Nmap Development mailing list archives
New development in host discovery: response rate scaled congestion control
From: David Fifield <david () bamsoftware com>
Date: Wed, 5 Sep 2007 16:36:14 -0600
Hi all, You may have been following the development of ultra_scan-based host discovery. In the last few weeks, we've been working to improve its performance. Some testing reports have shown slow performance when many packet drops are detected. I recently hit on an idea that could greatly improve the situation in these cases. The idea is that whenever we make a change to the group congestion window, we scale the increment by the inverse of the packet receipt ratio; i.e., the ratio of the packets that have been responded to versus the number that have been sent. This makes the congestion window vary in a healthier manner, as it would with a TCP stream with a steady supply of responses coming in. More information and graphs are here: http://www.bamsoftware.com/wiki/Nmap/ResponseRateScaledCongestionControl You can get it by running svn co svn://svn.insecure.org/nmap-exp/david/nmap-massping-migration I thought this was a bit too experimental to go into the Nmap trunk in Subversion, but early results are extremely promising! If you're not afraid of building from Subversion, please give it a try. I recently committed a change that made certain ICMP errors not count as drops, in an effort to improve host discovery performance. This new code takes that out--many more drops are detected than in the Nmap trunk. Despite this, my tests so far have shown the scaled congestion control to be faster. This could probably use some tweaking. For example, it may be better to calculate the packet receipt ratio as some kind of moving average rather than a lifetime average, so it can react more quickly as network conditions change. This change affects normal port scans too. I hope that it will only speed them up, but I haven't tested it much. So remember to try some port scans too and report if there's anything out of the ordinary. Here are some good test scans to run. nmap -n -sP --send-ip 192.168.0.0/24 nmap -n -sP -PS --unprivileged host nmap -n -sP -PS -T4 host/24 nmap -n -sP -PA1 -PS22,80,113 -PE -PM host Many thanks to all intrepid Nmap testers! David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New development in host discovery: response rate scaled congestion control David Fifield (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control Brandon Enright (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control David Fifield (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control Brandon Enright (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control David Fifield (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control Brandon Enright (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control David Fifield (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control Brandon Enright (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control David Fifield (Sep 06)
- Re: New development in host discovery: response rate scaled congestion control Brandon Enright (Sep 06)
- Re: New development in host discovery: response rate scaled congestion control David Fifield (Sep 06)
- Re: New development in host discovery: response rate scaled congestion control David Fifield (Sep 05)
- Re: New development in host discovery: response rate scaled congestion control Brandon Enright (Sep 05)