Nmap Development mailing list archives
Re: RTT Timeouts [SO_DONTROUTE again]
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 16 Jan 2010 00:03:45 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/15/2010 02:20 PM, Jon Kibler wrote:
Hi, I have been playing with speeding up the scanning of a system that is one hop away from my probe box. When I ping the system, the RTT for the first ping is about 1.5ms (mostly ARP), and thereafter it is more like 0.25ms to 0.33ms.
The fact that you're doing a big version scan most likely makes everything I'm about to say irrelevant; however, this is something you may find somewhat interesting under other circumstances: The thing that came to my mind when reading your email was a patch[1] I made right about a year ago (it still applies just fine against SVN). It uses the SO_DONTROUTE socket option on Nmap's raw sending socket to bypass the kernel's routing table for outgoing packets destined for directly-connected hosts. An improvement was noticed by both Fyodor and I, but not enough for warrant committing to trunk[2]. However you may find the change worth applying the patch when just port scanning (I'm actually quite curious about this on a really fast network). Since the srtt measures from when the packet is "sent" (started before kernel routing) until a response is received, and the rttvar and timeout variables are affected by the srtt, Nmap's timing takes advantage of any slight improvement here. I don't know if you'll notice any difference at all, but with scanning all TCP and UDP ports, I would hope that something noticable would come of it.
THANKS! Jon K
Cheers, Kris Katterjohn [1] http://seclists.org/nmap-dev/2008/q4/808 [2] http://seclists.org/nmap-dev/2009/q1/24 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJLUVbBAAoJEEQxgFs5kUfurIMQAJXfg0HAVK4ItJq3KLv1bOaV y48gU9/GbZsFSsTAmVuziPvlqYJo7BmiFeLfjv2gQa5BjsnOuYUw1Q4igqF9FbZo yfWM17eNtxaNI3LnTeVKzEcUmmY+2IvEQyTR/Sgc15thVQVDv7HELqqUj49mEbbJ 2fAshGup6mvh2BsFVQA2HQwbWpcZYNJ8Pf9qqIxXBPhlVbdxKzc2y54NCaTldgiV UfBkB7QtNGJHQjSOW07KcqZ5r4v9Q+odEgDfaUX0EcztPxeuV97il2PtZTBCZYpR 8mdGw8ZpIRv7FrTa0iyIFT/Y8SM4XUmsQZADstLGHKLRh3/MoV6pX/tsLz65kTU5 CbvrGTD4LWAgHGM6EfG620InKyOXaONbl6vQujljMWewA6Fm7ID2AYjQZNIMbEW4 dhmta/BlpZN/Pi3WgM85Z0wZNKapgJpRHBn8NbThZnG1WZO2M29GRiXOAz+ERwr1 F5SyHMbC7wGVlf9SUDicWE80dxJvC+R6P/MtrcL3aWtbyi5bxmE0KmmTQqCRggXb x8N4qdRQJBFIUHArhzF5Q1xAISOkNJP8bWbxbsGJ9Jxz8wLhmJja49g9EYoAZFeD JlR4W9Q+PmA+JyPUGPKl2IEf/12Ay83+3RIuGvcCrH/6CoNcga914Wq2uTyU07Pi gHair/8IRDfzrkCXcjv+ =D/HR -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RTT Timeouts Jon Kibler (Jan 15)
- Re: RTT Timeouts [SO_DONTROUTE again] Kris Katterjohn (Jan 15)
- Re: RTT Timeouts Fyodor (Jan 17)