Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PortBunny - FX and Fabs at 24C3

From: Fyodor <fyodor () insecure org>
Date: Sun, 13 Jan 2008 21:21:46 -0800
On Sun, Jan 13, 2008 at 11:42:21PM -0500, Tyler Reguly wrote:

Interesting to see this thread here... I actually spent this evening doing a
comparison between Unicornscan, PortBunny and nmap.

The results can be found here: http://www.computerdefense.org/?p=440


Thanks for sharing!  It is nice to see some independent results.  I
was glad to see that Nmap was the only scanner to get all the ports
right with its default options, while both PortBunny and UnicornScan
missed ports.  Nmap missed ports when you specified "-T5 --max-retries
0", but there you are asking for it.  There is a reason that -T5 is
documented as "Insane mode" :).  A good way to look at your results
(IMHO) is in the total time taken across all five machines compared to
the total ports missed.  I only worried about the "all ports" scans,
because I'm not even sure that the other scanners scan the same ports
by default as Nmap does.  From your table I get:

Scanner                  | Total Time | Missed ports
----------------------------------------------------
UnicornScan              | 88.96s     | 6
PortBunny                | 2667.08s   | 2
Nmap                     | 1617.01    | 0
Nmap -T5 --max-retries 0 | 62.27      | 2

Very interesting!  So with default options, Nmap was the most accurate
out of all of them and still was much faster than PortBunny.  And with
"-T5 --max-retries 0", Nmap was the fastest of them all, and still
tied PortBunny in accuracy while taking barely 1 minute compared to 44
minutes for PortBunny.

I'll try not to let this get to my head :).

I hope you add some textual analysis to your data, as many people find
it hard to read pure stats.  Also I have some suggestions for
improving your table at
http://www.computerdefense.org/wp-content/uploads/2008/01/comparison.jpg
if you find time:

o you could add a "total" time column at the end
o you could add a "total missed ports" column after that
o you could put times in red for cases where ports were missed (I'd
  put the total missed ports in read too if nonzero).

Anyway, thanks for posting your independent data.  Isn't it strange
how it came out a lot differently than all the examples in the
PortBunny presentation?

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: