Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: RTT times different between nping and other ping implementations
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Tue, 11 Dec 2012 21:18:21 +0100

On 12/11/2012 08:45 PM, Fyodor wrote:
On Tue, Dec 11, 2012 at 10:06 AM, Keith Christian <keith1christian () gmail com
wrote:


Windows ping yields 29 / 33 / 29 ms for min/max/avg, and nping yields
47 / 31 / 34.4.  I'd be wiling to toss the min/max values, but why so
much difference in the mean?

Hi Keith, that's a good observation.  And I get similar results against the
Linux ping utility.  Here's what I got with normal ping:

# ping -c50 scanme.nmap.org
PING scanme.nmap.org (74.207.244.221) 56(84) bytes of data.
[...]
50 packets transmitted, 50 received, 0% packet loss, time 49068ms
rtt min/avg/max/mdev = 20.352/24.735/48.281/5.980 ms

Then I tried the same with latest svn Nping:

# nping/nping -c50 scanme.nmap.org

Starting Nping 0.6.26SVN ( http://nmap.org/nping ) at 2012-12-11 11:07 PST
[...]
Max rtt: 134.212ms | Min rtt: 20.138ms | Avg rtt: 29.056ms
Raw packets sent: 50 (1.400KB) | Rcvd: 50 (1.400KB) | Lost: 0 (0.00%)

So Nping's max time was like triple the Linux-ping's max, and the Nping
average took 4.3ms (17%) longer.

I did some limited testing with tcpdump running during nping and it seemed
to confirm the Nping-reported times in the small number of cases I
examined. Next I tried using the Nping --send-ip option which uses "raw
sockets" to send the packets rather than building and sending lower level
ethernet frames:

# nping/nping --send-ip -c50 scanme.nmap.org

Starting Nping 0.6.26SVN ( http://nmap.org/nping ) at 2012-12-11 11:31 PST
[...]
Max rtt: 48.513ms | Min rtt: 19.738ms | Avg rtt: 24.019ms
Raw packets sent: 50 (1.400KB) | Rcvd: 50 (1.400KB) | Lost: 0 (0.00%)

Here the results are very similar to (and slightly better than) the normal
Linux ping.  Our Nping max, min, and average are all within 1 ms of the
Linux ping equivalent.

So the answer to your question seems to be that Nping is a bit slower than
OS provided ping utilities because it uses ethernet frame sending by
default rather than raw sockets.  This might due to inefficiencies in our
(Nmap/Nping) ethernet frame sending implementation, or it could be that the
OS takes longer to handle sends this way.  I kind of suspect inefficiencies
in our system, since it is apparently also slower on Windows.  It would be
great if someone could figure out why our ethernet sends are slower, since
improving that (if possible) could make Nmap faster too.

But in the meantime, a workaround is to use --send-ip on Linux/BSD/Mac
systems to get the most accurate times.  Unfortunately, this doesn't work
on Windows since MS blocked raw sockets in Windows XP SP2.  I still hope
they will revisit that mistake sometime.



Hi,

I've just tested the latest dev branch
(nmap-exp/luis/nmap-npingchanges/nping) on a Linux box and I don't see
any real difference between Nping and the traditional ping command.

luis () aberdeen
~/Desktop/repos/svn.nmap.org/nmap-exp/luis/nmap-npingchanges $ ping -c5
google.com
PING google.com (74.125.230.229) 56(84) bytes of data.
64 bytes from par08s10-in-f5.1e100.net (74.125.230.229): icmp_req=1
ttl=53 time=27.8 ms
64 bytes from par08s10-in-f5.1e100.net (74.125.230.229): icmp_req=2
ttl=53 time=29.3 ms
64 bytes from par08s10-in-f5.1e100.net (74.125.230.229): icmp_req=3
ttl=53 time=28.8 ms
64 bytes from par08s10-in-f5.1e100.net (74.125.230.229): icmp_req=4
ttl=53 time=28.7 ms
64 bytes from par08s10-in-f5.1e100.net (74.125.230.229): icmp_req=5
ttl=53 time=28.2 ms

