Re: nmap massive memory usage

[majek04 <majek04+nmap-dev () gmail com>]

On 12/4/07, John Richard Moser <nigelenki () comcast net> wrote:
> In scanning two /24 ranges for full UDP sweeps on all 0-65535 ports, I
> found nmap (after fininshing the first group) held 600MB+ of RSS on
> 64-bit Linux.  Command line:

There is one instance of port_map array allocated for every
scanned protocol. So for '-sU -p0-65535' you have
65k*u16 = 128KBytes in just port_map.
(port_map is static variable on PortList class see portlist.cc:623)

For every host one PortList instance is created.
On PortList instance there is port_list array allocated for every protocol.
The memory used depends on the number of ports scanned

port_list size is sometning like this
   sizeof(Port*) * (number_ports_scanned + 1)
It's 65k*8B = 512KBytes per host in your case.

Next, for every scanned port the Port() instance is created.
Every Port instance have (fix me if I miscounted):
 - u16
 - u8
 - int * 8
 - ScriptResults (it's std::vector)
 - long
 - ptr * 10
Sizeof(Port) on my 32-bit machine is 104 bytes.

Roughly in your case:
 128K +  // port_map
 ((number_of_ports * sizeof(Port*))  +// PortList:port_list
 (sizeof(Port) * number_of_ports))  //PortList:port_list[port_number] -> Port()
 * number_of_hosts_in_hostgroup

For hostgroup of about 50 it's 350MBytes on 32bit machine.

Am I correct?

Marek Majkowski

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org