Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Problematic libpcap on Ubuntu 14.04

From: nnposter () users sourceforge net
Date: Tue, 24 Jun 2014 0:28:25 +0000
Hello,
Perhaps it is a known issue but I am experiencing a problem with nmap
when compiled with libpcap from Ubuntu 14.04 LTS (libpcap0.8 1.5.3-2).
There is a clear speed difference and the performance is outright
horrible when executed in a virtualized environment.

Specifically, I am observing the following when running a simple syn scan
("-v -n") with rev.33049:

* 12.04 on bare metal: ~0.2s
* 14.04 on bare metal: ~2s
* 14.04 on bare metal, --with-libpcap=included: ~0.3s
* 12.04 on Win7 VMware Wkstn: <0.1s
* 14.04 on Win7 VMware Wkstn: 4-80s, reported packet loss (see below)
* 14.04 on Win7 VMware Wkstn, --with-libpcap=included: ~0.2s

Increasing send delay for A.B.C.D from 0 to 5 due to 36 out of 119 dropped probes since last increase.
Increasing send delay for A.B.C.D from 5 to 10 due to 12 out of 40 dropped probes since last increase.
Increasing send delay for A.B.C.D from 10 to 20 due to 11 out of 29 dropped probes since last increase.
Increasing send delay for A.B.C.D from 20 to 40 due to 11 out of 25 dropped probes since last increase.
Increasing send delay for A.B.C.D from 40 to 80 due to 11 out of 29 dropped probes since last increase.

OS configuration does not appear to be relevant:

* 14.04 Desktop, Server, and Minimal Server Build are all problematic.
* Lance, vmxnet3, and e1000 NICs are all problematic.
* Bridged and NATed modes are both problematic.
* Kernels 3.13.0-24 and -29 are both problematic.
* Uni- and SMP are both problematic.
* VMware Tools and Open VM Tools are both problematic.

Network observations:

* All outbound and inbound packets have correct IP and TCP checksums
  (as observed by Wireshark instances on both the VMware host and the
  guest).
* All SYN packets were responded to and the responses were received
  by the VMware host and the guest. In other words, no actual packet
  loss seems to occur.

The obvious hypothesis is that libpcap in Ubuntu 14.04 is somehow
broken. However, it is worth noting that the bundled Wireshark,
specifically dumpcap, does use the shared libpcap and it did not have
problem with keeping track of the scan.

Potentially relevant discussion:
http://seclists.org/nmap-dev/2014/q2/341


Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: