Kevin Mc Grath wrote:
I have completed a udp scan on an embedded device in the lab and the
scan duration was 18.22 hours.
The scan syntax used is as follows:
nmap -sU -p0-65535 <ip_addr>
Should a UDP scan take such a long time? Could the scan time relate to
some problem with the device?
If you don't get any negative response (such as the various ICMP unreachables)
from the device, it will largely be a question of timeouts and retransmissions.
Factor
in the number of UDP ports probed in parallel, and the general speed of the
network
connection, and you should be able to say if 18 hours is in the ballpark
or not.
Read and consider:
http://insecure.org/nmap/man/man-port-scanning-techniques.html
http://insecure.org/nmap/man/man-performance.html
Note that nmap adjusts the number of concurrent probes based on its
performance.
You may have to force its lower limit (--min_parallelism) to something larger
than 1.
Note also the default value of --max_retries, which is rather conservative for
reasonably fast devices on a lightly-loaded local LAN.
Check the http://insecure.org/nmap/docs.html for more useful documents. The
Nmap book
will probably be the definitive reference on Nmap ... if and when it is
published.
--
Anders Thulin anders.thulin@sentor.se 070-757 36 10
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