--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 27.849/28.599/29.374/0.557 ms



luis () aberdeen
~/Desktop/repos/svn.nmap.org/nmap-exp/luis/nmap-npingchanges/nping $
sudo ./nping google.com

Starting Nping 0.6.20BETA1 ( http://nmap.org/nping ) at 2012-12-11 21:11 CET
SENT (0.0000s) IPv4[192.168.1.33 > 74.125.230.227 ttl=64 id=16727
iplen=28] ICMPv4[Echo request id=6476 seq=0]
RCVD (0.0280s) IPv4[74.125.230.227 > 192.168.1.33 ttl=53 id=53 iplen=28]
ICMPv4[Echo reply id=6476 seq=0]
SENT (1.0010s) IPv4[192.168.1.33 > 74.125.230.227 ttl=64 id=16728
iplen=28] ICMPv4[Echo request id=6476 seq=1]
RCVD (1.0290s) IPv4[74.125.230.227 > 192.168.1.33 ttl=53 id=54 iplen=28]
ICMPv4[Echo reply id=6476 seq=1]
SENT (2.0010s) IPv4[192.168.1.33 > 74.125.230.227 ttl=64 id=16729
iplen=28] ICMPv4[Echo request id=6476 seq=2]
RCVD (2.0280s) IPv4[74.125.230.227 > 192.168.1.33 ttl=53 id=55 iplen=28]
ICMPv4[Echo reply id=6476 seq=2]
SENT (3.0000s) IPv4[192.168.1.33 > 74.125.230.227 ttl=64 id=16730
iplen=28] ICMPv4[Echo request id=6476 seq=3]
RCVD (3.0270s) IPv4[74.125.230.227 > 192.168.1.33 ttl=53 id=56 iplen=28]
ICMPv4[Echo reply id=6476 seq=3]
SENT (4.0000s) IPv4[192.168.1.33 > 74.125.230.227 ttl=64 id=16731
iplen=28] ICMPv4[Echo request id=6476 seq=4]
RCVD (4.0270s) IPv4[74.125.230.227 > 192.168.1.33 ttl=53 id=57 iplen=28]
ICMPv4[Echo reply id=6476 seq=4]

Raw packets sent: 5 (140B) | Rcvd: 5 (140B) | Lost: 0 (0.00%)
Max rtt: 28.777ms | Min rtt: 27.672ms | Avg rtt: 28.102ms
Tx time: 4.00001s | Tx bytes/s: 35.00 | Tx pkts/s: 1.25
Rx time: 4.11501s | Rx bytes/s: 34.02 | Rx pkts/s: 1.22
Nping done: 1 IP address pinged in 4.24 seconds


Even when I force Ethernet, I only get slightly higher RTTs.

luis () aberdeen
~/Desktop/repos/svn.nmap.org/nmap-exp/luis/nmap-npingchanges/nping $
sudo ./nping google.com -send-eth

Starting Nping 0.6.20BETA1 ( http://nmap.org/nping ) at 2012-12-11 21:14 CET
[...]
Raw packets sent: 5 (210B) | Rcvd: 5 (140B) | Lost: 0 (0.00%)
Max rtt: 31.366ms | Min rtt: 27.979ms | Avg rtt: 28.863ms
Tx time: 3.99992s | Tx bytes/s: 52.50 | Tx pkts/s: 1.25
Rx time: 4.12500s | Rx bytes/s: 33.94 | Rx pkts/s: 1.21
Nping done: 1 IP address pinged in 4.30 seconds


As soon as I test it on Windows, I'll let you know how it goes. Note
that this version of Nping that I tested it on is not the current SVN
trunk, but a Dev branch that is to be merged soon..

Regards,

Luis MartinGarcia.







_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault