Nmap Development mailing list archives
Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow.
From: jayrhine () comcast net
Date: Thu, 07 Aug 2008 18:26:46 +0000
Folks,
I was trying to get Nmap running on Solaris 9 and Solaris 10, but things
are not working correctly. I have Nmap installed and working perfectly on
Linux. My setup is I have a Solaris 9 Machine, a Solaris 10 Machine, and a
Linux Machine each with nmap installed on the same switch trying to scan another
Solaris host on that switch. The Solaris machines go MUCH slower than the Linux
machines. Note the the below issues only appear to occur with Syn and UDP
scans. They do not appear to affect connect scans. My only guess is that this
is something to do with libpcap or raw sockets, so I believe this is used for
syn/udp scans but not for connect scans. Details follow. Does anyone have any
thoughts as to what could be going on? Thanks!
So everything is local, there are no firewalls, no routers, or anything
else in between. On Solaris 9, I have used the nmap 4.60 package from
sunfreeware. On Solaris 10, I have tried the 4.60 sunfreeware package as well
as compiling 4.68 from source. Both Solaris machines have libpcap 0.9.8 installed from sunfreeware. On Linux, I have
the Fedora 8 nmap 4.52 rpm installed.
Here's what happening.
If I execute "nmap -r -sS -vv -p 0-1024 x.x.x.x" on these three different
scanners, I get different speed results:
For linux, the scan completes in about 30 seconds
I see the following message parts way through the scan, and the scanner backs
off a bit. I think this is due to the a maximum RST's per second that Solaris
allows.
Increasing send delay for x.x.x.x from 0 to 5 due to 22 out of 73 dropped probes
since last increase.
Increasing send delay for x.x.x.x from 5 to 10 due to max_successful_tryno
increase to 4
Increasing send delay for x.x.x.x from 10 to 20 due to max_successful_tryno
increase to 5
For Solaris 9, the scan took about 330 seconds (11 times slower than the linux
scan!) After it displays the following messages it goes to a complete crawl.
Increasing send delay for x.x.x.x from 0 to 5 due to max_successful_tryno
increase to 4
Increasing send delay for x.x.x.x from 5 to 10 due to max_successful_tryno
increase to 5
Increasing send delay for x.x.x.x from 10 to 20 due to max_successful_tryno
increase to 6
Increasing send delay for x.x.x.x from 20 to 40 due to max_successful_tryno
increase to 7
Increasing send delay for x.x.x.x from 40 to 80 due to max_successful_tryno
increase to 8
Increasing send delay for x.x.x.x from 80 to 160 due to 11 out of 14 dropped
probes since last increase.
Increasing send delay for x.x.x.x from 160 to 320 due to max_successful_tryno
increase to 9
For Solaris 10, with the nmap 4.60 package from sunfreeware, the scan completes
very quickly but identifies all the ports as filtered!
For Solaris 10, with the nmap 4.68 compiled from source, the scan took about 330
seconds (11 times slower than the linux scan!). After it displays the following
messages it goes to a complete crawl.
Increasing send delay for x.x.x.x from 0 to 5 due to max_successful_tryno
increase to 4
Increasing send delay for x.x.x.x from 5 to 10 due to max_successful_tryno increase to 5
Increasing send delay for x.x.x.x from 10 to 20 due to max_successful_tryno
increase to 6
Increasing send delay for x.x.x.x from 20 to 40 due to max_successful_tryno
increase to 7
Increasing send delay for x.x.x.x from 40 to 80 due to max_successful_tryno
increase to 8
Increasing send delay for x.x.x.x from 80 to 160 due to 11 out of 14 dropped
probes since last increase.
Increasing send delay for x.x.x.x from 160 to 320 due to max_successful_tryno
increase to 9
bash-3.00# nmap -sS -p 20-24 x.x.x.x
I also find that on Solaris 10 (and Solaris 9) if I run 2 short nmap scans
quickly one after another, that the results often change showing me some ports
that should be opened or closed as filtered. This results are not consistent,
sometimes multiple scans in a row will not show these weird filtered points and
sometimes they will not. I have never observed this behaviour on Linux.
Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-07 08:41 EDT
Interesting ports on x.x.x.x:
PORT STATE SERVICE
20/tcp filtered ftp-data
21/tcp open ftp
22/tcp filtered ssh
23/tcp filtered telnet
24/tcp filtered priv-mail
MAC Address: y:y:y:y:y:y (SUN Microsystems)
Nmap done: 1 IP address (1 host up) scanned in 2.815 seconds
bash-3.00# nmap -sS -p 20-24 x.x.x.x
Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-07 08:41 EDT
Interesting ports on x.x.x.x:
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
24/tcp closed priv-mail
MAC Address: y:y:y:y:y:y (SUN Microsystems)
Nmap done: 1 IP address (1 host up) scanned in 4.812 seconds
bash-3.00#
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. David Fifield (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. doug (Aug 07)
- <Possible follow-ups>
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 08)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 10)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 11)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 11)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 11)
(Thread continues...)