Measuring scan performance and time

The following formula can be used to measure scan performance: (number live assets) X (number of ports to be scanned) X (maximum retries) / (minimum packets per second) / 60 seconds = minutes to scan

basic

Manipulating Scan Performance and Time

You can edit the scan template to change scan performance and time.

For example, for the following parameters:

  • 105 = live assets discovered (you can get that from a scan log)
  • 65535 = number of ports to be scanned (you can get that from the nmap params line in the scan log)
  • 1 = maximum retries (can be found in the nmap params line in the scan log)
  • 200 = Packets Per Second (can be found in the nmap params line in the scan log, look for the value after --min-rate)

105 (number live assets) X 65535 (number of ports to be scanned) X 1 (maximum retries) / 200 (minimum packets per second) / 60 seconds = 1146.86 minutes to scan

In the example above, that scan template will require 19 hours to complete. So, if you need a scan to complete in a 4 hour window, for example, you have to change the template to make that happen.

  • You can reduce retries to 0, which gives zero margin for error but will double scan performance.
  • You can increase minimum packets per second. For each doubling you double scan performance. So, for example, increasing from 200 to 400 minimum packets per second gives you 573 minutes instead of 1146 minutes.
  • You can decrease the TCP ports being scanned. Whether you need to scan all 64,000 depends on why you're running the scan. For example, PCI requires scanning all 64,000 ports.