Nmap Development mailing list archives

Re: massping migration and you

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 30 Aug 2007 22:29:41 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In classic poor form I'm going to reply to myself...

On Thu, 30 Aug 2007 17:59:46 +0000
Brandon Enright <bmenrigh () ucsd edu> wrote:


I'm going to re-run my 3 /16 net scans with -T4 and -T5 to see if that
puts us back into the 25 minute range.


Okay, results are in.  Old massping() would scan our 3 /16s in about 23
minutes.

With -T4 --min-hostgroup 2048 the ultrascan() code produces:

Nmap done: 186368 IP addresses (13589 hosts up) scanned in 7691.547 seconds

real    128m11.555s
user    24m28.373s
sys     2m39.927s


With -T5 --min-hostgroup 2048 the ultrascan() code produces:

Nmap done: 186368 IP addresses (13539 hosts up) scanned in 4984.243 seconds

real    83m4.250s
user    25m22.534s
sys     2m28.833s


Based on your scaling comment, I scanned each /16 by itself too (-T5
- --min-hostgroup 2048) to check if the sum of the times was in the 83 minute
range. Here are those results:

Nmap done: 57344 IP addresses (9403 hosts up) scanned in 1016.288 seconds

real    16m56.294s
user    5m45.315s
sys     0m46.945s

Nmap done: 63488 IP addresses (2208 hosts up) scanned in 1841.417 seconds

real    30m41.422s
user    8m49.860s
sys     0m49.442s

Nmap done: 65536 IP addresses (2043 hosts up) scanned in 2845.999 seconds

real    47m26.005s
user    9m32.656s
sys     0m53.006s

17 + 31 + 47 = 95 which is > 83 so clearly there isn't a scaling problem.


I've always felt like on our campus network -T5 is conservative.  I
generally ramp up the timings:

- --min-parallelism 128
- --min-hostgroup 1024-2048 depending on the type of scan
- --initial-rtt-timeout 50
- --max-rtt-timeout 100
- --max-retries 1

I've been thinking about submitting a -T6 patch to be used on fast, low
packet loss local networks for a long time.  Maybe it is time to start
looking into it?

If there are any specific -sP timing tests you would like me to do let me
know.

Brandon


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG10TVqaGPzAsl94IRAibqAJ4rLs2/mql5B7AqweMQp4Ir9kiTawCfZgXb
Bgb7btCNBFTwnZ2COVoXSpM=
=bQvT
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

massping migration and you David Fifield (Aug 28)
- Re: massping migration and you Fyodor (Aug 28)
- Re: massping migration and you Kris Katterjohn (Aug 29)
  - Re: massping migration and you Kris Katterjohn (Aug 29)
  - Re: massping migration and you David Fifield (Aug 29)
    - Re: massping migration and you Kris Katterjohn (Aug 29)
    - Re: massping migration and you Brandon Enright (Aug 29)
    - Re: massping migration and you Brandon Enright (Aug 29)
    - Re: massping migration and you David Fifield (Aug 30)
    - Re: massping migration and you Brandon Enright (Aug 30)
    - Re: massping migration and you Brandon Enright (Aug 30)
    - Re: massping migration and you David Fifield (Aug 30)
    - Re: massping migration and you Brandon Enright (Aug 30)
    - Re: massping migration and you David Fifield (Aug 30)
    - Re: massping migration and you Brandon Enright (Aug 31)
    - Re: massping migration and you David Fifield (Sep 02)