Timing & Performance

1. --min-hostgroup ; --max-hostgroup

Adjusts parallel scan group sizes. Example: Scan with a minimum group size of 50 hosts and a maximum group size of 200.

nmap --min-hostgroup 50 --max-hostgroup 200 192.168.1.0/24

2. --min-parallelism ; --max-parallelism

Adjusts probe parallelization. Example: Set minimum parallelism to 10 and maximum parallelism to 50.

nmap --min-parallelism 10 --max-parallelism 50 192.168.1.1

3. --min-rtt-timeout , --max-rtt-timeout , --initial-rtt-timeout

Adjusts probe timeouts. Example: Set the initial RTT timeout to 500ms, minimum to 100ms, and maximum to 1 second.

nmap --initial-rtt-timeout 500ms --min-rtt-timeout 100ms --max-rtt-timeout 1s 192.168.1.1

4. --max-retries

Specifies the maximum number of port scan probe retransmissions. Example: Limit retries to 3 for each port scan probe.

nmap --max-retries 3 192.168.1.1

5. --host-timeout

Specifies how long to wait for a host to respond before timing out. Example: Timeout hosts after 1 minute of no response.

nmap --host-timeout 1m 192.168.1.1

6. --script-timeout

Sets the maximum allowed execution time for scripts. Example: Set the script timeout to 30 seconds.

nmap --script-timeout 30s 192.168.1.1

7. --scan-delay ; --max-scan-delay

Adjusts delay between probes to avoid rate limiting. Example: Add a 1-second delay between each probe, with a maximum delay of 3 seconds.

nmap --scan-delay 1s --max-scan-delay 3s 192.168.1.1

8. --min-rate ; --max-rate

Directly controls the scanning rate. Example: Set the minimum scanning rate to 500 packets per second, and a maximum rate of 1000 packets per second.

nmap --min-rate 500 --max-rate 1000 192.168.1.0/24

9. --defeat-rst-ratelimit

Avoids rate limits for RST packets, speeding up SYN scans. Example: Use this option to bypass rate limiting for RST packets.

nmap --defeat-rst-ratelimit 192.168.1.1

10. -T

Sets the scan timing template. Example: Use the "aggressive" timing template for faster scans.

nmap -T4 192.168.1.0/24