Performance is important part of the scan. Nmap developers always looks for optimized and adjustable performance options. Adjustable scan performance is important because scanning big networks will require a lot of time to complete job. As a security analyzer or pentester time is important for us.
Set Host Group Count
Nmap have the ability to scan multiple hosts in parallel. This is done by dividing target to the groups. With this option the group sizes can be defined.
$ nmap --min-hostgroup 128 192.168.122.0/24
Parallel Host Probe
As we see previous chapters probes works after general scan. As it specified in scan probes can be done in parallel and the limit of the parallel probes can be defined like below.
$ nmap --min-parallelism 64 192.168.122.0/24
Set Probe Timeout
Probe operation will create some load in target hosts. Loaded target hosts can answer lately and timeout errors can be generated. This option gives the ability to set timeouts according to our situation.
$ nmap --host-timeout 1 192.168.122.0/24
Set Max Retries
On the load systems will not give response and nmap try again the probe. We call this as retry. It can be set the count of retry for nmap.
$ nmap --max-retries 1 192.168.122.0/24
Set Minimum Rate
Nmap’s dynamic timing does a good job of finding an appropriate speed at which to scan. Sometimes, however, you may happen to know an appropriate scanning rate for a network. Here how can we specify rate
$ nmap --min-rate 1000 192.168.122.0/24
Set Maximum Rate
Same as above but sets maximum rate
$ nmap --max-rate 1000 192.168.122.0/24
Set General Scan Rate
Up to now we have looked various options for optimization like re-transmission, rate etc. There are some pre-configured levels for nmap. These levels are between 1 and 5 . 1 is the slowest an called paranoid because detecting this scan with security gear is very hard. Here are levels
- paranoid 1
- sneaky 2
- polite 3 which is default profile
- normal 4
- insane 5
$ nmap -T 5 192.168.122.0/24