Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Performance thoughts

From: majek04 <nmap () forest one pl>
Date: Tue, 04 Jul 2006 08:46:25 +0200
Hi

My personal performance thoughts :)


I compiled nmap with "--without-openssl" and with CFLAGS="-g"
Stress test #1: Big number of hosts (1024 hosts, one open port)

        time ./nmap -sS -n -T5 127.0.0.1/20 -p22
        31.10s user 0.41s system 99% cpu 31.663 total

        Wow, 30 seconds in userspace, that's quite long!

        Let's see what took so much time:
        http://ai.pjwstk.edu.pl/~majek/private/nmap/nm-before.png

        Hmm. UltraScanInfo::numIncompleteHosts is taking the most of
        resources.
        What's this function doing you ask?
        unsigned int numIncompleteHosts()
                        { return incompleteHosts.size();}

        Counting size very often isn't too efficient. Here is patch:
http://ai.pjwstk.edu.pl/~majek/private/nmap/g03-speed-incompleteHosts.diff

        Let's see the same test again:
        time ./nmap -sS -n -T5 127.0.0.1/22 -p22
        7.40s user 0.33s system 99% cpu 7.769 total

        It's four times faster now. Graph is here:
        http://ai.pjwstk.edu.pl/~majek/private/nmap/nm-after.png
        (now HostScanStats::sendOk is taking most of resources.... )




I compiled nmap with "--with-openssl" and with CFLAGS="-g"
Stress test #2: Big number of ports (1 host, 65k ports)
        ./nmap -sS -n -T5 127.0.0.1 -p0-65535
        113.64s user 13.24s system 99% cpu 2:06.91 total
        
        Graph:
        http://ai.pjwstk.edu.pl/~majek/private/nmap/nm-ports-ssl.png
        
        Most of cpu is consumed by getting random numbers "RAND_bytes".
        
        Let's disable openssl. (--without-openssl)

        ./nmap -sS -n -T5 127.0.0.1 -p0-65535
        67.85s user 11.68s system 98% cpu 1:20.69 total

        A bit faster.
        http://ai.pjwstk.edu.pl/~majek/private/nmap/nm-ports.png
        I can see that at least 10% of cpu is consumed by
        iterating through UltraProbe. But no patch is available yet :)

        
Marek Majkowski


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: