> One point missing... version of nmap? I ran into a problem with some
Latest version (3.81). Tried the RPM as well as a custom compiled version:
same issues. I just tried setting max_scan_delay to 0. Nmap now no longer
mentions the need for increasing the send delay, but nevertheless, the
problems remain.
>I also found that nmap would stall some times on a single host, which is
>why I originally wrote my nmap wrapper to run X number of nmap processes in
>parallel. I think at last count I was scanning more than 180K IPs in less
>than 16 hours, but I had ICMP enabled for all my hosts to/from my
>monitoring host.
I know nmap will probably be able to do better timing if ICMP is enabled,
but I prefer the the audit machine not to have any special privileges when
performing scans. I could run more processes in parallel, by wrapping up
some threads from a script, but I think the min_hostgroup option I'm using
should achieve more or less the same. Although an improvement of this option
might be to have it start new hosts after the first one is finished.
Currently I'm scanning 52 hosts simultaniously. 45 hosts that have no open
ports perform as they should and finish within the hour. 7 hosts with open
ports take about 9,5 hour to complete. It would be nice if it were possible
to instruct nmap to start scanning host 53 as soon as the first one is
finished, in stead of waiting for all 52 to complete. But this just as a
side note. I am really curious why some of the hosts take >9 hours to
complete, even though I set all the possible timeout parameters....
maarten
>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Apr 20 2005
Intro
