From the nmap man page:
Unfortunately UDP scanning is sometimes painfully slow since most hosts implement a suggestion in RFC 1812 (section 4.3.2.8) of limiting the ICMP error message rate. For example, the Linux kernel (in net/ipv4/icmp.h) limits destination unreachable mes- sage generation to 80 per 4 seconds, with a 1/4 second penalty if that is exceeded. Solaris has much more strict limits (about 2 messages per second) and thus takes even longer to scan. nmap detects this rate limiting and slows down accordingly, rather than flood the network with useless packets that will be ignored by the target machine.
As is typical, Microsoft ignored the suggestion of the RFC and does not seem to do any rate limiting at all on Win95 and NT machines. Thus we can scan all 65K ports of a Windows machine very quickly. Woop!
Norberto BENSA wrote:
Hello,
I have a question not directly related to Gentoo, but Linux in general. When I do 'nmap -sU host,' and host is a Windows box, I get a quick reply. But, if host is a Linux box, scanning the same 1600 UDP ports takes up to 25min. Why?
BTW, I'm port scanning my own home network.
Thanks, Norberto
-- [EMAIL PROTECTED] mailing list
