Is it possible with nmap to check only the state of a port whether- open, closed or filtered and NOT the services behind it?
The aim is to speed up scan results. Since UDP scan is also involved it is taking forever to complete.
That aside what could be done to speed up nmap UDP scans? The one I'm using is:
nmap -n -sS -sU -p1-65535 -oN scan_out -iL hosts
Best Answer
With the command you posted, the only service information is generated with a simple lookup of the port number. There's really no perceptible delay there, and so it cannot be disabled.
I would suggest splitting this into two scans: one for TCP and one for UDP. That way you can get the TCP results without delay while the UDP scan runs. This can also help Nmap with its internal timing calculations.
For speeding up UDP scans, you'll likely have to sacrifice some accuracy for speed. Some options that may help include the using the gross timing options
-T<digit>(3 is default, use 4 or 5 to speed things up), setting--max-retriesto a low value (less than 3), setting a--max-rtt-timeoutusing the instructions in the man page, and reducing the number of ports scanned. A scan of 65535 ports is going to take a long time no matter what (and did you know that port 0 is a valid port?). Pay attention to be sure hosts with open ports are not timing out (set the--host-timeoutoption to a high value if so.)If you still are unsatisfied with the speed of Nmap for UDP scans, you'll probably have to look at an asynchronous scanner like unicornscan.