On Thu, Oct 23, 2003 at 11:16:40AM -0500, Shawn Wallis wrote:
> I believe the default "bandwidth" setting is 10m for scanrand...
>
> By setting this back, you can easily match your link..
How do you know that the target link is ? How do you know if there is
not something else on the network using bandwidth on that link ?
My main gripe with scanrand is that it assumes the conditions are
perfect, like in a lab. If you want a moderately fast port scanner to
scan firewalled hosts, then use Nessus's synscan which computes the
time it takes for packets to go back and forth. As a result, if one link
on the way is too slow, you still get an accurate result.
> (On the other hand, I find nmap too slow by default when scanning a
> firewalled host, however -T5 really rocks.... I think it just takes a
> little tweaking to understand how your scanner performs best..)
Nmap is slow by default because it does not do any RTT computation and
it assumes that the worst may happen - like an avian carrier having
replaced your Gbps backbone. As a result, it's accurate.
-- Renaud
