How long does nmap take

Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Does ES6 make JavaScript frameworks obsolete? Podcast Do polyglots have an edge when it comes to mastering programming Featured on Meta.

Now live: A fully responsive profile. Linked 0. Related 5. Hot Network Questions. Question feed. Accept all cookies Customize settings. What kind of network speed do you have? Any of these can impact total scan times. You are performing a lot of work. The -p- option means to scan TCP ports. Depending on network conditions and host behavior, this can be a significant amount of traffic.

I only want scan 1 ip , thats why i didnt use -Pn and the ip is from my laptop and is right next to me. T that's 6 seconds per ping packet?? You have a massive networking problem. WElcome to S. The Overflow Blog. Does ES6 make JavaScript frameworks obsolete? Podcast Do polyglots have an edge when it comes to mastering programming Featured on Meta. Now live: A fully responsive profile. If the estimate is within your timeframe, you can schedule something else to do while it proceeds.

That beats checking whether Nmap is done every 20 minutes. An estimate showing that Nmap won't finish on time is even more valuable. You can immediately work on optimizing the scan or lengthening the engagement. Your options are much more limited if you only determine the scan is too slow after the deadline passes and Nmap is still running.

Coping Strategies for Long Scans Chapter 6. Optimizing Nmap Performance. The --min-rate and --max-rate options are designed for these situations. When the --min-rate option is given Nmap will do its best to send packets as fast as or faster than the given rate.

The argument is a positive real number representing a packet rate in packets per second. For example, specifying --min-rate means that Nmap will try to keep the sending rate at or above packets per second.

Specifying a minimum rate does not keep Nmap from going faster if conditions warrant. Likewise, --max-rate limits a scan's sending rate to a given maximum. Use --max-rate , for example, to limit sending to packets per second on a fast network. Use --max-rate 0. Use --min-rate and --max-rate together to keep the rate inside a certain range. These two options are global, affecting an entire scan, not individual hosts.

They only affect port scans and host discovery scans. Other features like OS detection implement their own timing. There are two conditions when the actual scanning rate may fall below the requested minimum. The first is if the minimum is faster than the fastest rate at which Nmap can send, which is dependent on hardware.

In this case Nmap will simply send packets as fast as possible, but be aware that such high rates are likely to cause a loss of accuracy. The second case is when Nmap has nothing to send, for example at the end of a scan when the last probes have been sent and Nmap is waiting for them to time out or be responded to.

It's normal to see the scanning rate drop at the end of a scan or in between hostgroups. The sending rate may temporarily exceed the maximum to make up for unpredictable delays, but on average the rate will stay at or below the maximum. Specifying a minimum rate should be done with care. Scanning faster than a network can support may lead to a loss of accuracy. In some cases, using a faster rate can make a scan take longer than it would with a slower rate.

This is because Nmap's adaptive retransmission algorithms will detect the network congestion caused by an excessive scanning rate and increase the number of retransmissions in order to improve accuracy. So even though packets are sent at a higher rate, more packets are sent overall. Cap the number of retransmissions with the --max-retries option if you need to set an upper limit on total scan time. Many hosts have long used rate limiting to reduce the number of ICMP error messages such as port-unreachable errors they send.

Some systems now apply similar rate limits to the RST reset packets they generate. This can slow Nmap down dramatically as it adjusts its timing to reflect those rate limits. You can tell Nmap to ignore those rate limits for port scans such as SYN scan which don't treat non-responsive ports as open by specifying --defeat-rst-ratelimit.

Using this option can reduce accuracy, as some ports will appear non-responsive because Nmap didn't wait long enough for a rate-limited RST response. With a SYN scan, the non-response results in the port being labeled filtered rather than the closed state we see when RST packets are received.

This option is useful when you only care about open ports, and distinguishing between closed and filtered ports isn't worth the extra time. Similar to --defeat-rst-ratelimit , the --defeat-icmp-ratelimit option trades accuracy for speed, increasing UDP scanning speed against hosts that rate-limit ICMP error messages.

Because this option causes Nmap to not delay in order to receive the port unreachable messages, a non-responsive port will be labeled closed filtered instead of the default open filtered. This has the effect of only treating ports which actually respond via UDP as open. Since many UDP services do not respond in this way, the chance for inaccuracy is greater with this option than with --defeat-rst-ratelimit.

Enforce use of a given nsock IO multiplexing engine. Only the select 2 -based fallback engine is guaranteed to be available on your system. Engines are named after the name of the IO management facility they leverage. Engines currently implemented are epoll , kqueue , poll , and select , but not all will be present on any platform.

By default, Nmap will use the "best" engine, i. Use nmap -V to see which engines are supported on your platform. While the fine-grained timing controls discussed in the previous section are powerful and effective, some people find them confusing.