0

I am using nmap to do port scan for an experiment. The destination IP is 192.168.199.201. And I try the two commands below:

Using -sT:

stevennl@stevennl:~$ sudo nmap -sT 192.168.199.201
Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-31 19:43 CST
Nmap scan report for 192.168.199.201
Host is up (0.00058s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 08:00:27:9E:4C:49 (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

Using -sS:

stevennl@stevennl:~$ sudo nmap -sS 192.168.199.201
Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-31 19:43 CST
Nmap scan report for 192.168.199.201
Host is up (0.00040s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 08:00:27:9E:4C:49 (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds

I am wondering why it takes more time to scan when using -sS parameter. Because using -sT needs to finish TCP’s three times handshake but using -sS will not establish a TCP connection. So using -sS must be faster, but the result is opposite, am I wrong?

4

1 回答 1

1

有很多外部因素可以发挥作用。这里有一些想法:

  • Oracle VirtualBox 可能正在执行某种类型的数据包转换或其他抽象,它们可以更快地使用普通套接字调用,而不是 Nmap 用于-sS.
  • 在这两种情况下,反向 DNS 查找都失败了,因此在一种情况下它的失败速度可能比另一种情况下更快。用于-n跳过此步骤。
  • -sS在扫描过程中,其他东西可能一直在使用更多的网络带宽。Nmap 通常表现良好,如果由于链路饱和而丢弃数据包,它将后退并重试。
  • 您可能会不幸地将 libpcap 1.5 及更高版本与 Linux 3.19 或更早版本结合使用,这会导致数据包丢失和扫描速度缓慢,但如果是这种情况,我预计会比这更慢。

还有许多其他可能的解释。时代真的非常接近。

于 2016-11-03T21:36:44.077 回答