Nmap Development mailing list archives

Re: Nmap 4.21ALPHA4 DNS resolve timeout

From: Henrik Zagerholm <henke () mac se>
Date: Tue, 26 Jun 2007 15:57:45 +0200


26 jun 2007 kl. 13:14 skrev Eddie Bell:

On 26/06/07, Henrik Zagerholm <henke () mac se> wrote:

Sorry for being unclear but the output from my ruby script example is
regexped so it doesn't return the same input.
The bottom line is that my script is almsot 10 times faster than a
single nmap call.
How can that be.


Ah sorry, I misread your email, you do -sP both times. The results are
strange, perhaps it is something to do with being on a private
network. Have you tried the same thing on a public network?

Question number 2 is that if I do  nmap -sL 10.0.0.5 and that IP
doesn't have an entry in the DNS that call takes about 15 seconds.
How can I set a timeout on this?


The DNS timeouts do not look like they not related to any command line
argument, instead they are defined in nmap_dns.c along with a group of
other performance parameters.  If you are desperate to improve the
speed you could edit these values but you may sacrifice reliability.

- eddie



Hi Eddie,

I've looked at the code and the performance parameters. I also found  
a hardcoded max timeout of 500ms.
if (min_timeout > 500) return 500;
   else return min_timeout;

Attached below you will see an output from me running a query against  
a single server with an IP adress that is not resolvable.

What I wonder is:
1. What parameter controls number of nsock_loop() calls?
2.      It looks like it does this in 3 blocks.
        First 7 calls to nsock_loop() then Write request for 44 bytes to IOD  
#1 EID 35 [10.170.0.40:53]: .............206.26.170.10.in-addr.arpa.....
        Then 7 more calls to nsock_loop() then Write request for 44 bytes to  
IOD #1 EID 35 [10.170.0.40:53]: .............206.26.170.10.in- 
addr.arpa.....
        And finaly 10 calls to nsock_loop().
        Is this true or does it just looks like it does it in 3 blocks? If  
it is 3 blocks how can I change this?

Thanks!
//Henrik

henke@safecube:~$ nmap -sP 10.170.26.206 -d3 --dns-servers 10.170.0.40

Starting Nmap 4.20 ( http://insecure.org ) at 2007-06-26 15:26 CEST
Fetchfile found /usr/local/share/nmap/nmap-services

