Nmap scans can be broken in phases. When we are working with many hosts, we can save up time by skipping tests or phases that return information we don't need or that we already have. By carefully selecting our scan flags, we can significantly improve the performance of our scans.
This recipe explains the process that takes place behind the curtains when scanning, and how to skip certain phases to speed up scans.
- To perform a full port scan with the timing template set to aggressive, and without the reverse DNS resolution (
-n
) or ping (-Pn
), use the following command:
# nmap -T4 -n -Pn -p- 74.207.244.221
- Note the scanning time at the end of the report:
Nmap scan report for 74.207.244.221 Host is up (0.11s latency). Not shown: 65532 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 9929/tcpopen nping-echo Nmap done: 1 IP address (1 host up) scanned in 60.84 seconds
- Now, compare the running...