…when you learn something new - share it. that everyone may benefit from your growth.
discovered this fun fact when i asked the internet for help in getting my nmap UDP scans to run faster.
Vanilla nmap UDP scan:
sudo nmap -sU target-ip
-sU: UDP scan
Fast:
sudo nmap -sU -T4 target-ip
or
sudo nmap -sU -T5 target-ip
-T: adjust timing, 0=slowest, 5=fastest (default=3). faster can miss ports
Faster:
sudo nmap -sU -T5 --max-retries max-tries target-ip
–max-retries max-tries: limits probe re-transmissions to max-tries
(not actually) Fasterer:
sudo nmap -Pn -sU -T5 --max-retries max-tries target-ip
-Pn: skip host discovery. I did not think I needed it, I was on the same network. Why would I bother checking to see if the host is up?
WRONG
bonsaiviking is an nmap dev and said:
“Remove -Pn. Seriously, it slows you way down because Nmap uses the host discovery phase to calibrate scan speeds. If it finds a good TCP probe that gets a response, it will use that to monitor network speed and responsiveness. Otherwise it has to use rate-limited ICMP responses.”
***https://twitter.com/escollapse/status/1244995094807265283
based on your nmap version, you can also (per bonsaiviking):
“If you’re willing to give up some accuracy and miss some open ports, you can use --defeat-icmp-ratelimit to really speed up UDP scans.”
o_O meow I see
fun reads:
https://www.stationx.net/nmap-cheat-sheet/
https://linux.die.net/man/1/nmap