NMAP

Course
Time
6 hours 31 minutes
Difficulty
Beginner
CEU/CPE
7

Video Transcription

00:00
The simplest way to adjust the performance of end map is by using timing templates.
00:05
They're extremely easy to remember and to apply to your scans
00:08
on this slide and on the one page cheat sheet I've provided with this course, I've written out what each timing template means and when you may consider using it.
00:17
And in many of the previous labs we've gone through, I've made on the fly adjustments to scans by specifying the timing template I wanted to use.
00:26
All you have to do is put a dash capital T followed by a number from 0 to 5.
00:32
The lower the number, the slower the scan, but also the more quiet it is, the higher the number, the faster the scan. But it is also more apt to being flagged by an intrusion detection system.
00:43
Also, when using these options, you really need to consider the speed of your scanning station, the speed of your target and the speed of the network between the two
00:52
setting. The timing template to T 5 may do little good if you and your target are on a 10 megabit per second network, have little processing power and are a continent apart or are using some method of anonymous ation.
01:07
T zero
01:08
is considered paranoid. Anti one is sneaky.
01:11
Both can be useful for I. D s evasion.
01:15
T two is polite and poses little risk, but may also be slow
01:21
t three as normal. If you're thinking about using this timing template, you might just consider not specifying a timing template at all because it is the default.
01:30
T four is aggressive and assumes you and your target are in a fast and reliable network,
01:34
and it runs the risk of being flagged by an i. D. S.
01:38
T five is called insane mode and assumes you and your target are in a very fast network. And because of several of its performance tuning options, it may provide a little less accurate scan results.
01:49
Options discussed next will give you a more fine grained timing on map scans, but are a little more difficult to remember and apply.
01:57
Sometimes they take so long to test for optimization that they defeat the purpose of performing scans within the time frame.
02:06
Timing templates are an easy way to remember and easy way to apply scans, and they can actually be used in conjunction with finer grain timing. The options. Just remember that the fine grain timing options will take precedence over the timing template, where both exists in a scan
02:23
When working with fine grained time and control options. The first thing you need to learn is the effect of each of the options. Secondarily, you need to learn about how time is interpreted by. And map,
02:35
in other words, is in map asking for milliseconds, seconds, minutes or hours. The truth is, it can accept any of those options as long as you a pen, the M s for milliseconds s for seconds, m for minutes or h for hours next to the number represented
02:51
representing the associated time.
02:53
Before I start explaining what each of these options does, I want to say that using the timing templates described in the previous slide or default and map scans gives and map the ability to dynamically adjust the values of these options.
03:07
So before you decide to make these tweaks on a really bigger critical scan, Blair around with them to make sure that the scan times and results are acceptable to you.
03:15
In some cases, default and map scans may perform better and give you more accurate results.
03:22
Let's run through each of these timing options
03:24
and remember, you can combine these in and maps can, and you can even combine them with timing templates. If you combine them with a timing template, the fine grain timing control will take precedence.
03:37
Keep in mind that I've placed each of these fine grain timing and performance options on the one page cheat sheet provided with this course, so you don't need to worry about memorizing them. And just unless you just want Thio
03:47
Dash Dash host Ash timeout Option is intended to give up on slow targets. In other words, some hosts may take a really long time to respond. For whatever reason,
03:58
Dash dash host timeout
04:00
simply tells and map to give up on a host. If it doesn't respond within a given time frame,
04:04
Dash Dash Men Max and initial dash rt T dash time out actually will adjust the timeout. Value of individual probes and map keeps track of the amount of time it is waiting for a probe response.
04:17
Adjusting these values will change the way and map determines went to retransmit probes. If you specify a low dash, dash initial dash, RT T dash, Time Out and Max are t t time out, you can speed up scans significantly.
04:32
Dash Dash Men and Max Dash Host Group Adjust and Maps ability to scan multiple hosts in parallel. Adjusting these values will set the number of hosts that, and Matt will scan simultaneously.
04:45
Similarly, dash Ash Men and Max Dash parallelism adjust and maps ability to send multiple probes to a group at the same time,
04:54
adjusting these values will help and map determine the number of probes that end. Map will send at the same time
05:00
dash as scan dash delay and dash dash max dash scan dash delay. Adjust the time delay between probes. In other words, it will cause and map to wait at least the given amount of time between each probe it sends out to a host.
05:15
Dash Dash Max Dash Re Tries sets the maximum number of port scan probe retransmissions.
05:20
Lowering this number will speed up scans but may lead to inaccuracies of scan results.
05:28
Dash Dash Men and Max Dash Rate
05:30
gives you the ability to directly control the scanning rate by default and map dynamically determines and adjust this raid,
05:38
the number represents the number of packets that and map will send per second. For example, if you set a Mendes rate of 300
05:46
and you're on a fast network and map may dynamically adjust the scanning rate up faster.
05:51
However,
05:54
if you specify a Max dash rate, it will never exceed that number of packets per second.
06:00
Okay, so it's really cool to learn about the granularity that fine grained time and control options offer for sure. But when I first started learning about in maps, timing options, I was like, Okay, so where do I start?
06:13
What I found extremely helpful was this end map provided table of default values for each timing template. If you're having performance issues and want to make some tweaks, I suggest that you set many of the options in this table to the value in the T three column.
06:28
Then start by making changes accordingly. Based on what you learned in the previous slide,
06:32
carefully consider your goal and think about what time for him you have available in your given scans.
06:38
This table gives you a good reference point for you to decide how fast you want your scans to run, given the performance and your machine,
06:46
your network and your target.
06:48
And you could decide, given your goal, how important accuracy is
06:53
in this lesson. We covered the following. First, I gave you an overview of en masse performance related issues. Next, we discussed some basic techniques to improve the performance of N map scans.
07:03
Then we talked about in maps built in timing templates, and finally we ran through some fine grain timing control options.
07:11
Thank you so much for walking through this lesson on in maps, timing and performance.

NMAP

The network mapper (NMAP) is one of the highest quality and powerful free network utilities in the cybersecurity professional's arsenal.

Instructed By

Instructor Profile Image
Rob Thurston
CIO at Integrated Machinery Solutions
Instructor