> > When I execute the session, it still begins a 'connect()' > > scan, which is EXTREMELY slow! > > AFAIK, "connect scan" is quicker than "SYN scan" -- unless you play > with the timing options maybe?!
I was under the impression that SYN scans would be faster because they don't complete the handshake, but then again I think they send a RST so it may take about the same time. > How do you know that it starts a connect scan? Does 1. "ps" show you > "nmap -sT ..." running or 2. did you read the nessus.messages log? > If (2), it might be that Nessus is starting the "nmap TCP connect" > plugin, which is a standalone C plugin (taken from nmap source code). I am just going by what shows in the NessusWX scan status window. "ps" doesn't even show nmap running, just multiple instances of nessusd. You are probably right, it may just be showing the name of the plugin as "tcp connect() scan" even though it's doing a SYN scan. I suppose I could run tcpdump on the server and watch what it's doing, but I think I'll just let it run to completion and see what the results are. I had killed it after several hours because it didn't appear to be doing what I wanted. Thanks. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
