Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: massping issue
From: Justin Azoff <JAzoff () uamail albany edu>
Date: Mon, 06 Apr 2009 13:39:06 -0400

David Fifield wrote:
On Thu, Apr 02, 2009 at 09:06:50AM -0400, Justin Azoff wrote:
Hi, since upgrading from debian etch nmap to debian lenny nmap (4.11 to
4.62) I noticed that a script that runs a ping scan across our /16
stopped finding 90% of the hosts.

Thanks for your detailed report. I don't think --host-timeout is what
you want here. You want --max-rtt-timeout instead. --host-timeout is an
absolute start-to-finish limit on total time taken for each host.
Because 4096 hosts are scanned in parallel during ping scan, you are
only allowing 2 seconds to scan all 4096 of them.

That makes sense..

The reason you got more hosts with 4.11 is that massping didn't respect
--host-timeout in that version. The option simply didn't have an effect
during ping scans. Now host are allowed to time out during ping scans,
and two seconds

ah, so it's been using the default timeouts all this time and I never
noticed :-)

So try using --max-rtt-timeout instead. Host timeouts are usually
specified in at least minutes, and RTT timeouts are usually in
milliseconds.

David Fifield

Yep, that fixed things right up.  I usually use --max-rtt-timeout for
port scans, ping sweeps were the only place I was still using
--host-timeout.


-- 
-- Justin Azoff
-- Network Performance Analyst

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]