet (not sure if it still continues to scan).
What can be the reason and what is the best /efficient way to do a udp
scan?


Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Well yes ofcourse Nmap UDP scans are going to take some time to scan
this is a well known fact. Open and filtered ports rarely send any kind
of response which leaves nmap to time-out and the retry transmissions
just in case the the probe or scan was lost. Linux in general usually is
very strict about sending out ICMP port unreachable messages and usually
limits this to 1 ICMP port unreachable message per second which is
another big reason why UDP scans take a very long.

Also remember that scans like UDP or full scans where you are scanning
all 65,000+ ports instead of the default popular 1,000 ports which nmap
scans by default should be ran in the background and you can come back
to scans later and view or compare your results.

There are however a few things you can do to speed up UDP scans with Nmap.

1. Try scanning popular UDP ports first. By using the (-F) option i
believe nmap will scan the most popular 100 UDP ports and this tends to
finish very quickly. You can do this first then go back to doing a full
UDP scan in the background if you need results quickly.

2. Try setting --version-intensity 0
This tells nmap to only try probes that are probably going to be the
most effective against the target network.

3. Try using --host-timeout to skip slow responding hosts.


There are other things you can do to improve the overall performance of
nmap but these are just some quick suggestions to get you started.


Again nmap is probably the greatest tool out there, and there are so
many things that you can do with it. Most people only use probably 10%
of nmap's potential. I would suggest getting the nmap book by fyodor, it
is sometimes a difficult read but it is a great book for sure.

-nighthawk

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]