Python communicate() with NMap

Question

My Code:

#!/usr/bin/python

## test communicate()

# Import the module
import subprocess

# Ask the user for input
host = raw_input("Enter a host to map: ")   

# Set up the echo command and direct the output to a pipe
p1 = subprocess.Popen(['nmap', '-T0', '-F', host], stdout=subprocess.PIPE)

# Run the command
output = p1.communicate()[0]

print output

When I enter the host it doesn't give me any output and I can see multiple instances of nmap running with different PIDs in processes so it actually executes command.

When I Z^ it says: [n+1]+ Stopped ./sample.py So nmap is actually running n+1 times without printing any output.

It works perfectly well with ping and traceroute like this:

# Set up the echo command and direct the output to a pipe
p1 = subprocess.Popen(['ping', '-c 2', host], stdout=subprocess.PIPE)
p1 = subprocess.Popen(['traceroute', host], stdout=subprocess.PIPE)

It also works without nmap [options] like nmap google.com

p1 = subprocess.Popen(['nmap', host], stdout=subprocess.PIPE)

My Question:

Is it related to Python or NMap? Is there anything wrong with this code or am I missing something?

Answer 1

From the documentation:

The main effects of T0 are serializing the scan so only one port is scanned at a time, and waiting five minutes between sending each probe.

The -F argument means "scan only 100 ports," but at five minutes between probes, that's a minimum of 8 hours and 20 minutes, just for the port scan phase. That's assuming that none of those probes gets dropped and retransmitted, and that the target responds to all of them.

In the vast majority of cases, -T3 (the default) is just fine. With a fast connection and not a ton of targets, -T4 is even reliable. Unless your target is actively detecting and blocking scans, -T2 is the slowest you'll ever need to go.