On Fri, Mar 21, 2003 at 12:57:54AM +0100, Renaud Deraison wrote: > On Thu, Mar 20, 2003 at 03:45:34PM -0800, Phillip Pi wrote: > > Any known problems with the new version and Nessus v2.0? > > It requires g++ to compile and uses libpcap 0.7.1. I've minor gripes : > > - g++ is not installed everywhere
Hi Renaud. This concerned me as well, so I waited patiently for many years before switching to C++. Then during one release I accidentally pasted in some autoconf code which checked for g++ and bailed out if unavailable. There were many thousands of downloads of that Nmap release and the number of compilation problem reports due to no C++ compiler can be counted on one hand. The last 3-6 months of betas have required C++ as well, and I haven't had more than 2-3 reports. I expect that the Nessus userbase has much in common with Nmap users. > - libpcap 0.7.1 : I did some testing of libpcap 0.6.x (the "post lbl > libpcap") on Linux, and when you have a great number of processes each > having a different filter on their own pcap filter, Well, you already know my opinion of running many Nmap instances in parallel. Nmap will scan faster if you run just one with many hosts on the command line. I recently (last couple weeks) put substantial effort into improving the SYN/connect() scan timing, especially against firewalled hosts. The -T4 (same as "-T aggressive") option also now offers improved performance. I gave a real-life example in my 3.15BETA3 announcement ( http://lists.insecure.org/lists/nmap-hackers/2003/Jan-Mar/0005.html ) -- A firewalled host which took 556 seconds to scan with older versions takes only 40 seconds with 3.15BETA3 and -T4. It would be even faster with -T5, and that would still be less aggressive than your dozens-of-nmap-instances-at-once approach. Also, Nmap has a very fast and flexible ping scanner that can send TCP packets to multiple ports as well as all sorts of ICMP messages (echo, netmask, timestamp, etc) or any combination. It scans many hosts in parallel, but you can't take advantage of this if you execute Nmap a bunch of times against 1 IP each. I would be happy to assist if you try to move Nessus into a "many target host per Nmap instance" model and run into problems. Even if you don't want to go as far as running just 1 Nmap, you could divide a 30-host scan into 5 Nmap instances each running Nmap against 6 IPs. > the same time, none of my gripes are an issue. If you try to scan 200 > hosts simultaneously[*], your mileage may vary Agreed -- your 200-host example demonstrates the extreme end of why running a whole Nmap process for each host won't scale. Another benefit of upgrading to 3.20 would be to take advantage of the hundreds of new OS fingerprints. The release notes are at http://lists.insecure.org/lists/nmap-hackers/2003/Jan-Mar/0007.html and Nmap can be downloaded from http://www.insecure.org/nmap/ . Cheers, Fyodor PS: Before anyone flames me about the short peace plea in the first lists.insecure URL above, please read http://lists.insecure.org/lists/nmap-hackers/2003/Jan-Mar/0006.html
