Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Call for testers: nsock poll(2)-engine

From: David Fifield <david () bamsoftware com>
Date: Wed, 7 Mar 2012 22:19:55 -0800
On Sun, Feb 19, 2012 at 04:23:38PM +0100, Henri Doreau wrote:

Hello,

I've developed a new IO engine for nsock, based on poll(2) (UNIX like
systems) or WSAPoll (Windows systems - thanks to Arnaud Bellec for
helping there). I would appreciate some feedback on it, especially
from people running non-linux platforms (BSDs, Mac OS, Windows...).

To get the code:
svn co https://svn.nmap.org/nmap-exp/henri/nmap-pollengine

Possible stress tests:
   # Basic operations
   nmap -sVC <targets>
   # High speed TCP connect
   nping --tcp-connect -c 2000 --rate 2000 localhost
   # PCAP code
   nmap --traceroute --script firewalk,qscan,ipidseq <targets>

Also the new engine is always enabled under windows (due to a
hardcoded #define HAVE_POLL 1 in nsock/include/nsock_winconfig.h)
which might break compilation on platforms that don't provide the
WSAPoll function. Although this is probably trivial, I have absolutely
no idea how to add a conditional check (ala configure) to the visual
studio project files and don't have any Windows box to experiment. If
someone well versed in Windows development could give it a try that
would be much appreciated.

The new engine should bring a considerable scalability gain, since it
removes the current limitation of FD_SETSIZE (usually 1024; 64 on
windows) concurrent sockets on all platforms but Linux (for which we
already have an epoll(7)-based engine).

The new engine is defined first in the engines list, and should
therefore be selected by default, even on epoll-aware systems. This is
for testing purposes.


I did a quick test of this. I noticed that nmap-pollengine gave this
error:

Got nsock CONNECT response with status ERROR - aborting this service

But nmap trunk gave this:

Got nsock CONNECT response with status TIMEOUT - aborting this service

I put the logs at the end of this message. This is
Linux 3.2.0-1-amd64 #1 SMP Sun Feb 5 15:17:15 UTC 2012 x86_64 GNU/Linux

David Fifield

./nmap -sV -d www.bamsoftware.com

nmap trunk

Scanning www.bamsoftware.com (69.164.193.231) [1000 ports]
Packet capture filter (device wlan0): dst host 10.32.48.93 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 
69.164.193.231)))
Discovered open port 443/tcp on 69.164.193.231
Discovered open port 995/tcp on 69.164.193.231
Discovered open port 80/tcp on 69.164.193.231
Discovered open port 587/tcp on 69.164.193.231
Discovered open port 993/tcp on 69.164.193.231
Discovered open port 22/tcp on 69.164.193.231
Discovered open port 9001/tcp on 69.164.193.231
Completed SYN Stealth Scan at 18:40, 5.53s elapsed (1000 total ports)
Overall sending rates: 360.54 packets / s, 15863.76 bytes / s.
Initiating Service scan at 18:40
Scanning 7 services on www.bamsoftware.com (69.164.193.231)
Got nsock CONNECT response with status TIMEOUT - aborting this service
Completed Service scan at 18:41, 30.76s elapsed (7 services on 1 host)
Starting RPC scan against www.bamsoftware.com (69.164.193.231)
NSE: Script scanning 69.164.193.231.
NSE: Starting runlevel 1 (of 1) scan.
Nmap scan report for www.bamsoftware.com (69.164.193.231)
Host is up, received echo-reply (0.091s latency).
rDNS record for 69.164.193.231: melchior.bamsoftware.com
Scanned at 2012-03-07 18:40:53 PST for 37s
Not shown: 991 filtered ports
Reason: 991 no-responses
PORT     STATE  SERVICE         REASON  VERSION
22/tcp   open   ssh             syn-ack OpenSSH 5.5p1 Debian 6+squeeze1 (protocol 2.0)
80/tcp   open   http            syn-ack Apache httpd 2.2.16 ((Debian))
443/tcp  open   ssl/http        syn-ack Apache httpd 2.2.16 ((Debian))
587/tcp  open   smtp            syn-ack Exim smtpd 4.72
843/tcp  closed unknown         reset
993/tcp  open   ssl/imap        syn-ack Dovecot imapd
995/tcp  open   ssl/pop3        syn-ack Dovecot pop3d
7070/tcp closed realserver      reset
9001/tcp open   ssl/tor-orport? syn-ack
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
Final times for host: srtt: 91010 rttvar: 6068  to: 115282

Read from /home/david/nmap-git: nmap-payloads nmap-rpc nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.96 seconds
           Raw packets sent: 1997 (87.844KB) | Rcvd: 12 (504B)

nmap-pollengine

Scanning www.bamsoftware.com (69.164.193.231) [4 ports]
Packet capture filter (device wlan0): dst host 10.32.138.52 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 
69.164.193.231)))
We got a ping packet back from 69.164.193.231: id = 58053 seq = 0 checksum = 7482
Completed Ping Scan at 15:57, 0.09s elapsed (1 total hosts)
Overall sending rates: 43.25 packets / s, 1643.65 bytes / s.
mass_rdns: Using DNS server 171.64.7.55
mass_rdns: Using DNS server 171.64.7.77
mass_rdns: Using DNS server 171.64.7.99
Initiating Parallel DNS resolution of 1 host. at 15:57
mass_rdns: 0.01s 0/1 [#: 3, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 15:57, 0.01s elapsed
DNS resolution of 1 IPs took 0.02s. Mode: Async [#: 3, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 15:57
Scanning www.bamsoftware.com (69.164.193.231) [1000 ports]
Packet capture filter (device wlan0): dst host 10.32.138.52 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 
69.164.193.231)))
Discovered open port 993/tcp on 69.164.193.231
Discovered open port 587/tcp on 69.164.193.231
Discovered open port 22/tcp on 69.164.193.231
Discovered open port 80/tcp on 69.164.193.231
Discovered open port 995/tcp on 69.164.193.231
Discovered open port 443/tcp on 69.164.193.231
Discovered open port 9001/tcp on 69.164.193.231
Completed SYN Stealth Scan at 15:57, 6.08s elapsed (1000 total ports)
Overall sending rates: 328.10 packets / s, 14436.23 bytes / s.
Initiating Service scan at 15:57
Scanning 7 services on www.bamsoftware.com (69.164.193.231)
Got nsock CONNECT response with status ERROR - aborting this service
Completed Service scan at 15:57, 23.16s elapsed (7 services on 1 host)
Starting RPC scan against www.bamsoftware.com (69.164.193.231)
NSE: Script scanning 69.164.193.231.
NSE: Starting runlevel 1 (of 1) scan.
Nmap scan report for www.bamsoftware.com (69.164.193.231)
Host is up, received echo-reply (0.093s latency).
rDNS record for 69.164.193.231: melchior.bamsoftware.com
Scanned at 2012-03-07 15:57:04 PST for 30s
Not shown: 991 filtered ports
Reason: 991 no-responses
PORT     STATE  SERVICE         REASON  VERSION
22/tcp   open   ssh             syn-ack OpenSSH 5.5p1 Debian 6+squeeze1 (protocol 2.0)
80/tcp   open   http            syn-ack Apache httpd 2.2.16 ((Debian))
443/tcp  open   ssl/http        syn-ack Apache httpd 2.2.16 ((Debian))
587/tcp  open   smtp            syn-ack Exim smtpd 4.72
843/tcp  closed unknown         reset
993/tcp  open   ssl/imap        syn-ack Dovecot imapd
995/tcp  open   ssl/pop3        syn-ack Dovecot pop3d
7070/tcp closed realserver      reset
9001/tcp open   ssl/tor-orport? syn-ack
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
Final times for host: srtt: 93255 rttvar: 10064  to: 133511

Read from /home/david/nmap-pollengine: nmap-payloads nmap-rpc nmap-service-probes nmap-services.
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 29.78 seconds
           Raw packets sent: 1998 (87.888KB) | Rcvd: 14 (645B)
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: