If you've done any network scanning, that probably sounds like an outrageously unachievable goal, especially when previous internet scanning projects have needed weeks or even months to achieve a similar result.

But Zmap has, by all accounts, done so, thanks to a few new tricks.

For a start, how do you proceed quickly yet systematically?

If you go in numeric address sequence, much like a Google StreetView car has to since it can't be in Caracas, Venezuela at 14:00 and in Brisbane, Queensland at 14:01, there will be whole subnets where you can only proceed slowly because the target network is slow.

Your probe packets - even though you are only sending one ethernet frame per probe - will enter the target network much more slowly than you can send them out, so you will receive your replies correspondingly slowly.

The outcome might also be extremely antisocial to the network you are probing, effectively producing a DoS, or Denial of Service.

Zmap solved this problem by using what are known as cyclic multiplicative groups.


http://nakedsecurity.sophos.com/2013...ernet-scanner/