Re: massping migration and you

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 30 Aug 2007 21:08:36 -0600 plus or minus some time David Fifield
<david () bamsoftware com> wrote:
> Which is all the more puzzling because I thought your --min-hostgroup
> option might be the source of the speed discrepancy. Just for the heck
> of it, can you try a scan using --min-parallelism 2048 instead?

This made an impressive difference:

Nmap finished: 186368 IP addresses (13174 hosts up) scanned in 1901.990
seconds Raw packets sent: 1630152 (65.206MB) | Rcvd: 41809 (2.022MB)

real    31m42.005s
user    0m6.297s
sys     0m25.964s


I've always been under the impression that --min-parallelism was only used
on a per-host basis so I thought setting it to anything above the number of
ports being probed per host was useless.  Clearly that isn't the case.

Say I normally scan a single host with --min-parallelism 128.  If I scan
two hosts at once can I safely set it to 256?  How fairly balanced between
hosts is this value?  If I'm scanning a /24 I may want this to scale into
the thousands.  At what point is Nmap/ultrascan() going to thrash?  Is
there a reasonable point of diminishing return?

Thanks for your help.  Let me know if there is anything else you'd like me
to try.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG15+sqaGPzAsl94IRAv9hAJ4s7ASXt1Q7Glg0Iv5R/9N6EdQhUwCfUkLb
cWNbk7sqY2TiS9eD5vvMt3Q=
=kRQg
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org