Nmap Development mailing list archives
Detecting hosts in large subnets
From: Hillel <hillel.t () gmail com>
Date: Mon, 26 Dec 2005 11:12:21 +0200
Hello all, I am writing a software that should detect all hosts in class-B LAN's. I am not interested in any port or OS info, my only interest is host availability. The software runs within the LAN, which means there is no blocking firewall. After reading The timing and performance doc<http://www.insecure.org/nmap/man/man-performance.html>and playing around with the different options I came out with this command line as reasonable: nmap -sP -n --max_rtt_timeout 50 --max_scan_delay 0 --min_parallelism 100 <subnet> The command takes 87 seconds to a mostly empty class B subnet. I have a number questions: 1. From the sniffer output I see that nmap sends a second arp for every host that does not respond. Is there a way to cancel this behavior? 2. Are there any other suggestions to improve performance? 3. Is there some kind of lib-nmap? The best thing I managed so far was running nmap directly from my app, direct the output to a file and parse it. 4. Are there any licensing issues when including nmap and libpcap (it's a windows app) in a commercial release? 5. In I change max_rtt_timeout to 100 the scan time goes from 87 seconds to 150 seconds. Almost a linear increase. This is somewhat counter intuitive to me. I assume the time deficit is because of some limitations on the number of open sockets, that slows down the ability to send arp requests (is it so?). Is it possible to implement a mechanism that will send all arps without holding open descriptors, and then seat back for a second or two, and collect all answers? I know it's possible with a kernel module that logs all incoming traffic, I want to know if it's possible in user-land, using sockets, and if nmap has something like this (or can be hacked to have). Thanks Hillel. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Detecting hosts in large subnets Hillel (Dec 26)
- Re: Detecting hosts in large subnets Andreas Ericsson (Dec 26)
- Re: Detecting hosts in large subnets Hillel (Dec 26)
- RE: Detecting hosts in large subnets Alex R (Dec 26)
- Re: Detecting hosts in large subnets Hillel (Dec 26)
- Re: Detecting hosts in large subnets doug (Dec 26)
- Re: Detecting hosts in large subnets Martin Mačok (Dec 27)
- Re: Detecting hosts in large subnets Fyodor (Dec 27)
- Re: Detecting hosts in large subnets Hillel (Dec 27)
- Re: Detecting hosts in large subnets Martin Mačok (Dec 27)
- <Possible follow-ups>
- Re: Detecting hosts in large subnets 4N9e Gutek (Dec 27)
- Re: Detecting hosts in large subnets Hillel (Dec 27)
(Thread continues...)
- Re: Detecting hosts in large subnets Andreas Ericsson (Dec 26)