why not build a clean network with a linux box and a windows box on it as the targets and put NA Sniffer on there and start it at the beginning. gives a nice neat traffic list.
or would that even work? -----Original Message----- From: Marc Spitzer [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 4:39 PM To: [EMAIL PROTECTED] Subject: Re: FAQ proposal: How much bandwidth will nessus require? On Thu, 18 Apr 2002 22:24:45 +0200 (CEST) Hugo van der Kooij <[EMAIL PROTECTED]> wrote: > Hi, > > Any remarks on this new FAQ entry: > > > How much bandwidth will nessus require? Could you just test, something like this: 1: pick a box that you do not talk to much 2: run tcpdump and keep the headers 3: dump the ip packet size and sum them up it may not be exact but it should be close marc > > This is a rather hard question to answer. There are some guesses to make > but do not use it yourself. > > Now assume we test 65536 TCP ports. This will require at least a single > packet per port that is at least 40 bytes large. Add 14 bytes for the > ethernet header and you will send 65536 * (40 + 14) = 36700 16 bytes. So > for just probing all TCP ports we may need a multitude of this as nmap > will try to resend the packets twice if no response is received. > > A very rough estimate is that a full scan for UDP, TCP and RPC as well as > all NASL scripts may result in 8 to 32 MB per host. > > > > -- > All email send to me is bound to the rules described on my homepage. > [EMAIL PROTECTED] http://hvdkooij.xs4all.nl/ > Don't meddle in the affairs of sysadmins, > for they are subtle and quick to anger. >
