Home page logo

nmap-dev logo Nmap Development mailing list archives

massping migration and you
From: David Fifield <david () bamsoftware com>
Date: Tue, 28 Aug 2007 23:59:16 -0600

Hi nmap-dev,

Recently checked in to /nmap is the result of almost two months of work
known as the "massping migration". These changes make Nmap use its
port-scanning function ultra_scan for discovering which hosts are up
instead of an old special-purpose function called massping.

Recall that Nmap usually pings hosts to see if they're up before port
scanning them (http://insecure.org/nmap/man/man-host-discovery.html).
This step is called host discovery, or ping scan. You can do just a ping
scan without scanning any ports by using the -sP option. It is this
functionality that these new changes affect.

The benefits of this new system are a reduction in duplicated
functionality throughout the code, and hopefully faster and more
accurate host discovery in many cases. This has been a balancing act.
There is some evidence that massping was too optimistic in the rate at
which it would sometimes send packets. Therefore, while scan speed was a
top priority in this new development, ultra_scan's more cautious
congestion control algorithms mean that host discovery will sometimes be

Development on the new system has been careful, but so far it hasn't
gotten much testing from users. Fyodor tells me that this will be in a
release soon. So please download it and try out the new ping scan code.
Run your favorite ping scans and report back with success or failure.
Did the scans take much longer or shorter than you expected? Were any
live hosts missed?

Here are some tips for running useful tests. The new code mainly affects
host discovery, so the results from -sP scans are the most useful.
Normal port scans may be slightly improved, but this is incidental.
Using the -n flag to disable name resolution makes it easier to compare
results. When you're scanning your LAN, use the --send-ip option to keep
from using ARP scan. And please send results from non-root TCP connect
ping scans as well.

Here are some good scans to run:

        nmap -n -sP --send-ip
        nmap -n -sP -PS --unprivileged host
        nmap -n -sP -PS -T4 host/24
        nmap -n -sP -PA1 -PS22,80,113 -PE -PM host

David Fifield

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]