Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Scan 3 thousand host consume severals hour

Re: Scan 3 thousand host consume severals hour

From: Andreas Ericsson <ae_at_op5.se>
Date: Tue, 20 Dec 2005 12:44:42 +0100

Ricardo A. Reis wrote:
> Hi Sina,
>
>
>>A few comments:
>>
>>You mentioned 3000 machines, yet you are scanning a range of 65536 machines
>>because you are scanning an entire class B network
>
>
> Yes, you this correct
>
> The UNIFESP network topology exist many network segment's with subnet
> mask /24, but doesn't a continuum host's, this a problem caused by
> sub-net delegation.
> For samples is 172.16.[1-3,150-163].XXX, in the past i used a list
> provide per ettercap using arp-request function but this cause a problem
> with arp tables in old cabletron switches and cisco routers.
>

You know you can type

        nmap <scan-options> 172.16.1-3,150-163.1-254

right?

>
>
>>Also, you are doing a TCP scan and a UDP scan. You might want to simply do a
>>syn scan, as that is faster. The TCP scan will take forever and a day
>>unfortunately ... This is no fault of nmap, but it is due to the fact that
>>it has to do a three way handshake, and also remember that the firewalls
>>aren't helping things any, *smile*.
>
>
> You this correct again,
>
> i always use -sS with no windows hosts
>
>
>>I would recommend that you find a better way of narrowing down the machines
>>you have. For example, can you simply do a list scan of the machines on your
>>network and then grep/awk for the appropriate entries to place into a hosts
>>file which you can pass into nmap with -iL ...
>
>
> I use also -P0 per XP firewall block icmp, with this scan is more
> slowly.

When you're using -P0 you tell nmap to not send any ICMP pings. If it
*does* send those pings without getting a response the host will be
considered down and won't be scanned at all. OTOH, if you don't send
PING and scan 62000 hosts that just aren't there you'll end up sending a
minimum of 62000 * 65535 packets that won't ever get a response.
Needless to say, this is a big, fat waste of time. 

-- 
Andreas Ericsson                   andreas.ericsson_at_op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Dec 20 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos