Home page logo

nmap-dev logo Nmap Development mailing list archives

Nmap 3.70 very very slow scanning (/16 iprange)
From: "Ganga Bhavani" <GBhavani () everdreamcorp com>
Date: Tue, 28 Sep 2004 18:21:26 -0700


I'm running nmap-3.70 on windows xp sp1. Scanning class B network (nmap -O is taking more than 2 
days... where as the previous version of nmap (nmap-3.50) used to take around 4 hrs for the same scan.

When I debug, this is what I found. 
In nmap-3.70, by default scanning is done through the winpcap instead of rawsockets. winpcap is taking around 2 seconds 
to send ICMP(ping) packet and tcp:80 initially to check if the host is up. Even though small number of nodes are up(say 
200), large amount of time(2Secs per node) is spent in pinging non existing node. For a /16 network with spare node 
population, nmap was 60% complete in 2 days, at which point I gave up. 

If I modify the code to use raw socket instead with the following change in the code, the scan is taking around 40 

int win32_socket(int af, int type, int proto)

 // if(type == SOCK_RAW && proto == IPPROTO_RAW) >>>>>>>>> 3.70
  if(type == SOCK_RAW && proto == IPPROTO_RAW && !rawsock_avail) >>>>>>>>>>>>3.50
      return 501;

  s = socket(af, type, proto);

Can some one please let me know the reason behind this change ? Also what are the implications if I revert it back to 
the old code ? Also can some please tell me if there is a way to optimize the performance of the pcap send calls ? some 
parameters that I can tune ?


For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
  • Nmap 3.70 very very slow scanning (/16 iprange) Ganga Bhavani (Sep 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]