Last updated at Mon, 02 Oct 2017 20:05:51 GMT

The SNMP protocol is very common, has many implementations and is deployed in diverse networks. In some cases it responds very promptly, in others it is relatively slow to respond. We found that in some environments a 1 second request timeout was insufficient, so in Nexpose 6.1.1 we have changed the default to 3 seconds in order to improve the service and related vulnerability detection.

This, however, can have a major impact on scan times on port 161 and may not be desirable on networks with low latency as all relevant vulnerability checks wait 3 times longer to timeout (currently 77 checks). This is why we made the SNMP request timeout configurable via JVM property.

The value of SNMP request timeout can be changed for the console by running a console command. From Administration tab select 'Run' link under 'Maintenance, Storage and Troubleshooting section'. Type:

set custom property com.rapid7.net.snmp.requestTimeout=10000

(this will set the timeout to 10 seconds, as the value is represented in milliseconds) and hit the 'Execute' button. The new value is applied immediately and will be used in running scans.

Alternatively the timeout can be changed by creating a file called CustomEnvironment.properties (if it doesn't exist already) in:

  • [INSTALLATION_PATH]/nsc for Nexpose console or
  • [INSTALLATION_PATH]/nse for Nexpose engine,

and adding the following line to this file:

com.rapid7.net.snmp.requestTimeout=10000

(again, this will set the timeout value to 10 seconds). The console or engine must be restarted after making the changes to take effect.