[rps-include post=6632]

Performance is important part of the scan. Nmap developers always looks for optimized and adjustable performance options. Adjustable scan performance is important because scanning big networks will require a lot of time to complete job. As a security analyzer or pentester time is important for us.

Set Host Group Count

Nmap have the ability to scan multiple hosts in parallel. This is done by dividing target to the groups. With this option the group sizes can be defined.

$ nmap --min-hostgroup 128 192.168.122.0/24

Parallel Host Probe

As we see previous chapters probes works after general scan. As it specified in scan probes can be done in parallel and the limit of the parallel probes can be defined like below.

$ nmap --min-parallelism 64 192.168.122.0/24

Set Probe Timeout

Probe operation will create some load in target hosts. Loaded target hosts can answer lately and timeout errors can be generated. This option gives the ability to set timeouts according to our situation.

$ nmap --host-timeout 1 192.168.122.0/24

Set Max Retries

On the load systems will not give response and nmap try again the probe. We call this as retry. It can be set the count of retry for nmap.

$ nmap --max-retries 1 192.168.122.0/24

Set Minimum Rate

Nmap’s dynamic timing does a good job of finding an appropriate speed at which to scan. Sometimes, however, you may happen to know an appropriate scanning rate for a network. Here how can we specify rate

$ nmap --min-rate 1000 192.168.122.0/24

Set Maximum Rate

Same as above but sets maximum rate

$ nmap --max-rate 1000 192.168.122.0/24

Set General Scan Rate

Up to now we have looked various options for optimization like re-transmission, rate etc. There are some pre-configured levels for nmap. These levels are between 1 and 5 . 1 is the slowest an called paranoid because detecting this scan with security gear is very hard. Here are levels

paranoid 1
sneaky 2
polite 3 which is default profile
normal 4
insane 5

$ nmap -T 5 192.168.122.0/24