Hi, Consider alive means, that scan all host even they don't respond to ping (this like like a force scan all hosts). This slows scan down.
Other settings that affect scan speed is of course port list. Another setting is portscan (nmap) timing and scan setup (connect scan on default) on scan config. Setting portscanning to syn scan and timing to aggressive gives much faster scan but also more load on targets. If you want to modify timing or portscanner config then you need to clone full and fast setup and then modify it. -- Eero -- Eero 2015-11-13 16:30 GMT+02:00 Randy Dover <[email protected]>: > I recently got a new installation up and running (Thanks Eero!) > > Had been using version 6 for some time. > > > > I did one scan on Monday night and it took about 4.5 hours, not too out of > the ordinary. This subnet has 12 computers, 4 network devices (ASA, Switch, > Router, WAP) and 4 printers. > > Settings for Target were: > > All hosts on a subnet > > No hosts excluded > > Reverse lookup only: no > > Reverse lookup unify: no > > Port list: All IANA assigned TCP 2012-02-10 > > Alive Test: Scan Config Default > > No credentials (Haven’t set them up yet) > > > > Settings for Schedule: > > Run at 21:00, EST > > Period 1 week (Every Monday) > > > > Settings for Task: > > Target: Set above > > Alerts: Email setup > > Schedule: Set above > > Add to assets: Yes (Don’t care, didn’t notice this, does it matter? Pros > and cons?) > > Alterable task: No > > Scanner: OpenVAS Default > > Scan Config: Full and fast > > Slave: > > Order for target hosts: Sequential > > Network Source Interface: > > Maximum concurrently executed NVTs per host: 4 > > Maximum concurrently scanned hosts: 20 > > > > I setup another Target, Schedule and Task on another subnet. This subnet > has 19 computers, 5 network devices and 5 printers. > > The only differences I see are: > > Target: > > Port List: All TCP > > Alive Test: Consider Alive (If there’s nothing for an IP, I don’t want it > to be scanned and don’t want it to show up in a report, is this the correct > setting?) > > > > Schedule: > > Same as above, except Tuesday > > > > Task: > > Same as above > > > > This second task has been running since Tuesday night at 21:00 hours, at > the time I’m writing, that’s 60 hours and 20 minutes!!! > > There is supposed to be a way to stop the scan, by clicking the square > stop button, but I don’t see that anywhere. > > > > I looked at the resources on the server: > > CPU is running at about 50% (I have 4, and all are between 35% and 60%) > > Memory is constant 42%, with swap at 0 (8gb installed) > > Network is running about 400 b/s with occasional spike > > > > Why are the scans taking so long? What settings should I correct? There > are really only 2 changes from the scan that took about 4.5 hours and the > one that has been running over 60 hours. A little bit of difference in the > amount of endpoints, but nothing that should cause that much of a > difference! > > > > Randy Dover > > > This email is intended for its designated recipients. The information, and > attachments, contained in this email may be considered private and/or > confidential. If the transmission is received in error, delete messages(s) > from your system and notify the sender. You may not, directly or > indirectly, use, disclose or distribute any part of this email. > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
