nmap warning: giving up on port because retransmission cap hit (2)

Question

I am trying to scan a large set of domain names using nmap. I used the following command:

Nmap -PN -p443 -sS -T5 -oX out.xml -iL in.csv

I get the following warning:

Warning: xx.xx.xx.xx giving up on port because retransmission cap hit (2).

Why does this happen? How to resolve the issue ?

Answer 1

The option -T5 instructs nmap to use "insane" timing settings. Here's the relevant part of the current source code that illustrates what settings this implies:

  } else if (*optarg == '5' || (strcasecmp(optarg, "Insane") == 0)) {
    o.timing_level = 5;
    o.setMinRttTimeout(50);
    o.setMaxRttTimeout(300);
    o.setInitialRttTimeout(250);
    o.host_timeout = 900000;
    o.setMaxTCPScanDelay(5);
    o.setMaxSCTPScanDelay(5);
    o.setMaxRetransmissions(2);
  }

As you can see, the maximum number of retransmissions is 2. The warning you saw gets printed when there is a non-default cap on the number of retransmissions (set with -T5, -T4, or manually with --max-retries), and that cap is hit.

To avoid this problem, try scaling back your timing settings. -T4 is still very fast, and should work for nearby networks. -T3 is the default. If you are certain that your latency and bandwidth are not a problem, but that you may be dropping packets due to faulty hardware, you can manually set --max-retries to a higher value, and keep the rest of the -T5 settings.