Mailing List Archive: Nessus for port scanning --

Nessus for port scanning --

Mike.Vasquez at cityofmesa

Sep 26, 2008, 8:34 AM

Post #1 of 6 (4538 views)

I'm looking at using Nessus for some general port scanning, so that i can
have all results consolidated in Security Center. I really want to limit
scanning to a port or 2, and limit the hosts to just a handful at a time,
to limit network traffic during the scan.

My initial testing seemed to indicate that it was taking about a minute
and a half per IP. That was much longer than I expected. I was checking
for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
scan.

Wondering if it's a case of using the wrong tool, or if there are
additional settings/tweaks I should consider. Any input appreciated.

Thanks,
Mike

Re: Nessus for port scanning -- [ In reply to ]

rgula at tenablesecurity

Sep 29, 2008, 5:48 AM

Post #2 of 6 (4401 views)

Mike.Vasquez@cityofmesa.org wrote:
> I'm looking at using Nessus for some general port scanning, so that i can
> have all results consolidated in Security Center. I really want to limit
> scanning to a port or 2, and limit the hosts to just a handful at a time,
> to limit network traffic during the scan.
>
> My initial testing seemed to indicate that it was taking about a minute
> and a half per IP. That was much longer than I expected. I was checking
> for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
> scan.
>
> Wondering if it's a case of using the wrong tool, or if there are
> additional settings/tweaks I should consider. Any input appreciated.
>

Hi Mike,

We're you performing the test under SC3 or under a Nessus Client?

If you limited the scanned ports to just two ports, the scan should not
have taken that long. I'm curious if you had any other plugins enabled
such as service fingerprinting.

Ron Gula
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Re: Nessus for port scanning -- [ In reply to ]

Mike.Vasquez at cityofmesa

Sep 29, 2008, 7:32 AM

Post #3 of 6 (4388 views)

The scan was created/launched in SC3, and all plugins were disabled,
including service checking.

Ron Gula <rgula@tenablesecurity.com>
Sent by: nessus-bounces@list.nessus.org
09/29/2008 05:48 AM

To
nessus@list.nessus.org
cc

Subject
Re: Nessus for port scanning --

Mike.Vasquez@cityofmesa.org wrote:
> I'm looking at using Nessus for some general port scanning, so that i
can
> have all results consolidated in Security Center. I really want to
limit
> scanning to a port or 2, and limit the hosts to just a handful at a
time,
> to limit network traffic during the scan.
>
> My initial testing seemed to indicate that it was taking about a minute
> and a half per IP. That was much longer than I expected. I was
checking
> for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN

> scan.
>
> Wondering if it's a case of using the wrong tool, or if there are
> additional settings/tweaks I should consider. Any input appreciated.
>

Hi Mike,

We're you performing the test under SC3 or under a Nessus Client?

If you limited the scanned ports to just two ports, the scan should not
have taken that long. I'm curious if you had any other plugins enabled
such as service fingerprinting.

Ron Gula
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Re: Nessus for port scanning -- [ In reply to ]

rgula at tenablesecurity

Sep 29, 2008, 7:42 AM

Post #4 of 6 (4392 views)

Hi Mike,

How did you determine that the scans took 1 to 1.5 minutes per host?

What did the Security Center report as the time it took for your total
scan time? This scan time considers the total number of IP addresses
and not the actual hosts that were scanned. In other words, if Nessus
is spending time trying to ping hosts that aren't there, this will
cause your scan to take a bit longer.

You could also extract the .nessus file from your SC3 scan and try
this in the Nessus Client to see if there is any difference.

Ron

Mike.Vasquez@cityofmesa.org wrote:
> The scan was created/launched in SC3, and all plugins were disabled,
> including service checking.
>
> Ron Gula <rgula@tenablesecurity.com>
> Sent by: nessus-bounces@list.nessus.org
> 09/29/2008 05:48 AM
>
> To
> nessus@list.nessus.org
> cc
>
> Subject
> Re: Nessus for port scanning --
>
>
> Mike.Vasquez@cityofmesa.org wrote:
>> I'm looking at using Nessus for some general port scanning, so that i
> can
>> have all results consolidated in Security Center. I really want to
> limit
>> scanning to a port or 2, and limit the hosts to just a handful at a
> time,
>> to limit network traffic during the scan.
>>
>> My initial testing seemed to indicate that it was taking about a minute
>> and a half per IP. That was much longer than I expected. I was
> checking
>> for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
>
>> scan.
>>
>> Wondering if it's a case of using the wrong tool, or if there are
>> additional settings/tweaks I should consider. Any input appreciated.
>>
>
> Hi Mike,
>
> We're you performing the test under SC3 or under a Nessus Client?
>
> If you limited the scanned ports to just two ports, the scan should not
> have taken that long. I'm curious if you had any other plugins enabled
> such as service fingerprinting.
>
> Ron Gula
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
>

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Re: Nessus for port scanning -- [ In reply to ]

p.remek1 at googlemail

Sep 30, 2008, 6:24 AM

Post #5 of 6 (4401 views)

Hi,

As I am curious too I will add my findings. I have set up nessus to scan
single
one IP address for single one port (23), with all plugins and all other
stuff turned off.
Even with this minimal setting I can see lot of data going out to the scan
target.
I have captured about 130-150 packets going to and from various ports
(ftp,http etc.)

The scan takes 35 seconds to complete, target box is on LAN.

Thanks,
P

On Mon, Sep 29, 2008 at 2:48 PM, Ron Gula <rgula@tenablesecurity.com> wrote:

> Mike.Vasquez@cityofmesa.org wrote:
> > I'm looking at using Nessus for some general port scanning, so that i can
> > have all results consolidated in Security Center. I really want to limit
> > scanning to a port or 2, and limit the hosts to just a handful at a time,
> > to limit network traffic during the scan.
> >
> > My initial testing seemed to indicate that it was taking about a minute
> > and a half per IP. That was much longer than I expected. I was checking
> > for 2 open ports, 2 IPs at a time, no plugins running, all on a LAN, SYN
> > scan.
> >
> > Wondering if it's a case of using the wrong tool, or if there are
> > additional settings/tweaks I should consider. Any input appreciated.
> >
>
> Hi Mike,
>
> We're you performing the test under SC3 or under a Nessus Client?
>
> If you limited the scanned ports to just two ports, the scan should not
> have taken that long. I'm curious if you had any other plugins enabled
> such as service fingerprinting.
>
> Ron Gula
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>

Re: Nessus for port scanning -- [ In reply to ]

mikhail at nessus

Sep 30, 2008, 10:33 AM

Post #6 of 6 (4401 views)

On Tuesday 30 September 2008 15:24:19 P. Remek wrote:

> Even with this minimal setting I can see lot of data going out to the scan
> target.
> I have captured about 130-150 packets going to and from various ports
> (ftp,http etc.)

If you set "consider unscanned ports as closed", then the TCP activity
probably comes from the TCP ping (ping_host.nasl)
And UDP services are always scanned.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus