Skip to main content

Overview

Rate limit options control how fast scan4all sends packets and how many concurrent workers process scan results. Proper rate limiting prevents network congestion, avoids triggering security systems, and optimizes scan performance.

Rate Limit Configuration

-c
integer
default:"25"
Number of general nclruner worker threads.Controls the concurrency level for processing scan results and performing subsequent analysis (service detection, HTTP checks, vulnerability scanning).Range: 1-10000 (practical range: 10-100)Examples:
# Conservative (slower, more stable)
scan4all -host example.com -c 10

# Default (balanced)
scan4all -host example.com -c 25

# Aggressive (faster, more resource intensive)
scan4all -host example.com -c 50
High values (>100) may cause:
  • System resource exhaustion
  • Network congestion
  • Incomplete scan results
  • Triggering of IDS/IPS systems
-rate
integer
default:"1000"
Number of packets to send per second.Controls the speed of the port scanning phase. This is the primary rate limiting mechanism for network traffic.Default values by scan type:
  • SYN scan: 1000 packets/second
  • CONNECT scan: 2000 packets/second (set internally)
Examples:
# Very slow (stealthy)
scan4all -host example.com -rate 100

# Default (balanced)
scan4all -host example.com -rate 1000

# Fast (local network or high-bandwidth)
scan4all -host example.com -rate 5000

# Very fast (use with caution)
scan4all -host example.com -rate 10000
Lower rates (100-300) are better for:
  • Stealthy scanning
  • Unstable networks
  • Avoiding detection
  • Scanning production systems

Choosing the Right Rate

Network Type Recommendations

EnvironmentRecommended RateWorker Threads
Internet (Default)500-100020-25
Local Network (LAN)2000-500030-50
Localhost5000-1000050-100
Unstable/Slow Network100-50010-20
Stealth Mode50-2005-10

Scan Scope Considerations

Small Target Set (1-10 hosts)

# Can use higher rates
scan4all -l small_targets.txt -rate 2000 -c 50

Medium Target Set (10-100 hosts)

# Balanced approach
scan4all -l medium_targets.txt -rate 1000 -c 25

Large Target Set (100+ hosts)

# Conservative to ensure completion
scan4all -l large_targets.txt -rate 500 -c 20

Performance Tuning

Maximum Speed (Local Testing)

scan4all -host 127.0.0.1 -rate 10000 -c 100 -tp 1000

Stealth Mode (Avoid Detection)

scan4all -host target.com -rate 100 -c 5 -timeout 3000

Production Safe (Minimal Impact)

scan4all -host production.com -rate 300 -c 15 -retries 2

High-Speed LAN Scan

scan4all -host 192.168.1.0/24 -rate 5000 -c 50 -tp full

Impact of Rate Limits

Too High

  • Packet loss
  • Incomplete results
  • Network congestion
  • IDS/IPS triggers
  • Firewall blocks
  • Inaccurate port states

Too Low

  • Very slow scans
  • Extended completion times
  • Resource underutilization
  • Timeout on large scans

Just Right

  • Reliable results
  • Acceptable completion time
  • Minimal network impact
  • No packet loss
  • Below detection thresholds

Rate Limiting Best Practices

  1. Start Conservative: Begin with lower rates and increase if needed
  2. Monitor Performance: Use -stats to watch scan progress
  3. Test First: Run small test scans to find optimal rates
  4. Consider Target: Adjust based on target infrastructure
  5. Match Network: Higher rates for LANs, lower for Internet
  6. Use Verification: Enable -verify with high rates to confirm results
  7. Respect Resources: Don’t overwhelm target systems

Calculating Scan Time

Estimated time = (Number of hosts × Ports per host) / Rate Example:
  • Targets: 10 hosts
  • Ports: 1000
  • Rate: 1000 packets/second
  • Time: (10 × 1000) / 1000 = 10 seconds (port scan phase only)
Total scan time includes port scanning, service detection, HTTP analysis, and vulnerability checks. Port scanning is typically 30-50% of total time.

Common Scenarios

Fast Reconnaissance

scan4all -host example.com -tp 100 -rate 2000 -c 30

Thorough Security Audit

scan4all -l targets.txt -p 1-65535 -rate 500 -c 20 -verify -retries 3

Continuous Monitoring

scan4all -l assets.txt -tp 1000 -rate 800 -c 25 -stream

Bug Bounty Scanning

scan4all -host target.com -tp 1000 -rate 300 -c 15 -verify

Troubleshooting

Scan Too Slow

  • Increase -rate value
  • Increase -c worker threads
  • Reduce number of ports with -tp
  • Check network latency

Incomplete Results

  • Decrease -rate value
  • Decrease -c worker threads
  • Increase -timeout
  • Enable -verify flag
  • Increase -retries

System Overload

  • Decrease -c worker threads
  • Decrease -rate value
  • Scan fewer hosts simultaneously
  • Increase -warm-up-time

Build docs developers (and LLMs) love

Get started for freeTalk to us