Re: [nmap-svn] r6963 - nmap-exp/david/nmap-fixed-rate

[David Fifield <david () bamsoftware com>]

On Fri, Mar 21, 2008 at 09:11:07PM -0700, Fyodor wrote:
> On Sat, Mar 22, 2008 at 12:28:31AM +0000, Brandon Enright wrote:
> > I look forward to the end-result, sometime sending at N pps is exactly
> > what I want Nmap to do.
>
> Instead of offering just a fixed packet send rate (which I think is
> what Scanrand and Unicornscan do), I'm starting to think we should
> allow you to set a minimum and/or maximum packet send rate.  If you
> are trying to speed Nmap up, you would set a minimum rate which would
> override Nmap's normal congestion control algorithms if they would
> otherwise slow Nmap below that rate.  But this would still allow Nmap
> to ramp up to faster rates if you are scanning an unfirewalled
> localhost or the like.

I will think about how to do it.

> I'm not certain that we need max packet rate option.  Perhaps
> --scan-delay is enough, or maybe the max rate option would be a pain
> to implement.  But I am definitely warming to the idea of offering a
> minimum rate rather than fixed rate.  Or maybe the max scan rate
> option would turn out to be more useful than --scan-delay.
> --scan-delay is per host, while I imagine that a max packet rate would
> cover all hosts being scanned at once by Nmap.  Maybe one could be
> used to implement the other.

--scan-delay is per host, but otherwise it is exactly a maximum packet
rate, if you take the inverse of the argument. (E.g., --scan-delay 200
comes to a maximum rate of 5 (= 1 s / 200 ms) per second.) I have been
implementing the fixed-rate scanning as a maximum rate also, because
once you take out other control Nmap will go as fast as it can and all
you have to do is put a cap on it to get a desired rate.

> One advantage to using a minimum rather than fixed packet rate option
> is that we could potentially add a minimum rate for timing templates
> such as -T4 and -T5.  Though that could lead to trouble when we scan
> rate-limited hosts (as is commonly encountered with UDP scan).  So I'm
> not sure it is a good idea for -T4.

Something to keep in mind about a minimum is that you can't meet it if
you don't have packets to send. At the end of a scan while you're
waiting for probes to time out I think everyone agrees you want your
sending rate to go to zero. (This had me confused for a while with the
fixed-rate scanning, because my average send rates were too low, but I
wasn't accounting for this time out period.) However, you can guarantee
that while there are packets to send, they will be sent at a certain
rate or faster (at least up to the fastest Nmap can go).

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org