Kjetil Kjernsmo wrote: > However, the initial portscan takes an extremely long time... Actually, > I haven't seen it finish, because I had to turn my computer off at > night... :-) But something like 10 hours, it seems like it would need > to do a portscan... WTF? There's is a progress bar, it moves this slow.
One thing to consider is that the progress bar for a nmap scan is bogus--it doesn't actually relate to the actuall progress of nmap. Nmap could have frozen, etc. > It is just a normal portscan using nmap, that's what nessus starts with, > isn't it...? Something that usually would take like, 6 minutes... > > Looking at the network load of the server, the first 6 minutes or so of > the process, it is high, but the after that, there seems to be no > abnormal traffic. Do you have udp scanning turned on? If so, running this scan against a non-windows box can literally take days! Try turning this off in the namp section of the nessus client prefrences. However, if that's not the case, I have run into this before on a couple of machines using only the nmap SYN scan. I find that if I run nmap against these machines outside of nessus, nmap spits out a ton of messages about timing problems and other debugging stuff. What I do is run nmap on *those* machines so that they're scanning themselves and turn on nmap file logging (-oN scan_results.txt.) I then copy that file to the computer that I'm running the nessus client on. Then all you have to do is tell the nessus client to read the scan results from that file (Under nmap preferences.) Also, if you're not concerned about rpc, udp, and os fingerprinting, just turn off the nmap scan and use nessus's built-in SYN and tcp connect() scans which can be faster. HTH, Brent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
