Nmap port discovery time increase when scanning ip-range

Hello community, first time writing here so let me know if i am missing something.

Running openvas9 + nmap 6.47, when doing network scan against full ip-range (nmap options used: nmap -n -Pn -sS -sU -p -defeat-rst-ratelimit -T3 ), i have noticed that nmap time increase starting from ~ 30 seconds to get a response to 100 sec then 300 sec …600…1200 …1800 and in the end get back to 40 seconds. CPU load during this time was ~97%. I also have checked the syslog for errors like “could not open socket” but none was found.

Question: What could be the reason that nmap port scanning time was increasing? Is it only related to CPU or there are other reasons ?

Thanks for your help.

From the text shown while creating a new topic in the “Vulnerability Tests” category:

Use this category for all topics (General discussion of results, reporting of false positive / negative results, VT development) around vulnerability tests (the so called “NASL scripts”).

Please chose a different/better fitting category for all topics related to GVM (Installation, Usage, Configuration, Scanning).

Not sure if there is any really good fitting category because this is more a question about the functionality of nmap rather then anything GVM related so the “Security Processes” category might the closest fit.

If nmap and openvas both are handling resource errors gracefully, I wouldn’t expect errors in the logs.
You could try tools like iostat, netstat etc. to see if there might be a lack of sockets or other resources, comparing runs of openvas with/without runs of nmap.

Hmm… i will try , txs

You were right, the reason is both CPU and lack of sockets, once i added more CPU and extended the bandwidth, nmap port discovery was taking the average ~35 seconds for every ip in the range