mailing list archives
Long disjointed list of ports causing performance drop??
From: Steve <il_dharmabum () yahoo com>
Date: Tue, 24 Jan 2006 13:10:17 -0800 (PST)
I am using nmap in a phased manner to perform vulnerability testing on large networks for my clients. I'm currently
utilizing 5 phases as follows:
1 - pings
2 - No pings & 9 most common ports
3 - No pings and 48 next most common ports
4 - Remainder of nmap default port list and no pings
5 - Remainder of all 65535 ports
I run phase 4 & 5 with -T Aggressive and -sS to ease the impact on my customers' servers and still get the work done
in a reasonable time.
I also use a list of IP's as input with the -iL so I can parse the output and determine what had found ports vs not
as I roll through.
Since the port list for 4 & 5 is fairly disjointed (e.g 1-5,7-9,11,13,etc), it takes up a lot of space on the command
It seems that phase 5 takes a considerable amount of memory if I don't use the max_hostgroup and -sT to throttle
1. How is a large list of discontinuous ports handled by nmap vs a singe continuous list (1-1024)? Could the first
condition cause a larger memory requirement?
2. Is there a difference in memory requirements if I use a list of IP's, one per line, vs a specific sequence
3. Could the large list of ports require more memory as I work my way through a relatively long list of IP's?
Thanks and keep up the great work!
Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.
Sent through the nmap-dev mailing list
- Long disjointed list of ports causing performance drop?? Steve (Jan 24)