Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Suspect that --host-timeout is not working in 4.50?

Re: Suspect that --host-timeout is not working in 4.50?

From: jah <jah_at_zadkiel.plus.com>
Date: Fri, 14 Dec 2007 22:42:21 +0000

On 14/12/2007 20:52, Randolph Reitz wrote:
> Hi,
>
> I have installed nmap 4.50 on the scanner farm here at Fermilab and
> I've noticed that some nmap scans are running a long time. For
> example ...
>
> scanner 5311 31009 0 12:17 ? 00:00:00 /bin/bash ./bin/
> run_nmap.sh --pro -d 1 -sS -p 1-65535 -A 131.225.232.A 131.225.232.B
> 131.225.232.C 131.225.232.D
> root 5319 5311 2 12:17 ? 00:03:10 /usr/local/bin/nmap -
> sS -p 1-65535 -P0 -T4 --osscan-limit --osscan-guess --host-timeout 15m
> -A -oX - 131.225.232.D
>
> It's now
> date
> Fri Dec 14 14:47:47 CST 2007
>
> The nmap started at 12:17 and has collected 3 minutes of CPU so far.
> The host_timeout is set for 15 minutes. So far, I've collected
> hundreds of examples of long-running nmap scans. However, I've
> noticed that nmap 4.50 is much faster than 4.2.
>
> Does anyone else have a problem with --host-timeout?
Hello Randolph,

I don't seem to be having any problems with --host-timeout, may I
propose a quick test...

Perform a simple test scan against a couple of hosts with the aim of
finding a host/scan combination that takes at least 2 seconds, but as
short as possible (this is supposed to be a quick test). An example
might be:

    nmap -d -sU -p1-5000 <target>

When you have a total scan time that suits, add the lowest permissible
host-timeout (1501ms):

    nmap -d -sU -p1-5000 --host-timeout 1501 <target>

if host-timeout is working properly, you should see something like:

    ...
    Completed ARP Ping Scan at 22:35, 0.05s elapsed (1 total hosts)
    ...
    <target> timed out during UDP Scan (0 hosts left)
    Completed UDP Scan at 22:35, 1.46s elapsed (1 host timed out)
    Host <target> appears to be up ... good.
    Skipping host <target> due to host timeout
    ...

If that's a success, you could start building up the scan paramaters
again and hopefully determine what's gone wrong.

Hope that helps a bit,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 14 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]