Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap host timeout inquiry

From: tommymay () comcast net (Tommy May)
Date: Thu, 24 Jan 2008 13:10:55 +0000
ithilgore:

Thank you so much for your response.  Again, I am not an experienced developer by any means...
But I am sort of able to follow the logic in the code that you sent, in relation to the comments provided.

Perhaps hostl is expecting a more specific regex, or other pattern matching format for the vector to work successfully? 
 (for example a specific IP address 10.0.0.1 versus example range 10.0.0.0-255 or 10.0.0.0/24... depending on how the 
pattern matching works, it could miss a match somewhere?)

Again... I am no developer here, so please forgive the ignorance.

If anyone else has some insight I would greatly apprecite it as well.

Thanks,
Tommy


 -------------- Original message ----------------------
From: "ithilgore.ryu.L () gmail com" <ithilgore.ryu.l () gmail com>

Tommy May wrote:

Hello Nmap Folk:

I am not an experienced developer, so please excuse my lack of knowledge on 

the inner 

mechanics.

I have been trying to optimize nmap scans for host discovery and find that the 
built in T4 option works awesome (after having played with all of the 
customizable "rtt" options)... but I also would like to add the --host-timeout 
parameter to speed up scans a little.

details:

I am using an input file (-iL) with entire /24 networks 

 - default "nmap -sTU -T4 -P0" on a reasonably fast /24 netblock with stateful 
firewall ruleset takes roughly 15 hours to complete, but its the most accurate 
results I have been able to produce (measure - all hosts that are truly up, 
result in the output file).

- I have been able to complete a scan on the same network with "nmap -sTU -T4 
-P0 --host-timeout 120m" in roughly 6 hours... but I notice that the second 

half 

of the netblock all times out... 

This leads me to suspect that the "--host-timeout" parameter may apply to all 

of the targets that you specifiy in the 

input list, rather than just IP by IP?  This could explain why half of the 

IP's 

in the netblock timed out, when no timeout parameter catches all of the IP 
addresses in the netblock.

Are my suspicions correct or am I just shooting in the dark?  I would suppose 
that I would have to do a separate IP by IP scan to allow the --host-timeout 
parameter to work per IP?

Any insight you may have as to how this parameter works in this way would be 
greatly appreciated, and will better help me to discover the optimal settings.

Sincerely,
Tommy May

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
  



I actually noticed the behaviour u described, too.
Though i think the original intent was to have a host-timeout by each ip
as i figured out from the code:

/* Start the timeout clocks of any targets that aren't already timedout */
static void startTimeOutClocks(vector<Target *> &Targets) {
struct timeval tv;
vector<Target *>::iterator hostI;

gettimeofday(&tv, NULL);
for(hostI = Targets.begin(); hostI != Targets.end(); hostI++) {
if (!(*hostI)->timedOut(NULL))
(*hostI)->startTimeOutClock(&tv);
}
}

since it uses a vector and each target has its own timeout.

But what actually happens is what u described.
I reproduced it just now.
After specifying a host-timeout and scanning more than 1 host
then if the 1st host timeouts all of the rest timeout instantly.

$nmap --host-timeout 15000 host1.com host2.com -P0
....
....
Connect Scan Timing: About 15.20% done; ETC: 14:19 (0:01:13 remaining)
xxx.xxx.xxx.xx1 timed out during Connect Scan (1 host left)
xxx.xxx.xxx.xx2 timed out during Connect Scan (0 hosts left)
Completed Connect Scan at 14:18, 15.11s elapsed (2 hosts timed out)
Host host1.com (xxx.xxx.xxx.xx1) appears to be up ... good.
Skipping host host1.com (xxx.xxx.xxx.xx1) due to host timeout

Host host2.com (xxx.xxx.xxx.xx2) appears to be up ... good.
Skipping host host2.com (xxx.xxx.xxx.xx2) due to host timeout


I think Fyodor will know better as to what exactly happens or if this is 
actually a bug.

ithilgore








_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: