On Thu, Oct 23, 2003 at 06:04:35PM +0200, ONeill Jack wrote:
> Hello,
>
> scanrand is a scanner like nmap, but it seems to be
> very fast. So it may be interesting to include it in
> Nessus, doesn't it ?
(Warning: last time I tried scanrand was when it was first advertised on
slashdot, so it may have changed since then).
Last time I tried it, it lost too many packets. The trick to have two
processes, one for sending packets and another for receiving them using
pcap does not gain anything - you can do the same in one process with
setitimer() and setjmp()/longjmp(). Since scanrand tries to push as many
packets as possible on the network interface, some of them eventually
get dropped - try it by yourself : install services on ports
5,50,500,5000 and 50000. Watch the first being discovered because the
link is not saturated yet, and watch the high ports not being
discovered because the link it totally saturated.
And finally, scanrand does not play well with the architecture of Nessus
- I would HATE to spawn tons of scanrand processes, each one trying to
use all the bandidth on my network card.
-- Renaud
