What is Port scanning?
Port scanning will check for open ports on target hosts and IPs, and report on services found. It will also perform OS detection if configured in the more advanced options under this section.
See also 3 Types of Scanning - Port Scanning, Web Application Scanning, and Infrastructure Scanning
Why is port scanning sometimes slow?
Port scanning is one of the lowest level checks you can do (in terms of the protocol stack) and is normally very quick to do; however with misconfiguration it's easy to end up configuring a port scan that will take a very long time to complete indeed.
One of the most common issues with slow running port scans is the configuration of UDP (as opposed to TCP) port scans, without full awareness aware of how they work. Scanning all 65,000 ports for open UDP ports on a host (let alone multiple hosts) is going to take a really long time due to the way that the underlying UDP protocol works. With TCP traffic , there is an explicit "handshake" and guaranteed delivery via a confirmation of packet receipt; however when using UDP there is no explicit acknowledgement of receipt of packets, it is fire and forget, so the scanner has to wait for a timeout and then do any retries in case the packets were lost en route. With timeouts in seconds, a large number of ports, and multiple hosts, the scan time can soon balloon out of control. This isn't specific to the way AppCheck is using scanning, or something that can be "fixed", it is similar the nature of the UDP protocol by design as a connectionless protocol.
UDP scanning combined with dead host detection and service detection or OS detection is particularly slow.
See also Why do some of my scans take a long time to complete?
Tips for faster Port Scanning
If running a UDP scan on all 65,000 ports is a requirement on eg compliance grounds, then you can speed up scanning somewhat by ensuring that the "dead hosts" and "service detection" settings are disabled, as well as switching to "aggressive timing": the scan will be much faster.
Comments
0 comments
Please sign in to leave a comment.