I talked about finding ftp servers on a LAN using nmap in a previous post. Well, looks like I got a better alternative to nmap. And what is it? Well its no great software.. its just a small 50 lines program that attempts to connect on port 21 to PCs on LAN. If you can connect, then this PC has an FTP server hosted on it... add it to the list. I takes about 1.5 minutes on my network to scan 8960 IPs.
I was surprised how such a small and simple program could outperform a giant GNU tool like nmap. Or may be I could not fine-tune nmap to my needs. Anyway, this is the exact fine-tuned nmap command I was using that takes about 3.7 minutes to scan a list of 8960 IPs:-
$ nmap -n -P0 -p 21 --max_rtt_timeout 100 --max_retries 0 -oG ftpLog.gnmap -iL IPs.txt
I also tried using min_parallelism option and min_hostgroup option but they didn't provide any speedup. May be some nmap expert could comment on it. One more thing to be said is that if remove -P0 option or in other words enable pinging .. it takes only 1.5 mins! A great improvement.. but it misses out some FTP servers(those whose firewall disable ping scanning). So I had no resort but to use my own program.
This is the program in case someone is interested:-
/*
* NetworkScanner.c
*
* A fast network scanner that scans for a specified open port.
*
* It is an enhanced version of propecia.c created by Troy Robinson
* Created : 02/05/2007
* Author : Sandeep Kumar aka Turbo : http://students.iiit.ac.in/~sandeep_kr
*
* Usage: ./a.out