Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Fwd: SOC idea
From: Jason Gerfen <jason.gerfen () gmail com>
Date: Wed, 29 Jan 2014 08:10:12 -0700

I am not sure how to really promote these performance increases to the
nmap community, I don't want it to come across as spamming the board
but the latest version I have released, v0.1.1, when scanning a class
B network with 32766 hosts has shown an significant decrease in scan
times. Project details can be found at
https://github.com/jas-/node-libnmap, output of tests are below:

One scan iteration results
nmap:
real    10m32.856s
user    0m11.709s
sys     0m33.364s

node-libnmap:
real    0m32.034s
user    1m3.209s
sys     0m33.950s

Feedback is appreciated.

On Sun, Jan 26, 2014 at 8:20 AM, Jason Gerfen <jason.gerfen () gmail com> wrote:
For those that are interested in this project my latest benchmarks are
showing a substantial increase in performance for scans using the -T4
option.

The scan test case: nmap -T4 -oG - localhost 10.0.2.0/24
192.168.2.0/25 (all virtual private nets as I do not have access to a
large class A, B or C to test against)

nmap:

real    3m34.218s
user    0m0.911s
sys     0m3.315s

node-libnmap:

real    2m32.158s
user    0m13.066s
sys     0m8.890s


A minute shaved off the scan, I would be interested to see a large
class A or B scan result if anyone can provide a safe block for me to
test against. Thanks!



On Sat, Jan 11, 2014 at 5:02 AM, Jason Gerfen <jason.gerfen () gmail com> wrote:
On Fri, Jan 10, 2014 at 8:22 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
On 01/10/2014 06:48 AM, Jason Gerfen wrote:

1. Your Github readme suggests that you might be using Nmap 5.51. If this
is
the case, do upgrade to the latest version before benchmarking your
code,
otherwise you might be wasting time.

I am currently using and testing against 5.51, so green there.

The current version is 6.40, just to clarify. I am not really aware of any
significant changes in host discovery between these versions. Here are the
relevant entries in the changelog:

o Added a new --disable-arp-ping option. This option prevents Nmap
  from implicitly using ARP or ND host discovery for discovering
  directly connected Ethernet targets. This is useful in networks
  using proxy ARP, which make all addresses appear to be up using ARP
  scan. The previously recommended workaround for this situation,
  --send-ip, didn't work on Windows because that lame excuse for an
  operating system is still missing raw socket support.  [David
  Fifield (editorializing added by Fyodor)]

o Made source port numbers (used to encode probe metadata) increment
  so as not to overlap between different scanning phases. Previously
  it was possible for an RST response to an ACK probe from host
  discovery to be misinterpreted as a reply to a SYN probe from port
  scanning. [Sean Rivera, David Fifield]

o Targets requiring different source addresses now go into different
  hostgroups, not only for host discovery but also for port scanning.
  Before, only responses to one of the source addresses would be
  processed, and the others would be ignored. [David]

o Nmap has long supported IPv6 for basic (connect) port scans, basic
  host discovery, version detection, Nmap Scripting Engine.  This
  release dramatically expands and improves IPv6 support:
  + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
    etc.) are now supported. [David, Weilin]
  + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
    discovery packets, etc.) is now supported. [David, Weilin]
  + IPv6 traceroute is now supported [David]
  + The --exclude and --excludefile now support IPV6 addresses with
    netmasks.  [Colin]




2. Consider using -oX instead of -oG. This way you will get an ouput
format
less likely to be changed in the future. As far as I know, -oG is meant
for
being read by a human, not parsed by a machine.

Am I wrong to assume -oG will allow the following?

$ nmap -sn -oG - 10.0.2.0/24 | awk 'up { print }'

Really due to the nature of the language, in this case node.js which
relies heavily upon Objects, and more specifically JSON formatted
objects a simple regex combined with a capture group of the results is
going to be faster than traversing XML elements.

-oG is "deprecated," which for our purposes means that the format is fixed
and will not change. New features (NSE scripts, traceroute, etc) will not
get their output added to -oG files. For host discovery, this is probably
sufficient for your purposes. Just realize that XML is more complete, if you
plan on extending your interface to support more thorough scanning.

Does that mean that it will be going away anytime soon? If so I would
move to parsing with XML or even leaving the XML response parsing to
anyone implementing the project but ideally a smaller footprint is
going to be ideal for this project.


Looks cool!


Thanks, I am working on the detail scanning portion now in branch v0.0.3-scan.

Dan



--
Jas



-- 
Jason Gerfen
http://www.github.com/jas-
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]