|
Nmap Development
mailing list archives
Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES]
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 2 Dec 2008 23:36:22 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 2 Dec 2008 16:28:37 -0700
David Fifield <david () bamsoftware com> wrote:
...snip...
What's happening is that the one totally filtered host has never sent
a reply, so we have no idea what its RTT is. Nmap uses the default of
one second, which is pretty slow. But the scan buddy provides a
global RTT estimate, which Nmap will use when a host doesn't have its
own estimate (HostScanStats::probeTimeout in scan_engine.cc). The
approximation is justified in this case as the two hosts are likely
to have near-identical RTTs. So the unanswered probes time out much
more quickly and the scan goes fast.
If you scan the filtered host with --initial-rtt-timeout 50 does the
scan go as fast as with the buddy?
Well, much faster but not as fast as with the buddy. No buddy, no
- --initial-rtt-timeout:
$ sudo ./nmap --datadir ./ -p- -T5 -v -d -PN -n 132.239.7.132
Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-02 23:34 GMT
- --------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 250, min 50, max 300
max-scan-delay: TCP 5, UDP 1000
parallelism: min 0, max 0
max-retries: 2, host-timeout: 900000
min-rate: 0, max-rate: 0
- ---------------------------------------------
Initiating SYN Stealth Scan at 23:34
Scanning 132.239.7.132 [65535 ports]
Packet capture filter (device eth0): dst host 132.239.1.114 and (icmp or ((tcp or udp) and (src host 132.239.7.132)))
Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.00% done
Current sending rates: 3.18 packets / s, 116.64 bytes / s.
Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.01% done
Current sending rates: 5.30 packets / s, 209.78 bytes / s.
Stats: 0:00:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.02% done
Current sending rates: 6.11 packets / s, 249.65 bytes / s.
Stats: 0:00:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.02% done
Current sending rates: 6.54 packets / s, 271.79 bytes / s.
Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.03% done
Current sending rates: 6.81 packets / s, 284.56 bytes / s.
...killed...
Now with the --initial-rtt-timeout:
$ sudo ./nmap --datadir ./ -p- -T5 -v -d -PN -n --initial-rtt-timeout 50 132.239.7.132
Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-02 23:35 GMT
- --------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 50, min 50, max 300
max-scan-delay: TCP 5, UDP 1000
parallelism: min 0, max 0
max-retries: 2, host-timeout: 900000
min-rate: 0, max-rate: 0
- ---------------------------------------------
Initiating SYN Stealth Scan at 23:35
Scanning 132.239.7.132 [65535 ports]
Packet capture filter (device eth0): dst host 132.239.1.114 and (icmp or ((tcp or udp) and (src host 132.239.7.132)))
Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.02% done
Current sending rates: 17.96 packets / s, 768.54 bytes / s.
Stats: 0:00:03 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.06% done
Current sending rates: 26.26 packets / s, 1135.67 bytes / s.
Stats: 0:00:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.09% done
Current sending rates: 29.42 packets / s, 1278.75 bytes / s.
Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.12% done
Current sending rates: 31.14 packets / s, 1356.08 bytes / s.
Stats: 0:00:06 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.15% done
Current sending rates: 32.69 packets / s, 1424.19 bytes / s.
Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 0.18% done
Current sending rates: 33.81 packets / s, 1472.89 bytes / s.
Of course, the buddy was *much* faster than this.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkk1xnwACgkQqaGPzAsl94KLFQCgnNWRdldA0mf7n3kGTPOBCVg1
xJQAnji0sTdbj4fVmJ/y8dhNGcnUUkVe
=g3QF
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
- Re: Desired improvements in Nmap performance?, (continued)
Re: Desired improvements in Nmap performance? [FASTER IS SLOWER] Brandon Enright (Dec 02)
Nmap performance work update David Fifield (Dec 08)
|
Intro
