Hello community, first time writing here so let me know if i am missing something.
Running openvas9 + nmap 6.47, when doing network scan against full ip-range (nmap options used: nmap -n -Pn -sS -sU -p -defeat-rst-ratelimit -T3 ), i have noticed that nmap time increase starting from ~ 30 seconds to get a response to 100 sec then 300 sec …600…1200 …1800 and in the end get back to 40 seconds. CPU load during this time was ~97%. I also have checked the syslog for errors like “could not open socket” but none was found.
Question: What could be the reason that nmap port scanning time was increasing? Is it only related to CPU or there are other reasons ?
From the text shown while creating a new topic in the “Vulnerability Tests” category:
Use this category for all topics (General discussion of results, reporting of false positive / negative results, VT development) around vulnerability tests (the so called “NASL scripts”).
Please chose a different/better fitting category for all topics related to GVM (Installation, Usage, Configuration, Scanning).
Not sure if there is any really good fitting category because this is more a question about the functionality of nmap rather then anything GVM related so the “Security Processes” category might the closest fit.
If nmap and openvas both are handling resource errors gracefully, I wouldn’t expect errors in the logs.
You could try tools like iostat, netstat etc. to see if there might be a lack of sockets or other resources, comparing runs of openvas with/without runs of nmap.
You were right, the reason is both CPU and lack of sockets, once i added more CPU and extended the bandwidth, nmap port discovery was taking the average ~35 seconds for every ip in the range