Hello,
I've noticed that nmap is rather slow when scanning with -sS
in contrast to -sT and also to -sS in Linux.
With a clean 5.2 install and pf disabled, running a scan of
this type takes 329.10s while for the same host but with instead
-sT is 0.46s!
I did some debugging and found that the "overall sending rates" in
the -sS are much lower than in -sT, 3.39 packets/s versus 3283.79 packets/s.
This rate is automatically adjusted by nmap itself although I can
specify "--min-rate" which I've noticed that helps the -sS scan.
Here's some output from the debugging with just two ports:
### -sS Scan
# sudo nmap -n -d --packet-trace -sS 192.168.1.1 | egrep -C1 "(rates|scanned)"
Completed ARP Ping Scan at 18:47, 0.21s elapsed (1 total hosts)
Overall sending rates: 9.49 packets / s, 398.75 bytes / s.
Initiating SYN Stealth Scan at 18:47
--
Completed SYN Stealth Scan at 18:53, 326.76s elapsed (1000 total ports)
Overall sending rates: 3.39 packets / s, 149.33 bytes / s.
Nmap scan report for 192.168.1.1
--
Read from /usr/local/share/nmap: nmap-mac-prefixes nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 327.10 seconds
Raw packets sent: 1111 (48.852KB) | Rcvd: 1109 (44.384KB)
### -sT Scan
# sudo nmap -n -d --packet-trace -sT 192.168.1.1 | egrep -C1 "(rates|scanned)"
Completed ARP Ping Scan at 18:47, 0.20s elapsed (1 total hosts)
Overall sending rates: 9.74 packets / s, 409.24 bytes / s.
Initiating Connect Scan at 18:47
--
Completed Connect Scan at 18:47, 0.30s elapsed (1000 total ports)
Overall sending rates: 3283.79 packets / s.
Nmap scan report for 192.168.1.1
--
Read from /usr/local/share/nmap: nmap-mac-prefixes nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds
Raw packets sent: 2 (56B) | Rcvd: 1 (28B)
Any feedback is welcome. Thanks.
cheers,
--rodolfo
