Breaking News

5 Nmap Timing Templates – You should know

Hello and welcome!

I am glad to see you on my blog, May I know what type of articles do you like? Please comment into comment box blow. I want to make this website more useful for you.

You are reading an article part of nmap network scanning series 

  1. introduction to scanning phase of penetration-testing
  2. Examples of Network Scanning for Live Host by Kali Linux
  3. important nmap commands in Kali Linux with Example
  4. Techniques of Nmap port scanner – Scanning
  5. <You are HERE>
  6. commands to save Nmap output to file
  7. Nmap Scripts in Kali Linux

Nmap Timing Templates:

Nmap timing has built with this ability to scan the target set faster or slower scanning speed than the normal or default speed. There are number of different settings can be selected based of timing templates.

#nmap –sU –T# -p1-100 {Target_IP_Address}


#nmap –sU –timing paranoid –p1-100 {Target_IP_Address}

-T0 Paranoid

 This Type of scan is used for slow network scan than the normal speed in this situations, detection risks must be minimized. This is serial scan that will pause of 5 minutes; however, the max_delay setting of second is ignored, and scan_delay is set a higher value than the normal value.

Image description

–T1 sneaky

The –T1 or –timing sneaky scan is a little bit faster than the paranoid (-T0) scan, it happened by the reducing the scan time needed. This scan uses serial process to find the open port of target

-T1 Sneaky scan with namp


-T2 Polite

The T2 or -timing polite scan is a build in velocity again over the T0 what’s more T1 scan and is the last scanning template to utilize the serial scanning method. The scan_delay for this scan is situated to 400 milliseconds, making this the first template to make utilization of the max_scan delay, a value that is still set to the default estimation of 1 second. With this format chose Nmap will start checking targets utilizing the scan_delay of 400 milliseconds yet has the capability to dynamically alter the postponement up to a most extreme of 1 second. By analyzing the time needed to finish the respectful sweep of the same 100 ports, general examining time has been decreased to only 544 seconds or only 9 minutes.

-T2 Polite scan with namp

T3 Normal

The T3 or -timing normal scan is the default check for Nmap, implying that on the off chance that no timing layout or manual timing choices are set, the settings in this template will be utilized for the scan. This template is the first to utilize the parallel handling method, sending different probes out all the while, expanding the general speed. This output has a scan_delay of 0 seconds that can develop to a max_scan_delay that can develop to 1 second, significance the output will happen as fast as would be prudent yet following 1 second the current port scan will be complete and the following port will be filtered. The normal scan will finish the scan of chose ports on the target machine in 547 seconds, really slower than the amiable output for this situation, however this is not ordinarily the case.

T3 Normal scan with namp


T4 Aggressive

The T4 or -timing aggressive layout additionally runs its filtering in parallel expanding speed. The scan_delay for this template is situated to 0 seconds and can develop to a max_scan_delay of 10 milliseconds. Scan with a max_scan_delay of short of what 1 second are inclined to slips as some target Operating System have settings that oblige a base postpone between test reactions of 1 second. This scan finished the port scan of the metasploit virtual machine in only 477 seconds or simply under 8 minutes.

-T4 Aggressive scan with namp

-T5 Insane

The T5 or -timing insane timing format is the quickest of the inherent timing template. This template utilizes the parallel scanning strategy with a scan_delay of 0 seconds and a max_scan_delay of 5 milliseconds. As expressed with the aggressive scan, this scan can result in mistakes focused around target machine Operating System and settings. This scan, the quickest, finished in simply under 22 seconds; be that as it may, the results are a considerable amount not quite the same as the majority of the scan to this point

-T5 Insane scan with namp

Thanks for reading this articles, would you like to share what is missing in this article? please share in comment box. and also share your feedback. You can connect on social media


About Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

Check Also

4 commands to save Nmap output to file

4 commands to save Nmap output to file

Hi and welcome again! I am happy to see you here on my blog, I …

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Watch Dragon ball super