Rate Limiting and Sampling - zmap/zmap GitHub Wiki
By default, ZMap will scan at the fastest rate that your network adaptor supports. In our experiences on commodity hardware, this is generally around 95-98% of the theoretical speed of gigabit Ethernet, which may be faster than your upstream provider can handle. ZMap will not automatically adjust its send-rate based on your upstream provider. You may need to manually adjust your send-rate to reduce packet drops and incorrect results.
-r, --rate=ppsSet maximum send rate in packets/sec-B, --bandwidth=bpsSet send rate in bits/sec (supports suffixes G, M, and K). This overrides the --rate flag.
ZMap also allows random sampling of the IPv4 address space by specifying max-targets and/or max-runtime. Because hosts are scanned in a random permutation generated per scan instantiation, limiting a scan to n hosts will perform a random sampling of n hosts. Command-line options:
-n, --max-targets=nCap number of targets to probe-N, --max-results=nCap number of results (exit after receiving this many positive results)-t, --max-runtime=sCap length of time for sending packets (in seconds)-s, --seed=nSeed used to select address permutation. Specify the same seed in order to scan addresses in the same order for different ZMap runs.
For example, if you wanted to scan the same one million hosts on the Internet for multiple scans, you could set a predetermined seed and cap the number of scanned hosts similar to the following:
zmap -p 443 -s 3 -n 1000000 -o results
In order to determine which one million hosts were going to be scanned, you could run the scan in dry-run mode which will print out the packets that would be sent instead of performing the actual scan.
zmap -p 443 -s 3 -n 1000000 --dryrun | grep daddr
| awk -F'daddr: ' '{print $2}' | sed 's/ |.*//;'
ZMap allow for sharding a scan across multiple machines using the --shards and --shard flags. Using these flags requires the use of the --seed flag. For example, to split a scan across three machines, have each machine run one of the following commands:
zmap -p 443 --shards 3 --shard 0 --seed 1234
zmap -p 443 --shards 3 --shard 1 --seed 1234
zmap -p 443 --shards 3 --shard 2 --seed 1234
The seed, shard count, and ZMap version must be the same across each machine.