mailing list archives
Re: nmap massive memory usage
From: majek04 <majek04+nmap-dev () gmail com>
Date: Tue, 4 Dec 2007 17:32:02 +0100
On 12/4/07, John Richard Moser <nigelenki () comcast net> wrote:
In scanning two /24 ranges for full UDP sweeps on all 0-65535 ports, I
found nmap (after fininshing the first group) held 600MB+ of RSS on
64-bit Linux. Command line:
There is one instance of port_map array allocated for every
scanned protocol. So for '-sU -p0-65535' you have
65k*u16 = 128KBytes in just port_map.
(port_map is static variable on PortList class see portlist.cc:623)
For every host one PortList instance is created.
On PortList instance there is port_list array allocated for every protocol.
The memory used depends on the number of ports scanned
port_list size is sometning like this
sizeof(Port*) * (number_ports_scanned + 1)
It's 65k*8B = 512KBytes per host in your case.
Next, for every scanned port the Port() instance is created.
Every Port instance have (fix me if I miscounted):
- int * 8
- ScriptResults (it's std::vector)
- ptr * 10
Sizeof(Port) on my 32-bit machine is 104 bytes.
Roughly in your case:
128K + // port_map
((number_of_ports * sizeof(Port*)) +// PortList:port_list
(sizeof(Port) * number_of_ports)) //PortList:port_list[port_number] -> Port()
For hostgroup of about 50 it's 350MBytes on 32bit machine.
Am I correct?
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org