Nmap Development mailing list archives
Re: massping-migration and other dev testing results
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 15 Sep 2007 06:09:13 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 14 Sep 2007 15:37:04 -0600 plus or minus some time David Fifield <david () bamsoftware com> wrote: I wrote:
Okay, did that. To recap, my 'b' scan is '-sP -P A135,139,445,3389' across 180k hosts. I did this scan with MPM r5829 twice, sequentially, with no other network traffic or CPU load on the box. Once with T3 and once with T5.
...snip... You wrote:
Weird, there should be many more host groups than that. At least 180000 / 4096 ~= 44, instead of only 6. Did you run these scans with enlarged ping groups?
My SVN tree got corrupted somehow and wasn't handling (updating) locally modified files. Here are the correct results now: david_mpm_r5829bT3.nmap: # Nmap done at Sat Sep 15 04:38:45 2007 -- 186368 IP addresses (14123 hosts up) scanned in 4977.963 seconds david_mpm_r5829bT5.nmap: # Nmap done at Sat Sep 15 03:15:47 2007 -- 186368 IP addresses (13841 hosts up) scanned in 2571.266 seconds The graphs have been re-generated. $ egrep 'Ultrascan DROPPED' david_mpm_r5829bT3.nmap | wc -l 376 $ egrep 'Ultrascan DROPPED' david_mpm_r5829bT5.nmap | wc -l 490 And for the long pcap results: $ egrep -i 'pcap stats' david_mpm_r5829bT3.nmap pcap stats: 131 packets received by filter, 0 dropped by kernel. pcap stats: 18 packets received by filter, 0 dropped by kernel. pcap stats: 44 packets received by filter, 0 dropped by kernel. pcap stats: 872 packets received by filter, 0 dropped by kernel. pcap stats: 1376 packets received by filter, 0 dropped by kernel. pcap stats: 938 packets received by filter, 0 dropped by kernel. pcap stats: 1356 packets received by filter, 0 dropped by kernel. pcap stats: 8624 packets received by filter, 0 dropped by kernel. pcap stats: 912 packets received by filter, 0 dropped by kernel. pcap stats: 1193 packets received by filter, 0 dropped by kernel. pcap stats: 1506 packets received by filter, 0 dropped by kernel. pcap stats: 823 packets received by filter, 0 dropped by kernel. pcap stats: 1426 packets received by filter, 0 dropped by kernel. pcap stats: 999 packets received by filter, 0 dropped by kernel. pcap stats: 937 packets received by filter, 0 dropped by kernel. pcap stats: 1219 packets received by filter, 0 dropped by kernel. pcap stats: 602 packets received by filter, 0 dropped by kernel. pcap stats: 534 packets received by filter, 0 dropped by kernel. pcap stats: 561 packets received by filter, 0 dropped by kernel. pcap stats: 425 packets received by filter, 0 dropped by kernel. pcap stats: 107 packets received by filter, 0 dropped by kernel. pcap stats: 53 packets received by filter, 0 dropped by kernel. pcap stats: 403 packets received by filter, 0 dropped by kernel. pcap stats: 195 packets received by filter, 0 dropped by kernel. pcap stats: 947 packets received by filter, 0 dropped by kernel. pcap stats: 427 packets received by filter, 0 dropped by kernel. pcap stats: 180 packets received by filter, 0 dropped by kernel. pcap stats: 451 packets received by filter, 0 dropped by kernel. pcap stats: 219 packets received by filter, 0 dropped by kernel. pcap stats: 517 packets received by filter, 0 dropped by kernel. pcap stats: 173 packets received by filter, 0 dropped by kernel. pcap stats: 447 packets received by filter, 0 dropped by kernel. pcap stats: 246 packets received by filter, 0 dropped by kernel. pcap stats: 104 packets received by filter, 0 dropped by kernel. pcap stats: 75 packets received by filter, 0 dropped by kernel. pcap stats: 133 packets received by filter, 0 dropped by kernel. pcap stats: 1329 packets received by filter, 0 dropped by kernel. pcap stats: 578 packets received by filter, 0 dropped by kernel. pcap stats: 199 packets received by filter, 0 dropped by kernel. pcap stats: 8790 packets received by filter, 0 dropped by kernel. pcap stats: 389 packets received by filter, 0 dropped by kernel. pcap stats: 2018 packets received by filter, 0 dropped by kernel. pcap stats: 503 packets received by filter, 0 dropped by kernel. pcap stats: 281 packets received by filter, 0 dropped by kernel. pcap stats: 65 packets received by filter, 0 dropped by kernel. pcap stats: 79 packets received by filter, 0 dropped by kernel. pcap stats: 185 packets received by filter, 0 dropped by kernel. pcap stats: 352 packets received by filter, 0 dropped by kernel. pcap stats: 96 packets received by filter, 0 dropped by kernel. $ egrep -i 'pcap stats' david_mpm_r5829bT5.nmap pcap stats: 138 packets received by filter, 0 dropped by kernel. pcap stats: 18 packets received by filter, 0 dropped by kernel. pcap stats: 43 packets received by filter, 0 dropped by kernel. pcap stats: 1086 packets received by filter, 0 dropped by kernel. pcap stats: 1563 packets