Timing and Performance

One of my highest Nmap development priorities has always been performance. Techniques for improving scan times include omitting non-critical tests, and upgrading to the latest version of Nmap. Optimizing timing parameters can also make a substantial difference.

Host Group Sizes

Nmap has the ability to port scan or version scan multiple hosts in parallel. When a maximum group size is specified withhostgroup :min, Nmap will never exceed that size. Specify a minimum size with hostgroup :max and Nmap will try to keep group sizes above that level.

Nmapr.scan :cmd do
  hostgroup :min, 3
  # and
  hostgroup :max, 1
end

Parallelism

Adjust probe parallelization to control the total number of probes that may be outstanding for a host group.

Nmapr.scan :cmd do
  parallelism :min, 3
  # and
  parallelism :max, 3
end

Round Trip Timeout

Nmap maintains a running timeout value for determining how long it will wait for a probe response before giving up or retransmitting the probe. This is calculated based on the response times of previous probes.

Nmapr.scan :cmd do
  round_trip_timeout :min, 3
  # and
  round_trip_timeout :max, 7
end

Scan Delay

This option causes Nmap to wait at least the given amount of time between each probe it sends to a given host.

Nmapr.scan :cmd do
  delay :min, 2
  # and
  delay :max, 4
end

Rate

Nmap's dynamic timing does a good job of finding an appropriate speed at which to scan. Sometimes, however, you may happen to know an appropriate scanning rate for a network, or you may have to guarantee that a scan will be finished by a certain time.

Nmapr.scan :cmd do
  rate :min, 3
  # and
  rate :max, 10
end

Host Timeout

Some hosts simply take a long time to scan. This may be due to poorly performing or unreliable networking hardware or software, packet rate limiting, or a restrictive firewall. The slowest few percent of the scanned hosts can eat up a majority of the scan time. Sometimes it is best to cut your losses and skip those hosts initially.

Nmapr.scan :cmd do
  host_timeout 30
end

Script Timeout

Some scripts take a long time before they complete their execution, this can happen due to many reasons maybe some bug in script, delay in the network or nature of the script itself. If you want to keep some limit on time for which script should run then you need to specify script_timeout with the maximum amount of time for which script should be run.

Nmapr.scan :cmd do
  script_timeout 30
end

Retries

Specify the maximum number of port scan probe retransmissions.

Nmapr.scan :cmd do
  retries 2
end

results matching ""

    No results matching ""