Nmap from Scratch | Part-7 | Timing and Performance

Nmap scans can be very time taking, for one target it’s not much, but if we are scanning for a number of targets then it adds up, Nmap gives full control on how to use the tool, user can change certain parameters to increase the timing and performance hence saving more time.The first and the foremost tip by Nmap itself is to always tun the latest version of Nmap. Now let’s look at few other options.

When Nmap tries to scan a port and if no response is received, Nmap retransmits the initial probes again, we can specify if we want Nmap to retransmit probes or not .


nmap --max-retries 0 nmap.scanme.org

Using this option we can specify how much time we want Nmap to spend on each host, if the time exceeds, Nmap will skip that particular host.


nmap --host-timeout 1m nmap.scanme.org #to spend one minute, remember we can give a lists of host we well, in that case Nmap will spend 1m on each host.

This option allows us to adjust the delay time between probes, this is useful in case of rate limiting, which can also be helpful in evading IDS or IPS.


nmap --scan-delay 2s nmap.scanme.org #delay of 2 seconds between each probe

There are many options other than the options mentioned above, but they can be confusing sometimes, that is why Nmap created a template option that can work in five different modes.

  • Paranoid ( -T 0 )
  • Sneaky ( -T 1 )
  • Polite ( -T 2 )
  • Normal. ( -T 3 )
  • Aggressive ( -T 4 )
  • Insane ( -T 5 )

All these options decides the speed, basically how fast the probes should be sent.


nmap -T5 nmap.scanme.org


It’s always better to use -T 4, because -T 5 is very aggressive it can even crash hosts sometimes, and -T 0, -T 1, -T 2, and -T 3 are polite but they can take some time when scanning for multiple hosts.

Another good way to increase performance is to only scan for things that are needed, for example, Nmap scans for 1000 ports by default, which is quite big, so it’s always better to specify the ports you want to scan for, to save time.

This is it for this blog, thanks for reading , next time we’ll look some options for Firewall/IDS evasion.

If you have any doubt, you can ping me at A3h1nt.




Infosec Enthusiast | Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How I became a self-taught front-end web developer. And how YOU can too!

Setup Virtual Host on Ubuntu

Gremlins in your code

Let there be (interior) light - Unity HDRP

Managing data consistency in a concurrent application

[RedDev Series #3] Spawn Process From WMI In C++

Introducing Patent Technology

Two important things to know to become a developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Infosec Enthusiast | Student

More from Medium

Step 11 Part 2: Attacking Web Applications with FFuf… the Skills Assesment

Creating A Perfect Sysmon Configuration File

Why Is IoT Security Important? — Informer

The Complete Guide: Learn all about Nmap scan types.