Nmap Development mailing list archives

Nmap performance work update

From: David Fifield <david () bamsoftware com>
Date: Mon, 8 Dec 2008 21:43:57 -0700

On Sun, Nov 30, 2008 at 06:24:59PM -0700, David Fifield wrote:

I'm starting a project to improve Nmap's performance and the
predictability of the length of its scans. This may involve tuning
performance parameters, adjusting the congestion control mechanism, or
other things not thought of yet.

Hi, I want to inform you all of what work has been going on regarding
Nmap performance and to solicit your feedback.

I created a branch for experimentation with algorithms:

svn checkout --username guest --password "" svn://svn.insecure.org/nmap-exp/david/nmap-perf

A few small changes have been merged back to the trunk but nothing
substantial so far. I'm keeping notes at
http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes.

While developing a benchmark scan I went in search of what might make an
Nmap scan's completion time unpredicatable. The results of the scans I
ran are at http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes#benchmarks.
It turns out the two biggest culprits are scan delay and retries.

Knowing this, and with Brandon's message from
http://seclists.org/nmap-dev/2008/q4/0604.html in mind, I have been
working on making scan delay more predictable. A summary of my
experiments and their results is at
http://www.bamsoftware.com/wiki/Nmap/PerformanceNotes#scan-delay.
I've come up with a good way to find the rate at which a host limits
replies: we just measure the rate at which we receive them. This
approach seems to work well against rate-filtered hosts but it isn't
generic enough to deal with firewalled hosts yet.

After this, my next goal will be to see how much the global congestion
control can be loosened. Nmap limits the number of packets it sends both
globally and per-host. When a host drops a packet, the global limit
tightens somewhat, which sometimes slow down other hosts. This should be
avoided if possible. On the other hand, some sort of global control
appears to be necessary for things like host discovery, when each hosts
sends just one or two probes and the per-host controls never really kick
in.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: Desired improvements in Nmap performance?, (continued)
- Re: Desired improvements in Nmap performance? sara fink (Dec 01)
- Re: Desired improvements in Nmap performance? DePriest, Jason R. (Dec 01)
- Re: Desired improvements in Nmap performance? Brandon Enright (Dec 02)
  - Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
    - Re: Desired improvements in Nmap performance? [SCAN BUDDIES] David Fifield (Dec 02)
    - Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
    - Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES] David Fifield (Dec 02)
    - Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
  - Re: Desired improvements in Nmap performance? [FASTER IS SLOWER] Brandon Enright (Dec 02)
    - Re: Desired improvements in Nmap performance? [FASTER IS SLOWER] David Fifield (Dec 02)
- Nmap performance work update David Fifield (Dec 08)
- Re: Desired improvements in Nmap performance? Rob Nicholls (Dec 01)
  - Re: Desired improvements in Nmap performance? sara fink (Dec 01)