I believe the default "bandwidth" setting is 10m for scanrand... By setting this back, you can easily match your link..
Another suggestion I would suggest, if you execute scanrand, and keep checking the same ports open ports, then some closed ports, then the same open ports, (like 139,90-100,139,90-100,139,90-100,139) you can actually see the time increasing between scans. I used this method while adjusting my bandwidth variable until I found a happy spot... (On the other hand, I find nmap too slow by default when scanning a firewalled host, however -T5 really rocks.... I think it just takes a little tweaking to understand how your scanner performs best..) - Shawn On Thu, 23 Oct 2003, Renaud Deraison wrote: > On Thu, Oct 23, 2003 at 06:04:35PM +0200, ONeill Jack wrote: > > Hello, > > > > scanrand is a scanner like nmap, but it seems to be > > very fast. So it may be interesting to include it in > > Nessus, doesn't it ? > > (Warning: last time I tried scanrand was when it was first advertised on > slashdot, so it may have changed since then). > > Last time I tried it, it lost too many packets. The trick to have two > processes, one for sending packets and another for receiving them using > pcap does not gain anything - you can do the same in one process with > setitimer() and setjmp()/longjmp(). Since scanrand tries to push as many > packets as possible on the network interface, some of them eventually > get dropped - try it by yourself : install services on ports > 5,50,500,5000 and 50000. Watch the first being discovered because the > link is not saturated yet, and watch the high ports not being > discovered because the link it totally saturated. > > And finally, scanrand does not play well with the architecture of Nessus > - I would HATE to spawn tons of scanrand processes, each one trying to > use all the bandidth on my network card. > > > > > -- Renaud >
