Doty, Timothy T. wrote: > I don't have a reason for the above to be the case, it is simply what I have > observed. Consequently I run both nmap and nessus and compare the results of > the two. It is the closest I can get to a view of what is really on the > network.
I get this question from customers very often when they want to compare the results from Nessus and NMAP, or Nessus and some other vulnerability scanner. I usually ask them to start with how two scans with Nessus compare with each other before they start comparing other technologies. If they have inconsistencies here, it could be any number of reasons such as network performance, network volatility, performance of the scanner, .etc. Even if you like your active scans, adding in realtime passive monitoring gives you another view. Tenable has a lot of customers that use this blended approach to either not perform scans of super-sensitive devices, or to ease up on the amount of scans needed to be completed. Regardless, performing a full 65k port scan with any scanner takes time and simply sniffing for what ports are open can tell you the ones that are in use. Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
