> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:nessus- > [EMAIL PROTECTED] On Behalf Of Ron Gula > Sent: Wednesday, December 12, 2007 4:59 PM > To: [email protected] > Subject: Re: scanning multiple hosts > > Hi Steve, > > Is your SuSE Nessus scanner running natively on your laptop or is it > running in a VM of some sort? > > Are you scanning over wireless, through a firewall (either on your > machine or your network), through a NAT or so on? Is there an IPS in > the > middle that is preventing Nessus from performing a scan? > > Are the targets you are scanning very busy, VM images or in any other > way having I/O, CPU or memory usage issues during the scan. Scanning a > host that periodically goes to 100% CPU usage won't return reliable > port > scans or scan results. > > During the scan, does your laptop experience high CPU usage or high > memory usage? > > Ron Gula > Tenable Network Security > >
This is a key Question. I'm using a Dell Vostro 1500 (Core Duo 2.2ghz, 2gb Memory, 120 GB hard drive,gigabyte nic). After some light load testing, 5 Ip's at a time and 15 tests at a time seems to be a good mix. You should load test the laptop on a known lan. Start with 2 hosts, 10 tests. Goto 5 hosts and increase the tests to 15-20 then add one more host at a time -- making small changes and keeping an eye on cpu and i/o use. never let either get above 50%. Once you hit 45% - 50% resource use, that's the capabilites of the laptop. MAke a point to disable indexers etc. that a re running on the system. Also, test with and without the server "be nice" option. Also, it really helps to be using kernels about 2.6.15 due to some really nice changes in how concurrent i/o is handled via the scheduler. If you need to make a small test lan, grab 4 boxes running 4 Vmware server VM's of a fully loaded install of a recent oss OS like Suse (all packages) with the VM tools installed and servers turned on. Assign each VM a random 5 ip's and watch Lots of reports from finger, talk etc come in formt he now phoney 16 hosts running a total of 80 ip's. You can scal e this test environment as you wish -- even with one box hosting 127 ip's etc. Sam S. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
