Adjusting Parallelism (`--min-parallelism`, `--max-parallelism`) with Nmap

Learn how to fine-tune Nmap’s parallelism settings, including --min-parallelism and --max-parallelism, to optimize scanning performance.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Introduction

Nmap (Network Mapper) is a powerful and widely used open-source tool for network discovery and security auditing. One of its key strengths is the ability to scan networks efficiently by leveraging parallelism, which allows multiple probes to be sent simultaneously, optimizing the scanning speed.

To fine-tune this parallelism, Nmap provides two important options: --min-parallelism and --max-parallelism. These flags control the number of concurrent scanning probes, allowing users to adjust Nmap’s performance based on network conditions, system resources, and scanning objectives.

In this article, we will explore how these parallelism settings work, when to use them, and best practices for optimizing Nmap scans.

Understanding Parallelism in Nmap

What is Parallelism?

Parallelism in Nmap refers to the number of probes (packets sent to the target) that Nmap executes concurrently. The efficiency of parallel scanning depends on multiple factors, including network latency, target system responsiveness, and available system resources (CPU, memory, and bandwidth).

By default, Nmap automatically adjusts parallelism based on network conditions using its adaptive timing engine. However, in some cases, manual adjustments are necessary to optimize scanning performance.

The Role of --min-parallelism and --max-parallelism

  • --min-parallelism <value>: This option sets the minimum number of parallel probes that Nmap will use. It overrides the default adaptive timing mechanism and forces Nmap to use at least the specified number of probes.
  • --max-parallelism <value>: This option sets the maximum number of parallel probes that Nmap will use. It prevents Nmap from exceeding the specified limit, even if network conditions allow it.

By adjusting these parameters, users can fine-tune Nmap’s behavior for optimal speed and accuracy.

When to Adjust Parallelism

Adjusting parallelism is useful in the following scenarios:

1. Optimizing Scan Speed for Large Networks

When scanning large networks with thousands of hosts, increasing --min-parallelism can speed up the scan by forcing Nmap to send more probes concurrently.

Example:

nmap -p 80,443 --min-parallelism 50 192.168.1.0/24

This forces Nmap to use at least 50 concurrent probes, making the scan faster.

2. Avoiding Network Congestion

If a network is sensitive to high traffic, excessive parallelism may cause packet loss and slow down the scan. Setting --max-parallelism limits the number of concurrent probes, reducing network impact.

Example:

nmap -p 22,80,443 --max-parallelism 10 192.168.1.0/24

This ensures that no more than 10 probes are sent simultaneously, preventing network congestion.

3. Scanning Over High-Latency Networks

In high-latency environments (e.g., scanning over VPNs or the internet), Nmap’s adaptive timing might reduce parallelism to account for slow responses. Increasing --min-parallelism can help maintain scan speed.

Example:

nmap -p 80,443 --min-parallelism 30 target.com

This ensures Nmap keeps at least 30 probes running despite network delays.

4. Reducing Detection by IDS/IPS

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) often detect and block aggressive scans. Reducing --max-parallelism can make scans less conspicuous.

Example:

nmap -p 22,80,443 --max-parallelism 5 192.168.1.100

This slows down the scan, reducing the likelihood of detection.

Practical Examples

1. Aggressive Scanning with High Parallelism

nmap -T4 --min-parallelism 100 --max-parallelism 300 -p 1-1000 192.168.1.0/24

This forces Nmap to run at least 100 concurrent probes but limits it to 300.

2. Stealthy Scanning with Low Parallelism

nmap -T2 --max-parallelism 5 -p 22,80,443 192.168.1.100

This slows down the scan to avoid triggering security alerts.

3. Balancing Speed and Network Load

nmap --min-parallelism 30 --max-parallelism 60 -p 80,443 10.0.0.0/16

This provides controlled parallelism to balance speed and network stability.

Best Practices

  1. Start with Defaults: Before adjusting parallelism, let Nmap’s adaptive timing handle it. Only modify when necessary.
  2. Use -T Timing Templates: Timing templates (-T0 to -T5) also affect scan speed and can complement parallelism settings.
  3. Monitor System Resources: High parallelism can overload CPUs and network interfaces; use tools like top and iftop to monitor usage.
  4. Adjust Based on Target Network: Fast LANs can handle high parallelism, but slow or congested networks require lower values.
  5. Avoid Overloading Firewalls: Many firewalls detect aggressive scanning; lower parallelism for stealthy scans.
  6. Test and Tune: Run small-scale tests before scanning large networks to find optimal values.

Conclusion

Adjusting Nmap’s parallelism with --min-parallelism and --max-parallelism provides greater control over scan performance. Whether optimizing for speed, avoiding network congestion, or reducing IDS/IPS detection, fine-tuning these parameters can enhance scanning efficiency.

By understanding how these options work and applying best practices, users can tailor Nmap scans to their specific needs, ensuring effective network discovery and security assessments.


< Understanding Timing Templates with NmapLimiting Packet Transmission Rates >