Nmap Development mailing list archives
New option: --min-rate for minimum-rate scanning
From: David Fifield <david () bamsoftware com>
Date: Tue, 25 Mar 2008 21:40:31 -0600
Hello, I just added a new option --min-rate to Nmap in Subversion. Its option is a number, which is a minimum number of packets to send per second. In other words, use nmap --min-rate 1000 to send at least 1000 packets per second. You can push it as high as you like, but eventually Nmap will hit a limit at which it can't physically send packets any faster, which will depend on your CPU and network hardware. This option is good if you think you know a better speed for your network than Nmap can find, or if you have to make sure a scan finishes by a certain time, possibly at the expense of accuracy. As a bonus you get a packet sending rate meter built into Nmap. Use the -d option to enable it, then press a key during a scan or wait for overall stats at the end. It looks something like Current sending rates: 1024.11 packets / s, 45060.93 bytes / s. But watch out when interpreting the overall (average) rates at the end of a scan. The number is likely to be lower than what you asked for, because it includes time at the end of the scan while Nmap is waiting for the last probes to time out, during which no packets are sent. Rest assured that Nmap is honoring your rate request during the times it's sending packets. I admit it's disconcerting to say "--min-rate 1000" and then see "Overall sending rates: 911.84 packets / s". There is currently an algorithmic inefficiency in the scan engine that can show itself at really high send rates. When the list of outstanding probes gets really long, it takes a long time to traverse it to find probes to retransmit, and this CPU usage can slow the scan to below the minimum rate. I consider this a bug, and a fix should be forthcoming. In the meantime just be careful about pushing --min-rate too high. This is a new, semi-experimental feature, and I invite comments on the implementation or the interface or whatever. For example, Kris suggested a syntax like "--min-rate 100/s" or "--min-rate 600/h" to mean "100 packets per second" or "600 packets per hour." Also it would be possible to specify the rate in bytes rather than packets, but I don't know if there's demand for that. Does anyone want a complementary --max-rate option? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- New option: --min-rate for minimum-rate scanning David Fifield (Mar 25)
- Re: New option: --min-rate for minimum-rate scanning Razi Shaban (Mar 26)
- Re: New option: --min-rate for minimum-rate scanning David Fifield (Mar 26)
- Re: New option: --min-rate for minimum-rate scanning Razi Shaban (Mar 26)
- Re: New option: --min-rate for minimum-rate scanning David Fifield (Mar 26)
- Re: New option: --min-rate for minimum-rate scanning Brandon Enright (Mar 26)
- Re: New option: --min-rate for minimum-rate scanning David Fifield (Mar 30)
- Re: New option: --min-rate for minimum-rate scanning Brandon Enright (Mar 30)
- Re: New option: --min-rate for minimum-rate scanning David Fifield (Mar 31)
- Re: New option: --min-rate for minimum-rate scanning David Fifield (Mar 30)
- Re: New option: --min-rate for minimum-rate scanning Razi Shaban (Mar 26)