I think the answer is no. We had new quad dual core opteron systems w/16GB
of RAM (~$35k each) running 8 unique nmap processes, with the following
options:
We were scanning a /16, but broke the nmaps down on /24 blocks. All the
parallel nmap "services" scans (1668 ports) worked fine (~40 hours to
complete the /16 using options above).
When doing a 65k TCP port scan, the systems start off fast but quickly slow
down. Each nmap became very memory hungry (consuming 1.2Gbytes per
process). After 30+ hours or so, we were only pushing ~550 packets/s.
These systems are running SuSE Linux Enterprise Server 9 (x86_64); all
defaults and running nmap version 3.93.
I think the alternatives are better for large port scanning efforts (unicorn
or scanrand), unless you are simply performing a services scan or something
comparable.
-Tate
Tate Hansen
ClearNet Security
-----Original Message-----
From: Trent (at) yahoo.co (dot) uk [email concealed] [mailto:Trent (at) yahoo.co (dot) uk [email concealed]]
Sent: Thursday, November 10, 2005 12:13 PM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Nmap scanning speed
I have to scan a large network. is it possible to get good port scanning
speed of over 700 ports per second from nmap?
if so what is the kind of hardware required? hsa
thank you in advance
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
of RAM (~$35k each) running 8 unique nmap processes, with the following
options:
/usr/local/bin/nmap -vv -sS -P0 -p 1-65535 -n --min_hostgroup 100
--max_rtt_timeout 1250 --min_parallelism 100 <a_/24_block>
We were scanning a /16, but broke the nmaps down on /24 blocks. All the
parallel nmap "services" scans (1668 ports) worked fine (~40 hours to
complete the /16 using options above).
When doing a 65k TCP port scan, the systems start off fast but quickly slow
down. Each nmap became very memory hungry (consuming 1.2Gbytes per
process). After 30+ hours or so, we were only pushing ~550 packets/s.
These systems are running SuSE Linux Enterprise Server 9 (x86_64); all
defaults and running nmap version 3.93.
I think the alternatives are better for large port scanning efforts (unicorn
or scanrand), unless you are simply performing a services scan or something
comparable.
-Tate
Tate Hansen
ClearNet Security
-----Original Message-----
From: Trent (at) yahoo.co (dot) uk [email concealed] [mailto:Trent (at) yahoo.co (dot) uk [email concealed]]
Sent: Thursday, November 10, 2005 12:13 PM
To: pen-test (at) securityfocus (dot) com [email concealed]
Subject: Nmap scanning speed
I have to scan a large network. is it possible to get good port scanning
speed of over 700 ports per second from nmap?
if so what is the kind of hardware required? hsa
thank you in advance
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
[ reply ]