Shannon Morse covers several commands you can use in NMap to customize the timing of the program’s port scans.
Welcome to HakTip — the show where we breakdown concepts, tools and techniques for hackers, gurus and IT ninjas. I’m Shannon Morse and today we’re going to go over timing options in NMap. Last week we covered most of the timing options you can use in NMap and some of the basics about how NMap reads timestamps in your command. This week we’ll finish off customizing those timing options to fit your needs. First off this week, is the Packet TTL option. This will specify the Time-to-live (like living). Set your TTL option if you are on a slow connection, so packets don’t time out too quickly. My command would look like: nmap –ttl 500 10.73.31.45. You can also use a command like this: nmap –host-timeout 1m 10.73.31.45 to make Nmap stop trying to get a response from a host after a given time. This option won’t show you any output even if the host it timed out on has open ports. NMap gives you a lot of power in scanning network systems, so it’s no surprise that you can also set a time delay between probes. To do so type: nmap –scan-delay 10s 10.73.31.45. This will create a delay between probes of 10 seconds for that target. You can also set a maximum scan delay with : nmap –max-scan-delay 400 10.73.31.45. This will speed up your scan since it would be just 400 milliseconds between probes, but it may be less accurate. And with that, we’re going to take a break! BRB. We’re back with the last few timing options. You can set the minimum number of packets that NMap sends per second with another command, Nmap –min-rate 50 10.73.31.45. This would send 50 packets minimum per second. Be careful- if it’s set too high it may become inaccurate. If you want to do a sneak attack on a system- avoid some detection systems with the maximum packet rate option. Type: nmap –max-rate 10 10.73.31.45 to scan no more than 10 packets per second. Set it even lower- at 0.1 to send a packet every 10 seconds. Lastly for this week is defeating the reset rate limits that some targets may set on RST packets. Do this with: nmap –defeat-rst-ratelimit 10.73.31.45. This is automatically adjusted in NMap, though, so chances are you wouldn’t need to use this command. And that’s it for customizing your timing options! What would you like to see next about NMAP? Send me a comment below or email us at firstname.lastname@example.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I’ll be there, reminding you to trust your technolust.