Doug Nordwall wrote: > Did you click on the consider unscanned ports as closed checkbox? It > sounds like from this description you are running the nmap greps and the > regular in nessus scans as well.
No, that option is unchecked. I did disable the nessus TCP portscanner. Nessus does not do any portscanning, I've verified this. > 4 seconds per FIN on HTTPS? eesh. is that on every HTTP plugin? that > would take a very long time indeed. I have looked at another tcpdump trace. It's not every plugin, but it happens fairly often. I see no delay, and delays of 2 to 6 seconds. Let's see. There are about 2400 HTTP plugins, so a 4 second delay on all of them causes a 2h40 delay. Possibly less if both threads are doing HTTPS checks in parallel, possibly more when there is more than 1 HTTPS port on the server. This explains a lot. I can't figure out what is causing these delays though. > ah, good. Is it hanging on the HTTP attacks then? if not, which ones? It looks like it is the HTTP attacks, yes. But that could just be because there are so many of them (20% of the plugins are HTTP plugins). Sincerely, Richard van den Berg _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
