Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 7:59 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: slow scanning OA 1.12.8
PostPosted: Fri Sep 02, 2016 7:21 am 
Offline
Newbie

Joined: Fri Dec 25, 2015 1:56 am
Posts: 28
Hi,

I'm currently running a scan on a /17 subnet. On average, this takes 93seconds per ip address. Which roughly translates to 35 days.
Is this normal, or am I missing some settings to tweak?

Running version 1.12.8.1 on Debian 8 VM with 4 CPU's and 1GB RAM. It's a clean install, not an upgrade.

thanks :)


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 05, 2016 10:17 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Will need more information.
A /17 is a LOT of ip addresses ( > 32,000 ip addresses).
I'd suggest breaking it down into more manageable chunks.

Do you have credentials for the devices? An SNMP scan will take a while to attempt to connect to the device and have to time out for each SNMP version (1,2c,3) with each credential set. Once you have the correct credentials associated with a device, these are attempted first, so next time around scanning should be much quicker. Same with other methods (WMI / SSH).

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 05, 2016 6:42 pm 
Offline
Newbie

Joined: Fri Dec 25, 2015 1:56 am
Posts: 28
a /17 was the easiest way to scan, since I wasn't really looking forward to starting 128 /24 scans. Though if that's what's needed to get a shorter scan time...

There's multiple types of devices in each /24 subnet, so I have matching credential sets for each one.
Is there a way to decide which set gets tested first? For example, as most of the devices are windows devices (some with snmp enabled), it would make more sense to test the windows credentials before snmp.

I currently have 3 sets of windows credentials and 1 snmp community.

I've also noticed the timeout on a dead IP takes a long time. Can I change this to be shorter? There's a few /24's in there that are not in use (closed stores), so that's a lot of time lost.

thanks :)


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 07, 2016 9:09 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
[quote]Is there a way to decide which set gets tested first?

Not at present, no. We could possibly do something here depending on the Nmap reported open ports.
[quote]I've also noticed the timeout on a dead IP takes a long time.
This is Nmap I assume. The initial scan is of the entire submitted range like below:
[code]nmap -n -sL ip_range[/code]
For each device that responds, it's scanned using the below options.
[code]nmap -vv -n -Pn --host-timeout 90 T4 your_ip_address[/code]
You might see if there are any other Nmap options that might be of use to you.

I think the single biggest issue is scanning a /17.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group