27 June 2009

Fast scanning a Class B

I'm looking to optimize a scan of a class B network. I do not need DNS resolution (-n) and I am only looking for one open port per IP address. The current ranges are overseas (although not always) thus the high max-rtt-timeout (1000). Also, I'm more concerned with speed than accuracy; in other words I'd rather get the scans done faster at the expense of maybe missing something (thus max-retries at one) Here is my command thus far:
nmap -v -sS -PN -n -p# -oN ###-###.txt --max-rtt-timeout 1000 --max-retries 1 ###.###.0.0/16

This takes roughly 90-100 minutes per class B. Recommendations?
Post a Comment