I ran into this problem the other day running a port scan (1-65535) on a firewall (which dropped all packets - no open or closed ports)
When using nessus_tcp_scan, the 'portscan' status bar for the host would get all the way to the end, and then start over from the beginning. It did this for about 4 hours until I stopped it. I could tell from a packet capture (which I don't have) that the same ports were being scanned each time. All prefs for the plugin were checked I then tried synscan, which started out good. I was watching the packets and saw them progress up to 65535~, then start over from the beginning, only much slower this time. The first round took about 2 hours, and the second took about 6. Is this expected behavior from these scanners? BTW, this scan was a one time deal so I can't gather anymore data from the host, also I didn't really save any packet captures. [root]# cat /etc/fedora-release Fedora Core release 4 (Stentz) [root]# uname -a Linux xps2 2.6.16.1custom #2 SMP Mon Apr 17 12:14:08 CDT 2006 i686 i686 i386 GNU/Linux [root]# nessusd -h nessusd, version 3.0.4. [root]# NessusClient -h NessusClient, version 1.0.0.RC5 Thanks Scott _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
