Nmap Development mailing list archives
Effectiveness of SCTP INIT ping
From: David Fifield <david () bamsoftware com>
Date: Sun, 24 May 2009 20:57:55 -0600
On Fri, May 22, 2009 at 02:05:27PM +0200, Daniel Roethlisberger wrote:
It's time to expose the SCTP features to some more testing. If all goes well, we might even get it into trunk in time for the upcoming stable release.
I've recently been testing the effectiveness of the various ping probes in an attempt to make Nmap's default host discovery better. Here are the results so far. http://www.bamsoftware.com/wiki/Nmap/EffectivenessOfPingProbes I tested the new -PY probe using the scripts that I have been using. The results are at the end of this message. -PY is a decent ping probe, reaching 21% of hosts that respond to any kind of ping. For comparison, -PE is far and away the best single probe with 57%, and -PS443 is next best with 39%. -PY is better than a lot of probes including -PS445 (20%), -PU123 (19%), and -PM (3%). I haven't run an analysis to measure its effectiveness when combined with other probes, but I'm curious because it's so different. David Fifield (Ignore the -PA results; they are an anomaly because this particular connection does ACK filtering.) Maximum possible using all 80 probes: 2454. -PE 1388 56.56% -PO1 1379 56.19% -PS443 964 39.28% -PS80 938 38.22% -PS110 890 36.27% -PS21 880 35.86% -PS22 859 35.00% -PS25 840 34.23% -PS3389 814 33.17% -PS40126 773 31.50% -PS23 773 31.50% -PS40125 769 31.34% -PP 760 30.97% -PU40125-sp53-dl24 687 28.00% -PU40126-sp53-dl24 679 27.67% -PU31338-sp53-dl24 666 27.14% -PU123-payload-sp53 655 26.69% -PU631-sp53-dl24 644 26.24% -PU40125-sp53 634 25.84% -PU40126-sp53 630 25.67% -PU31338-sp53 619 25.22% -PU123-payload 617 25.14% -PU53-payload-sp53 616 25.10% -PU40125-dl24 605 24.65% -PU40126-dl24 602 24.53% -PU53-payload 601 24.49% -PU631-dl24 595 24.25% -PU631-sp53 594 24.21% -PU1434-payload-sp53 581 23.68% -PU40125 575 23.43% -PU31338-dl24 573 23.35% -PU40126 568 23.15% -PU31338 548 22.33% -PO17 547 22.29% -PU500-payload-sp53 545 22.21% -PU631 545 22.21% -PU500-payload 521 21.23% -PU1434-payload 519 21.15% -PY 506 20.62% -PU123-sp53-dl24 489 19.93% -PS445 486 19.80% -PU161-payload-sp53 483 19.68% -PS139 476 19.40% -PU123-dl24 468 19.07% -PU123-sp53 444 18.09% -PU161-payload 433 17.64% -PU123 417 16.99% -PU161-sp53 409 16.67% -PU135-payload-sp53 407 16.59% -PU138-sp53-dl24 406 16.54% -PU137-payload-sp53 404 16.46% -PU161-sp53-dl24 401 16.34% -PU137-sp53-dl24 398 16.22% -PU138-dl24 386 15.73% -PU135-payload 385 15.69% -PU137-payload 368 15.00% -PU137-dl24 357 14.55% -PU138-sp53 354 14.43% -PU161-dl24 353 14.38% -PU161 348 14.18% -PU137-sp53 344 14.02% -PU138 325 13.24% -PU137 317 12.92% -PO2 205 8.35% -PM 79 3.22% -PA3389 0 0.00% -PO150 0 0.00% -PA443 0 0.00% -PA110 0 0.00% -PA445 0 0.00% -PA139 0 0.00% -PA25 0 0.00% -PA23 0 0.00% -PA22 0 0.00% -PA21 0 0.00% -PA80 0 0.00% -PO6 0 0.00% -PO4 0 0.00% -PA40126 0 0.00% -PA40125 0 0.00% Here is the frequency of reasons reported for the 506 -PY responses: 384 proto-unreach 68 abort 40 admin-prohibited 8 port-unreach 4 host-unreach 2 host-prohibited _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Getting SCTP support ready for merging Daniel Roethlisberger (May 22)
- Re: Getting SCTP support ready for merging Gisle Vanem (May 22)
- Re: Getting SCTP support ready for merging Daniel Roethlisberger (May 22)
- Re: Getting SCTP support ready for merging Gisle Vanem (May 22)
- Re: Getting SCTP support ready for merging Daniel Roethlisberger (May 22)
- Effectiveness of SCTP INIT ping David Fifield (May 24)
- Re: Getting SCTP support ready for merging David Fifield (May 25)
- Re: Getting SCTP support ready for merging Daniel Roethlisberger (May 25)
- Re: Getting SCTP support ready for merging Fyodor (Jun 02)
- Re: Getting SCTP support ready for merging Daniel Roethlisberger (Jun 03)
- Re: Getting SCTP support ready for merging Daniel Roethlisberger (May 25)
- Re: Getting SCTP support ready for merging Gisle Vanem (May 22)