I don't think bandwidth usage for a Nessus can be reliably estimated. Nmap and Nessus are both adaptive, and will generate quite different traffic patterns based on the situation. Nmap itself is extremely sensitive to timing, and will radically alter the number of SYNs sent against any given port based on how quickly the target is (or is not) responding.
My experience has been that the real traffic hog is Nmap. If you are in a situation where you must manage the traffic levels generated by Nessus activity, I recommend applying timing rules to Nmap via the nmap control interface in the Nessus client. I'm not sure where the version cutoff on this feature is, but in 1.09, the Nmap general timing policy (1-5) rules were available. In 1.14, all of Nmap's timing options can be configured in the client (Thanks!). At 07:19 PM 4/3/2002 -0500, Matthew X. Economou wrote: > >>>>> "Marc" == Marc Bown <[EMAIL PROTECTED]> writes: > > Marc> Does anyone have any information (possibly their own stats) > Marc> as to how much data each scan will chew through? I know > Marc> this is a tricky question because every scan is quite > Marc> unique, but an average scan on a host with a web and mail > Marc> server without the kb saving features on. > >I did a Nessus scan of 5 computers over a PPTP link. The scan had >safe checks disabled, DoS and dangerous attacks enabled, and port scan >of 1-65535 (SYN, UDP, RPC). The scan took approximately a half hour >and transmitted approximately 75 megabytes of traffic, according to >RRAS. > >If I recall correctly. ^.^ Those particular scans were way back when >in January. > >-- >Matthew X. Economou <[EMAIL PROTECTED]> - Unsafe at any clock speed! >"We're born with a number of powerful instincts, which are found across all > cultures. Chief amongst these are a dislike of snakes, a fear of falling, > and a hatred of popup windows." --Vlatko Juric-Kokic
