Reputation: 639
Speeding up Scapy scans?
I'm writing a port scanner using scapy, but I'm finding that it is horrendously slow. I use a single line of code to actually do the scan:
ans, unans = sr(IP(dst=targetIP)/TCP(dport=(1, 49151), flags='S'))
And it takes about 15 minutes to run, even though I'm on the same LAN as the computer I'm scanning. Heck, I'm plugged into the same SWITCH as my target!
I tried multi-threading, but that actually made it slower. Using multiple processes is faster, but only to a certain point. Either scapy's sniffer can't keep up and it is losing packets, or the network itself is dropping packets (Not likely, considering nmap works fine). In either case, using 5 processes, I got the TCP scan time down to about 5-6 minutes, which while is 1/3rd the time it takes to run it in a single process, is still much slower than the ~10 seconds nmap takes.
Anyone know any other tricks to speed up Scapy port scans of large ranges?
Upvotes: 4
Views: 2280
Answers (1)
Reputation: 5411
Note that in your example, you had forgotten the timeout parameter, which is crucial: without it, scapy will wait to have recieved an answer for each packet you have send, which in your case will never happend !
As of 2018 (2.3.3dev (github version)), running
ans, unans = sr(IP(dst=targetIP)/TCP(dport=(1, 49151), flags='S', timeout=2))
Takes approximately 90 sec. The pending PR https://github.com/secdev/scapy/pull/1142 speed that up to around 50sec.
Upvotes: 1
Related Questions
- How to control Scapy sending packets speed?
- Search in pcap faster then normal
- Scapy speed up sniff performance
- Python3 scapy/kamene extremely slow
- Speed up python loop processing packets
- Scapy sniff in non blocking way
- Scapy in Python script
- Low Performance with Scapy
- Scapy python script consuming too much cpu while sniffing
- How to improve scapy performance reading large files