Nmap from Scratch | Part-7 | Timing and Performance

Nmap scans can be very time taking, for one target it’s not much, but if we are scanning for a number of targets then it adds up, Nmap gives full control on how to use the tool, user can change certain parameters to increase the timing and performance hence saving more time.The first and the foremost tip by Nmap itself is to always tun the latest version of Nmap. Now let’s look at few other options.

When Nmap tries to scan a port and if no response is received, Nmap retransmits the initial probes again, we can specify if we want Nmap to retransmit probes or not .


nmap --max-retries 0 nmap.scanme.org

Using this option we can specify how much time we want Nmap to spend on each host, if the time exceeds, Nmap will skip that particular host.


nmap --host-timeout 1m nmap.scanme.org #to spend one minute, remember we can give a lists of host we well, in that case Nmap will spend 1m on each host.

This option allows us to adjust the delay time between probes, this is useful in case of rate limiting, which can also be helpful in evading IDS or IPS.


nmap --scan-delay 2s nmap.scanme.org #delay of 2 seconds between each probe

There are many options other than the options mentioned above, but they can be confusing sometimes, that is why Nmap created a template option that can work in five different modes.

  • Paranoid ( -T 0 )
  • Sneaky ( -T 1 )
  • Polite ( -T 2 )
  • Normal. ( -T 3 )
  • Aggressive ( -T 4 )
  • Insane ( -T 5 )

All these options decides the speed, basically how fast the probes should be sent.


nmap -T5 nmap.scanme.org


It’s always better to use -T 4, because -T 5 is very aggressive it can even crash hosts sometimes, and -T 0, -T 1, -T 2, and -T 3 are polite but they can take some time when scanning for multiple hosts.

Another good way to increase performance is to only scan for things that are needed, for example, Nmap scans for 1000 ports by default, which is quite big, so it’s always better to specify the ports you want to scan for, to save time.

This is it for this blog, thanks for reading , next time we’ll look some options for Firewall/IDS evasion.

If you have any doubt, you can ping me at A3h1nt.




Infosec Enthusiast | Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Food Pulse — top reviewed dishes from your local restaurant

Web Application Testing — 6 Tips to Make the Most of TestCafe Studio’s Web Test Recorder

For Developers the Low-Code Winter Is Coming

Mental health in the open source community

We all stand together under an umbrella of support for open source contributors

DAO Macrostructures

Linux System : Free Employee Monitoring with Automatic Screenshots

GitOps — One For All

Create Cloud-Native Repositories Using Helm Charts (GitHub,AWS S3)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Infosec Enthusiast | Student

More from Medium

RCE on micro_httpd web server

This is part 2 of the reverse engineering ippsRSA library to induce faults.

Encode Msfvenom PowerShell payload with base64

Offensive Security: Insanity Hosting Walkthrough