Nmap Developmentmailing list archives
Good nmap timeout values for port scans of filtering hosts on local LAN
From: Alek Komarnitsky <alek () komar org>
Date: Mon, 6 Aug 2001 10:31:22 -0600
[I Emailed this out earlier, but never saw it show up on Email or archives]Nmap'ers,I hope this is a "dumb" question with an easy answer thatfor some reason I can't figure out.I've been using nmap to do nightly scans of the hosts on a LAN andthen generating diff outputs - kinda a poor-man's network tripwire! ;-)However, after installing Linux7.1, nmap goes into "spin mode" on these ... since they are not returning "port closed" to the port scan, but simply dropping the packets (filtering is a good thing!) ... so nmap has to wait some sort of timeout period before making sure nothing came back.I thought this would be easy to fix ... simply crank down max_rtt_timeout;especially since all the machines are on the local LAN. However, setting this to 50 (milli-seconds) rather than the default 9000didn't show any wall-time difference on a scan of 100 ports. If I setthis to 5, nmap returned in a second or two ... but the results werequite variable and consistantly wrong on a few random ports.So ... is there some sort of timeout parameters that would allow meto continue my periodic port scans of a LAN connected (same subnet even,so no routers) Liunx7.1 in a reasonable time, yet provide correctand consistant results for these machines doing filtering?BTW, no need to be stealthy here ... it's my network. And I'm using a "fresh" download/compile of nmap2.54BETA27 on a Linux6.2 box. Thanx,alekP.S. I too had read Steve's Gibson's "raw sockets in Windoze XPwill be the end of the world" writeup ... I gotta agree withFyodor and others that he's a crackup.However, it IS entertaining reading; I especially like the "nano-probes" (sounds sooo cool!) and quite frankly, am I the only one who thinkshe just made up the whole online chat with "Wicked" and "Boss" ...the crackers who keeping telling Steve how smart he is?!? ;-)---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Good nmap timeout values for port scans of filtering hosts on local LANAlek Komarnitsky (Aug 06)
- <Possible follow-ups>
- Re: Good nmap timeout values for port scans of filtering hosts on local LANAlek O. Komarnitsky (N-CSC) (Aug 16)