mailing list archives
Re: SYN-scan and TCP-connect scan time difference.
From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 23 Jan 2014 12:00:51 -0600
On 01/23/2014 10:33 AM, Anton Konvalyuk wrote:
I was scanning a large network (/18). I've noticed strange occasion. When I use 'sudo nmap --open -T4 -F -oX report xxx.xxx.xxx.xxx/18',
scanning lasts for more than 2 hours. But if I use 'nmap --open -T4 -F -oX report xxx.xxx.xxx.xxx/18' it takes approximately 2 minutes. And no
big difference when using '-n' option.
Could you tell what the reason is? The only information I've found is http://seclists.org/nmap-dev/2006/q1/370. So why
is TCP-connect faster than SYN-scan? And why is the difference really big?
Nmap version: 6.00
OS: Debian 6.0 x86_64
I am surprised that you are finishing a /18 scan in 2 minutes, no matter
what options you choose. Have you compared the results to be sure that
you are not losing data? Against a large network without many hosts, the
host discovery phase would possibly be the source of delay. With root
privilege, Nmap sends 4 probes to determine whether a host is alive, but
only 2 probes without privileges. Have a look at the <taskbegin> and
<taskend> elements in the XML output to see how long each phase of the
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/