Nmap Development mailing list archives
Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES]
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 2 Dec 2008 23:36:22 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 2 Dec 2008 16:28:37 -0700 David Fifield <david () bamsoftware com> wrote: ...snip...
What's happening is that the one totally filtered host has never sent a reply, so we have no idea what its RTT is. Nmap uses the default of one second, which is pretty slow. But the scan buddy provides a global RTT estimate, which Nmap will use when a host doesn't have its own estimate (HostScanStats::probeTimeout in scan_engine.cc). The approximation is justified in this case as the two hosts are likely to have near-identical RTTs. So the unanswered probes time out much more quickly and the scan goes fast. If you scan the filtered host with --initial-rtt-timeout 50 does the scan go as fast as with the buddy?
Well, much faster but not as fast as with the buddy. No buddy, no - --initial-rtt-timeout: $ sudo ./nmap --datadir ./ -p- -T5 -v -d -PN -n 132.239.7.132 Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-02 23:34 GMT - --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 250, min 50, max 300 max-scan-delay: TCP 5, UDP 1000 parallelism: min 0, max 0 max-retries: 2, host-timeout: 900000 min-rate: 0, max-rate: 0 - --------------------------------------------- Initiating SYN Stealth Scan at 23:34 Scanning 132.239.7.132 [65535 ports] Packet capture filter (device eth0): dst host 132.239.1.114 and (icmp or ((tcp or udp) and (src host 132.239.7.132))) Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.00% done Current sending rates: 3.18 packets / s, 116.64 bytes / s. Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.01% done Current sending rates: 5.30 packets / s, 209.78 bytes / s. Stats: 0:00:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.02% done Current sending rates: 6.11 packets / s, 249.65 bytes / s. Stats: 0:00:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.02% done Current sending rates: 6.54 packets / s, 271.79 bytes / s. Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.03% done Current sending rates: 6.81 packets / s, 284.56 bytes / s. ...killed... Now with the --initial-rtt-timeout: $ sudo ./nmap --datadir ./ -p- -T5 -v -d -PN -n --initial-rtt-timeout 50 132.239.7.132 Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-02 23:35 GMT - --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 50, min 50, max 300 max-scan-delay: TCP 5, UDP 1000 parallelism: min 0, max 0 max-retries: 2, host-timeout: 900000 min-rate: 0, max-rate: 0 - --------------------------------------------- Initiating SYN Stealth Scan at 23:35 Scanning 132.239.7.132 [65535 ports] Packet capture filter (device eth0): dst host 132.239.1.114 and (icmp or ((tcp or udp) and (src host 132.239.7.132))) Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.02% done Current sending rates: 17.96 packets / s, 768.54 bytes / s. Stats: 0:00:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.06% done Current sending rates: 26.26 packets / s, 1135.67 bytes / s. Stats: 0:00:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.09% done Current sending rates: 29.42 packets / s, 1278.75 bytes / s. Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.12% done Current sending rates: 31.14 packets / s, 1356.08 bytes / s. Stats: 0:00:06 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.15% done Current sending rates: 32.69 packets / s, 1424.19 bytes / s. Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 0.18% done Current sending rates: 33.81 packets / s, 1472.89 bytes / s. Of course, the buddy was *much* faster than this. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkk1xnwACgkQqaGPzAsl94KLFQCgnNWRdldA0mf7n3kGTPOBCVg1 xJQAnji0sTdbj4fVmJ/y8dhNGcnUUkVe =g3QF -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Desired improvements in Nmap performance? David Fifield (Nov 30)
- Re: Desired improvements in Nmap performance? sara fink (Dec 01)
- Re: Desired improvements in Nmap performance? DePriest, Jason R. (Dec 01)
- Re: Desired improvements in Nmap performance? Brandon Enright (Dec 02)
- Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
- Re: Desired improvements in Nmap performance? [SCAN BUDDIES] David Fifield (Dec 02)
- Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
- Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES] David Fifield (Dec 02)
- Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
- Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
- Re: Desired improvements in Nmap performance? [FASTER IS SLOWER] David Fifield (Dec 02)
- <Possible follow-ups>
- Re: Desired improvements in Nmap performance? Rob Nicholls (Dec 01)
- Re: Desired improvements in Nmap performance? sara fink (Dec 01)