Date: Thu, 11 Feb 1999 22:33:47 -0500 (EST) From: Fyodor <fyodor@dhp.com> To: freebsd-chat@FreeBSD.ORG Cc: scrappy@hub.org, nmap-hackers@insecure.org Subject: Re: An Operating Systems Survey, of sorts... Message-ID: <Pine.LNX.4.04.9902112201410.32490-100000@shell.dhp.com>
next in thread | raw e-mail | index | archive | help
on Thu, 11 Feb 1999 in freebsd-chat, The Hermit Hacker wrote: > I reduced nmap-services down to about 10 or so of the "core" ones...the > results are much cleaner, and, appear to be, more accurate, then using > QueSO...but its one helluva lot slower... You should be able to get it going much faster than Queso, but you need to use the right arguments to suit what you are trying to do. Here is the approximate command line I would suggest: nmap -i <iplist> -m output_file -n -O -sS -p21,22,23,25,80,139 The first part (-i iplist) is crucial. Nmap starts up in a very slow, conservative mode just in case the user is scanning some host on another continent while using a 300 baud modem which shares bandwidth with a major porn server. If you give nmap a big list with -i, it will use previous tests to benchmark your network performance and should quickly speed up. If you run a separate execution of nmap for each IP, you will always be in the initial slow mode. Using a list of IPs rather than hostnames is preferable so that nmap doesn't have to resolve them (not a big deal). The -n argument tells nmap not to reverse-resolve the hosts you give it. For your purposes, there is no point in wasting time doing this. The -sS (SYN scan) should be fast enough and is more courteous since most sytems won't waste disk space logging it :). -sT might be a little faster in some cases. The -p argument is very important since by default nmap scans more than 2000 common ports. You said you trimmed nmap-services. This should work fine * as long as you use -F *. Otherwise nmap will still scan ports 1-1024. Using a few more ports than I have up there won't hurt you much (they are done in parallel). But scanning thousands of ports will cost you. These options should give you plenty of performance, but if you need more you can reduce the number of retries nmap performs on unrecognized hosts (in osscan.c) and perhaps reduce the PING_TIMEOUT in nmap.h. Then recompile. Cheers, Fyodor -- Fyodor 'finger pgp@www.insecure.org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ "Girls are different from hacking. You can't just brute force them if all else fails." --SKiMo, quoted in _Underground_ (good book) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.04.9902112201410.32490-100000>