Nmap Development mailing list archives
Re: Nmap 3.70 very very slow scanning (/16 iprange)
From: Andy Lutomirski <luto () myrealbox com>
Date: Sun, 03 Oct 2004 21:05:53 -0700
Andy Smith wrote:
Yah, this'll do bad things to SP2. I think the problem is the time spent ARPing. This could be due to the ARP change for SP2 (which I haven't actually looked at) or to the queue lengths in pcapsend.c. I'm guessing it's the former, since the latter hasn't changed AFAIK.It is possible that it will not work for Windows XP with SP2. Regards, Andy
I'll hack something up to try and fix this for real. It may be a rather drastic change -- the current scheme we use for APR is bad in the presence of the firewall. We currently have the main thread dump pending packets into a queue which is serviced by a second thread that polls the cache. This isn't so bad (other than polling latency), except that, with the firewall up, there is no way that I know of to asynchronously ARP for something in such a way that the firewall will accept the reply. So the ugly fix for 3.70 is to use SendARP, which is synchronous. It's possible that SIO_FIND_ROUTE will do it, but I'm not sure. Otherwise, we could just implement our own ARP listener, which would get the inbound ARPs (matched to the outbound, I suppose), and add them into the cache. It would also eliminate the latency.
Bleh.OTOH, it's possible that a spoofed raw send (which SP2 drops) would still trigger the ARP. That's a truly awful hack, but it would be easy.
--Andy ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- RE: Nmap 3.70 very very slow scanning (/16 iprange) Ganga Bhavani (Sep 30)
- Re: Nmap 3.70 very very slow scanning (/16 iprange) Andy Smith (Oct 01)
- Re: Nmap 3.70 very very slow scanning (/16 iprange) Andy Lutomirski (Oct 03)
- Re: Nmap 3.70 very very slow scanning (/16 iprange) Andy Smith (Oct 01)