Nmap Development: Re: Desired improvements in Nmap performance? [SCAN BUDDIES]

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

Re: Desired improvements in Nmap performance? [SCAN BUDDIES]

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 3 Dec 2008 00:14:21 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 2 Dec 2008 17:00:08 -0700
David Fifield <david () bamsoftware com> wrote:

Now with the --initial-rtt-timeout:

$ sudo ./nmap --datadir ./ -p- -T5 -v -d -PN -n
--initial-rtt-timeout 50 132.239.7.132 SYN Stealth Scan Timing:
About 0.18% done Current sending rates: 33.81 packets / s, 1472.89
bytes / s.

Of course, the buddy was *much* faster than this.


I see, it also has to do with the congestion window (number of probes
allowed to be outstanding at once). Just like with the RTT, hosts with
no responses can take their congestion window from the global group
(HostScanStats::getTiming). The scan buddy allows the global
congestion window to grow. My guess is that combining
--min-parallelism with --initial-rtt-timeout would give you
comparable speeds. With -d3 you can get an output of the current
congestion window size. It looks like

**TIMING STATS** (0.7920s): IP, probes
active/freshportsleft/retry_stack/outstanding/retranwait/onbench,
cwnd/ccthresh/delay, timeout/srtt/rttvar/ Groupstats (1/1
incomplete): 49/*/*/*/*/* 49.75/75/* 154278/66678/21900

Here the congestion window has a size of 49.75.

David Fifield


Bingo.  I ran:

$ time sudo nmap -v -d3 -p- -T5 -PN -n 132.239.7.132,131 --open 2>&1 | egrep -A 1 'TIMING STATS' | tail -n 2

The last stats were:

**TIMING STATS** (25.0050s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, 
cwnd/ccthresh/delay, timeout/srtt/rttvar/
   Groupstats (1/2 incomplete): 0/*/*/*/*/* 300.00/237/* 50000/268/26

I then ran (without the buddy):

$ time sudo nmap -v -d3 -p- -T5 -PN -n 132.239.7.132 --initial-rtt-timeout 50 --min-parallelism 300 --open 2>&1 | egrep 
-A 1 'TIMING STATS' | tail -n 2

The scans finished within a second of each other.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkk1z2MACgkQqaGPzAsl94I9BgCcDNHy8FIqNQ0KNcY5SmWrdqO3
hfYAn2GAN8xj86CbiKsYqgPSdjqEBApo
=QjJN
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

By Date By Thread

Current thread:

Re: Desired improvements in Nmap performance?, (continued)
- Re: Desired improvements in Nmap performance? Brandon Enright (Dec 02)
  - Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
    - Re: Desired improvements in Nmap performance? [SCAN BUDDIES] David Fifield (Dec 02)
    - Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
    - Re: [CAPS] Re: Desired improvements in Nmap performance? [SCAN BUDDIES] David Fifield (Dec 02)
    - Re: Desired improvements in Nmap performance? [SCAN BUDDIES] Brandon Enright (Dec 02)
  - Re: Desired improvements in Nmap performance? [FASTER IS SLOWER] Brandon Enright (Dec 02)
    - Re: Desired improvements in Nmap performance? [FASTER IS SLOWER] David Fifield (Dec 02)
- Nmap performance work update David Fifield (Dec 08)
- Re: Desired improvements in Nmap performance? Rob Nicholls (Dec 01)
  - Re: Desired improvements in Nmap performance? sara fink (Dec 01)