Speeding Up NMAP UDP Scans

…when you learn something new - share it. that everyone may benefit from your growth.

discovered this fun fact when i asked the internet for help in getting my nmap UDP scans to run faster.

Vanilla nmap UDP scan:
sudo nmap -sU target-ip

-sU: UDP scan

sudo nmap -sU -T4 target-ip
sudo nmap -sU -T5 target-ip

-T: adjust timing, 0=slowest, 5=fastest (default=3). faster can miss ports

sudo nmap -sU -T5 --max-retries max-tries target-ip

–max-retries max-tries: limits probe re-transmissions to max-tries

(not actually) Fasterer:
sudo nmap -Pn -sU -T5 --max-retries max-tries target-ip

-Pn: skip host discovery. I did not think I needed it, I was on the same network. Why would I bother checking to see if the host is up?


bonsaiviking is an nmap dev and said:
“Remove -Pn. Seriously, it slows you way down because Nmap uses the host discovery phase to calibrate scan speeds. If it finds a good TCP probe that gets a response, it will use that to monitor network speed and responsiveness. Otherwise it has to use rate-limited ICMP responses.”

based on your nmap version, you can also (per bonsaiviking):
“If you’re willing to give up some accuracy and miss some open ports, you can use --defeat-icmp-ratelimit to really speed up UDP scans.”

o_O meow I see

fun reads:

1 Like