Home page logo

nmap-dev logo Nmap Development mailing list archives

Where's the bottleneck?
From: Roger Hoyle <r.hoyle () eris qinetiq com>
Date: Thu, 04 Apr 2002 12:46:06 +0100


I've done a pile of testing on nmap recently, to try and develop ways of 
scanning multiple addresses more quickly.

Our initial thoughts were to put three ethernet interfaces on one 
machine and start multiple scans spread over the three interfaces.

After some initial testing, I was surprised to find that running 9 
threads per interface on three interfaces, gave an average machine scan 
time within 1% of running 27 (!) threads on one interface.

i.e. It seems that the interface really isn't the blocker.

I did some follow-up testing on various spec'ed machines, all running a 
2.4 kernel and nmap 2.54 beta22. I got the following results:

CPU   Mem     Average Time for 18 scans (seconds)

1700  256     87
850   128     146
666   256     173
200   64      526
166   80      524

I'm using the following nmap command:

nmap -sT -O -p 1-65535 -vv -P0 -r $ip -oN $ip.txt -oG $ip.mrf &

The scan time seems very closely linked to processor speed. This was 

Has anyone got any ideas why this might be the case? We really expected 
3 interfaces to make a difference. Is it my version of nmap? Something 
else? Or just my CPU?

Any clues to this behaviour would be greatly appreciated.



For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
  • Where's the bottleneck? Roger Hoyle (Apr 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]