Unfortunately, when dealing with large blocks of IP addresses—which is a very common occurrence if you're scanning a large enterprise, whether for internal security purposes or as a client engagement—it isn't uncommon to deal with stuck hosts.
When a host gets stuck, it means that something is stopping the scan from completing at a normal rate. This could be caused by something benign such as a network hiccup on either end of the connection, or something more intentional such as a security software that is intentionally making the target host respond very slowly or inconsistently—effectively breaking the scan.
For the purposes of demonstration, I am going to start a ping agnostic (-Pn
) scan against a host that doesn't exist on my network. There's no way you can get results from it, but it can still take a very long time to scan.
You can see in the preceding screenshot that it took 1,051 seconds—or seventeen minutes—to scan this non-existent host. Nmap did the best it...