Nmap Development mailing list archives
Re: Fwd: SOC idea
From: Jason Gerfen <jason.gerfen () gmail com>
Date: Wed, 29 Jan 2014 08:10:12 -0700
I am not sure how to really promote these performance increases to the nmap community, I don't want it to come across as spamming the board but the latest version I have released, v0.1.1, when scanning a class B network with 32766 hosts has shown an significant decrease in scan times. Project details can be found at https://github.com/jas-/node-libnmap, output of tests are below: One scan iteration results nmap: real 10m32.856s user 0m11.709s sys 0m33.364s node-libnmap: real 0m32.034s user 1m3.209s sys 0m33.950s Feedback is appreciated. On Sun, Jan 26, 2014 at 8:20 AM, Jason Gerfen <jason.gerfen () gmail com> wrote:
For those that are interested in this project my latest benchmarks are showing a substantial increase in performance for scans using the -T4 option. The scan test case: nmap -T4 -oG - localhost 10.0.2.0/24 192.168.2.0/25 (all virtual private nets as I do not have access to a large class A, B or C to test against) nmap: real 3m34.218s user 0m0.911s sys 0m3.315s node-libnmap: real 2m32.158s user 0m13.066s sys 0m8.890s A minute shaved off the scan, I would be interested to see a large class A or B scan result if anyone can provide a safe block for me to test against. Thanks! On Sat, Jan 11, 2014 at 5:02 AM, Jason Gerfen <jason.gerfen () gmail com> wrote:On Fri, Jan 10, 2014 at 8:22 AM, Daniel Miller <bonsaiviking () gmail com> wrote:On 01/10/2014 06:48 AM, Jason Gerfen wrote:1. Your Github readme suggests that you might be using Nmap 5.51. If this isthe case, do upgrade to the latest version before benchmarking your code, otherwise you might be wasting time.I am currently using and testing against 5.51, so green there.The current version is 6.40, just to clarify. I am not really aware of any significant changes in host discovery between these versions. Here are the relevant entries in the changelog: o Added a new --disable-arp-ping option. This option prevents Nmap from implicitly using ARP or ND host discovery for discovering directly connected Ethernet targets. This is useful in networks using proxy ARP, which make all addresses appear to be up using ARP scan. The previously recommended workaround for this situation, --send-ip, didn't work on Windows because that lame excuse for an operating system is still missing raw socket support. [David Fifield (editorializing added by Fyodor)] o Made source port numbers (used to encode probe metadata) increment so as not to overlap between different scanning phases. Previously it was possible for an RST response to an ACK probe from host discovery to be misinterpreted as a reply to a SYN probe from port scanning. [Sean Rivera, David Fifield] o Targets requiring different source addresses now go into different hostgroups, not only for host discovery but also for port scanning. Before, only responses to one of the source addresses would be processed, and the others would be ignored. [David] o Nmap has long supported IPv6 for basic (connect) port scans, basic host discovery, version detection, Nmap Scripting Engine. This release dramatically expands and improves IPv6 support: + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan, etc.) are now supported. [David, Weilin] + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP discovery packets, etc.) is now supported. [David, Weilin] + IPv6 traceroute is now supported [David] + The --exclude and --excludefile now support IPV6 addresses with netmasks. [Colin]2. Consider using -oX instead of -oG. This way you will get an ouput format less likely to be changed in the future. As far as I know, -oG is meant for being read by a human, not parsed by a machine.Am I wrong to assume -oG will allow the following? $ nmap -sn -oG - 10.0.2.0/24 | awk 'up { print }' Really due to the nature of the language, in this case node.js which relies heavily upon Objects, and more specifically JSON formatted objects a simple regex combined with a capture group of the results is going to be faster than traversing XML elements.-oG is "deprecated," which for our purposes means that the format is fixed and will not change. New features (NSE scripts, traceroute, etc) will not get their output added to -oG files. For host discovery, this is probably sufficient for your purposes. Just realize that XML is more complete, if you plan on extending your interface to support more thorough scanning.Does that mean that it will be going away anytime soon? If so I would move to parsing with XML or even leaving the XML response parsing to anyone implementing the project but ideally a smaller footprint is going to be ideal for this project.Looks cool!Thanks, I am working on the detail scanning portion now in branch v0.0.3-scan.Dan-- Jas
-- Jason Gerfen http://www.github.com/jas- _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- SOC idea Jason Gerfen (Jan 09)
- Re: SOC idea Jacek Wielemborek (Jan 09)
- Message not available
- Fwd: SOC idea Jason Gerfen (Jan 10)
- Re: Fwd: SOC idea Daniel Miller (Jan 10)
- Re: Fwd: SOC idea Jason Gerfen (Jan 11)
- Re: Fwd: SOC idea Jason Gerfen (Jan 26)
- Re: Fwd: SOC idea Jason Gerfen (Jan 29)
- Message not available
- Re: SOC idea Jacek Wielemborek (Jan 09)