received by filter, 0 dropped by kernel. pcap stats: 930 packets received by filter, 0 dropped by kernel. pcap stats: 1677 packets received by filter, 0 dropped by kernel. pcap stats: 762 packets received by filter, 0 dropped by kernel. pcap stats: 920 packets received by filter, 0 dropped by kernel. pcap stats: 842 packets received by filter, 0 dropped by kernel. pcap stats: 1206 packets received by filter, 0 dropped by kernel. pcap stats: 825 packets received by filter, 0 dropped by kernel. pcap stats: 1113 packets received by filter, 0 dropped by kernel. pcap stats: 795 packets received by filter, 0 dropped by kernel. pcap stats: 695 packets received by filter, 0 dropped by kernel. pcap stats: 832 packets received by filter, 0 dropped by kernel. pcap stats: 512 packets received by filter, 0 dropped by kernel. pcap stats: 239 packets received by filter, 0 dropped by kernel. pcap stats: 133 packets received by filter, 0 dropped by kernel. pcap stats: 87 packets received by filter, 0 dropped by kernel. pcap stats: 80 packets received by filter, 0 dropped by kernel. pcap stats: 99 packets received by filter, 0 dropped by kernel. pcap stats: 63 packets received by filter, 0 dropped by kernel. pcap stats: 78 packets received by filter, 0 dropped by kernel. pcap stats: 1273 packets received by filter, 0 dropped by kernel. pcap stats: 430 packets received by filter, 0 dropped by kernel. pcap stats: 131 packets received by filter, 0 dropped by kernel. pcap stats: 445 packets received by filter, 0 dropped by kernel. pcap stats: 195 packets received by filter, 0 dropped by kernel. pcap stats: 153 packets received by filter, 0 dropped by kernel. pcap stats: 160 packets received by filter, 0 dropped by kernel. pcap stats: 406 packets received by filter, 0 dropped by kernel. pcap stats: 127 packets received by filter, 0 dropped by kernel. pcap stats: 112 packets received by filter, 0 dropped by kernel. pcap stats: 110 packets received by filter, 0 dropped by kernel. pcap stats: 152 packets received by filter, 0 dropped by kernel. pcap stats: 2572 packets received by filter, 642 dropped by kernel. pcap stats: 712 packets received by filter, 0 dropped by kernel. pcap stats: 148 packets received by filter, 0 dropped by kernel. pcap stats: 149 packets received by filter, 0 dropped by kernel. pcap stats: 141 packets received by filter, 0 dropped by kernel. pcap stats: 149 packets received by filter, 0 dropped by kernel. pcap stats: 83 packets received by filter, 0 dropped by kernel. pcap stats: 32 packets received by filter, 0 dropped by kernel. pcap stats: 42 packets received by filter, 0 dropped by kernel. pcap stats: 58 packets received by filter, 0 dropped by kernel. pcap stats: 87 packets received by filter, 0 dropped by kernel. pcap stats: 52 packets received by filter, 0 dropped by kernel. pcap stats: 59 packets received by filter, 0 dropped by kernel. Other than the one drop spike, everything went fine. Is there any way to figure out why the kernel would drop received packets? My best guess would be that there is a pretty short buffer for incoming packets and if too many probes are sent at once, when responses come back, if Nmap takes to long to read them from the buffer, packets will be dropped. That would help explain why with the 64k PING_GROUP_SZ the kernel was dropping like crazy - -- Nmap was spending too much time sending and the latency to getting to the buffer read was too high. Or maybe it's something completely different. Thoughts? Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFG63cJqaGPzAsl94IRArQDAJ4+r9hCH6EIuu0qsj67GfFLFgRzwgCfZ7v6 xopitH5fSD2ek67lgq7NxP4= =1rWA -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- massping-migration and other dev testing results Brandon Enright (Sep 11)
- Re: massping-migration and other dev testing results David Fifield (Sep 11)
- Re: massping-migration and other dev testing results Brandon Enright (Sep 11)
- Re: massping-migration and other dev testing results David Fifield (Sep 11)
- Re: massping-migration and other dev testing results Brandon Enright (Sep 11)
- Re: massping-migration and other dev testing results David Fifield (Sep 13)
- Re: massping-migration and other dev testing results Brandon Enright (Sep 13)
- Re: massping-migration and other dev testing results David Fifield (Sep 14)
- Re: massping-migration and other dev testing results Brandon Enright (Sep 14)
- Re: massping-migration and other dev testing results Brandon Enright (Sep 14)
- Re: massping-migration and other dev testing results David Fifield (Sep 17)
- Re: massping-migration and other dev testing results Brandon Enright (Sep 11)
- Re: massping-migration and other dev testing results David Fifield (Sep 11)
- Re: massping-migration and other dev testing results Brandon Enright (Sep 11)
- Re: massping-migration and other dev testing results David Fifield (Sep 13)