The max # of sockets we are using is: 0
--------------- Timing report ---------------
   hostgroups: min 1, max 100000
   rtt-timeouts: init 1000, min 100, max 10000
   msx-scan-delay: TCP 1000, UDP 1000
   parallelism: min 0, max 0
   max-retries: 10, host-timeout: 0
---------------------------------------------
doing 0.0.0.0 = 10.170.26.206
Packet capture filter (device eth0): (icmp and dst host 10.170.4.217)  
or ((tcp or udp) and dst host 10.170.4.217 and ( dst port 36838 or  
dst port 36839 or dst port 36840 or dst port 36841 or dst port 36842))
SENT (0.0240s) ICMP 10.170.4.217 > 10.170.26.206 Echo request (type=8/ 
code=0) ttl=45 id=19496 iplen=28
SENT (0.0240s) TCP 10.170.4.217:36838 > 10.170.26.206:80 A ttl=48  
id=12679 iplen=40  seq=2393512030 win=1024 ack=3014269022
RCVD (0.0600s) ICMP 10.170.26.206 > 10.170.4.217 Echo reply (type=0/ 
code=0) ttl=125 id=6318 iplen=28
We got a ping packet back from 10.170.26.206: id = 39020 seq = 43105  
checksum = 48945
Hostupdate called for machine 10.170.26.206 state UNKNOWN/COMBO ->  
HOST_UP (trynum 0, dotimeadj: yes time: 36098)
Finished block: srtt: 35907 rttvar: 35907 timeout: 179535  
block_tries: 1 up_this_block: 1 down_this_block: 0 group_sz: 1
massping done:  num_hosts: 1  num_responses: 1
mass_rdns: Using DNS server 10.170.0.40
NSOCK (0.2160s) UDP connection requested to 10.170.0.40:53 (IOD #1)  
EID 8
NSOCK (0.2160s) Read request from IOD #1 [10.170.0.40:53] (timeout:  
-1ms) EID 18
Initiating Parallel DNS resolution of 1 host. at 15:26
NSOCK (0.2160s) Write request for 44 bytes to IOD #1 EID 27  
[10.170.0.40:53]: .............206.26.170.10.in-addr.arpa.....
NSOCK (0.2160s) nsock_loop() started (timeout=500ms). 3 events pending
NSOCK (0.2160s) Callback: CONNECT SUCCESS for EID 8 [10.170.0.40:53]
NSOCK (0.2160s) Callback: WRITE SUCCESS for EID 27 [10.170.0.40:53]
NSOCK (0.7200s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (1.2190s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (1.7200s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (2.2190s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (2.7200s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (3.2190s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (3.7200s) nsock_loop() started (timeout=496ms). 1 events pending
NSOCK (4.2150s) Write request for 44 bytes to IOD #1 EID 35  
[10.170.0.40:53]: .............206.26.170.10.in-addr.arpa.....
NSOCK (4.2150s) nsock_loop() started (timeout=500ms). 2 events pending
NSOCK (4.2150s) Callback: WRITE SUCCESS for EID 35 [10.170.0.40:53]
NSOCK (4.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (5.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (5.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (6.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (6.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (7.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (7.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (7.9680s) Callback: READ SUCCESS for EID 18 [10.170.0.40:53]  
(44 bytes): .............206.26.170.10.in-addr.arpa.....
NSOCK (7.9680s) Read request from IOD #1 [10.170.0.40:53] (timeout:  
-1ms) EID 42
NSOCK (7.9680s) Write request for 44 bytes to IOD #1 EID 51  
[10.170.0.40:53]: .............206.26.170.10.in-addr.arpa.....
NSOCK (7.9680s) Callback: WRITE SUCCESS for EID 51 [10.170.0.40:53]
NSOCK (8.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (8.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (9.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (9.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (10.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (10.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (11.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (11.7160s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (12.2150s) nsock_loop() started (timeout=500ms). 1 events pending
NSOCK (12.7160s) nsock_loop() started (timeout=252ms). 1 events pending
mass_rdns: 12.75s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 1, TR: 3]
Completed Parallel DNS resolution of 1 host. at 15:26, 12.75s elapsed
DNS resolution of 1 IPs took 12.75s. Mode: Async [#: 1, OK: 0, NX: 0,  
DR: 1, SF: 1, TR: 3, CN: 0]
Host 10.170.26.206 appears to be up.
Nmap finished: 1 IP address (1 host up) scanned in 12.968 seconds
                Raw packets sent: 2 (68B) | Rcvd: 1 (46B)

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nmap 4.21ALPHA4 DNS resolve timeout Henrik Zagerholm (Jun 26)
- Re: Nmap 4.21ALPHA4 DNS resolve timeout Eddie Bell (Jun 26)
  - Re: Nmap 4.21ALPHA4 DNS resolve timeout Henrik Zagerholm (Jun 26)
    - Re: Nmap 4.21ALPHA4 DNS resolve timeout Eddie Bell (Jun 26)
    - Re: Nmap 4.21ALPHA4 DNS resolve timeout Henrik Zagerholm (Jun 26)
    - Re: Nmap 4.21ALPHA4 DNS resolve timeout Henrik Zagerholm (Jun 26)
- Re: Nmap 4.21ALPHA4 DNS resolve timeout doug (Jun 26)
  - Re: Nmap 4.21ALPHA4 DNS resolve timeout Henrik Zagerholm (Jun 27)