nmap warning: giving up on port because retransmission cap hit (2)
I am trying to scan a large set of domain names using nmap. I used the following command:
Nmap -PN -p443 -sS -T5 -oX out.xml -iL in.csv
I get the following warning:
Warning: xx.xx.xx.xx giving up on port because retransmission cap hit (2).
Why does this happen? How to resolve the issue ?
Answer
The option -T5 instructs nmap to use "insane" timing settings. Here's the relevant part of the current source code that illustrates what settings this implies:
} else if (*optarg == '5' || (strcasecmp(optarg, "Insane") == 0)) {
o.timing_level = 5;
o.setMinRttTimeout(50);
o.setMaxRttTimeout(300);
o.setInitialRttTimeout(250);
o.host_timeout = 900000;
o.setMaxTCPScanDelay(5);
o.setMaxSCTPScanDelay(5);
o.setMaxRetransmissions(2);
}
As you can see, the maximum number of retransmissions is 2. The warning you saw gets printed when there is a non-default cap on the number of retransmissions (set with -T5, -T4, or manually with --max-retries), and that cap is hit.
To avoid this problem, try scaling back your timing settings. -T4 is still very fast, and should work for nearby networks. -T3 is the default. If you are certain that your latency and bandwidth are not a problem, but that you may be dropping packets due to faulty hardware, you can manually set --max-retries to a higher value, and keep the rest of the -T5 settings.