Re: nmap in vmware

From: brad Causey (bradcausey@gmail.com)
Date: Tue Jul 18 2006 - 22:09:25 EDT

• Next message: Jerry: "DISCREET OVERNIGHT PHARMACY"
• Previous message: kratzer.jason@gmail.com: "Re: nmap in vmware"
• In reply to: offset: "nmap in vmware"
• Next in thread: brad Causey: "Re: nmap in vmware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

One of the main things to remember is that you will see a significant
difference in network latency when using VMs vs. using hardware based
hosts. The negative impact will depend heavily on the hardware that the
host runs on and the rate(insane vs. paranoid) of scan. I have created
training courses on hacking exclusively in VM environments and I can
tell you that there is a noticeable difference in running a full host
scan in VM vs. host-based.(Especially with Nessus) The scans will work
fine, but they will most likely take a good percentage longer(upwards of
25-50%). I would suggest creating a baseline using the same target. Scan
the target using a VM based install of nmap and then scan the same
target with a hardware based host. Be sure to keep the variables to
minimum so you can get an accurate test. Use the "-v" option and what
ever other options you might normally use. That should give you a good
idea of what kind of delays might be experienced. Other than time, nmap
works great in a VM!

-Brad

offset wrote:
> Looking for any negative experiences with running nmap under Fedora Core 5 under vmware
>
> VMware host is Windows XP SP2 running VMware workstation (latest version) with Fedora Core 5
>
> Thanks in advance,
>
> -off
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
>

• application/pgp-signature attachment: OpenPGP digital signature

• Next message: Jerry: "DISCREET OVERNIGHT PHARMACY"
• Previous message: kratzer.jason@gmail.com: "Re: nmap in vmware"
• In reply to: offset: "nmap in vmware"
• Next in thread: brad Causey: "Re: nmap in vmware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:20 EDT