Nmap Development mailing list archives
Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow.
From: jayrhine () comcast net
Date: Thu, 07 Aug 2008 18:26:46 +0000
Folks, I was trying to get Nmap running on Solaris 9 and Solaris 10, but things are not working correctly. I have Nmap installed and working perfectly on Linux. My setup is I have a Solaris 9 Machine, a Solaris 10 Machine, and a Linux Machine each with nmap installed on the same switch trying to scan another Solaris host on that switch. The Solaris machines go MUCH slower than the Linux machines. Note the the below issues only appear to occur with Syn and UDP scans. They do not appear to affect connect scans. My only guess is that this is something to do with libpcap or raw sockets, so I believe this is used for syn/udp scans but not for connect scans. Details follow. Does anyone have any thoughts as to what could be going on? Thanks! So everything is local, there are no firewalls, no routers, or anything else in between. On Solaris 9, I have used the nmap 4.60 package from sunfreeware. On Solaris 10, I have tried the 4.60 sunfreeware package as well as compiling 4.68 from source. Both Solaris machines have libpcap 0.9.8 installed from sunfreeware. On Linux, I have the Fedora 8 nmap 4.52 rpm installed. Here's what happening. If I execute "nmap -r -sS -vv -p 0-1024 x.x.x.x" on these three different scanners, I get different speed results: For linux, the scan completes in about 30 seconds I see the following message parts way through the scan, and the scanner backs off a bit. I think this is due to the a maximum RST's per second that Solaris allows. Increasing send delay for x.x.x.x from 0 to 5 due to 22 out of 73 dropped probes since last increase. Increasing send delay for x.x.x.x from 5 to 10 due to max_successful_tryno increase to 4 Increasing send delay for x.x.x.x from 10 to 20 due to max_successful_tryno increase to 5 For Solaris 9, the scan took about 330 seconds (11 times slower than the linux scan!) After it displays the following messages it goes to a complete crawl. Increasing send delay for x.x.x.x from 0 to 5 due to max_successful_tryno increase to 4 Increasing send delay for x.x.x.x from 5 to 10 due to max_successful_tryno increase to 5 Increasing send delay for x.x.x.x from 10 to 20 due to max_successful_tryno increase to 6 Increasing send delay for x.x.x.x from 20 to 40 due to max_successful_tryno increase to 7 Increasing send delay for x.x.x.x from 40 to 80 due to max_successful_tryno increase to 8 Increasing send delay for x.x.x.x from 80 to 160 due to 11 out of 14 dropped probes since last increase. Increasing send delay for x.x.x.x from 160 to 320 due to max_successful_tryno increase to 9 For Solaris 10, with the nmap 4.60 package from sunfreeware, the scan completes very quickly but identifies all the ports as filtered! For Solaris 10, with the nmap 4.68 compiled from source, the scan took about 330 seconds (11 times slower than the linux scan!). After it displays the following messages it goes to a complete crawl. Increasing send delay for x.x.x.x from 0 to 5 due to max_successful_tryno increase to 4 Increasing send delay for x.x.x.x from 5 to 10 due to max_successful_tryno increase to 5 Increasing send delay for x.x.x.x from 10 to 20 due to max_successful_tryno increase to 6 Increasing send delay for x.x.x.x from 20 to 40 due to max_successful_tryno increase to 7 Increasing send delay for x.x.x.x from 40 to 80 due to max_successful_tryno increase to 8 Increasing send delay for x.x.x.x from 80 to 160 due to 11 out of 14 dropped probes since last increase. Increasing send delay for x.x.x.x from 160 to 320 due to max_successful_tryno increase to 9 bash-3.00# nmap -sS -p 20-24 x.x.x.x I also find that on Solaris 10 (and Solaris 9) if I run 2 short nmap scans quickly one after another, that the results often change showing me some ports that should be opened or closed as filtered. This results are not consistent, sometimes multiple scans in a row will not show these weird filtered points and sometimes they will not. I have never observed this behaviour on Linux. Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-07 08:41 EDT Interesting ports on x.x.x.x: PORT STATE SERVICE 20/tcp filtered ftp-data 21/tcp open ftp 22/tcp filtered ssh 23/tcp filtered telnet 24/tcp filtered priv-mail MAC Address: y:y:y:y:y:y (SUN Microsystems) Nmap done: 1 IP address (1 host up) scanned in 2.815 seconds bash-3.00# nmap -sS -p 20-24 x.x.x.x Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-07 08:41 EDT Interesting ports on x.x.x.x: PORT STATE SERVICE 20/tcp closed ftp-data 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 24/tcp closed priv-mail MAC Address: y:y:y:y:y:y (SUN Microsystems) Nmap done: 1 IP address (1 host up) scanned in 4.812 seconds bash-3.00# _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. David Fifield (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. doug (Aug 07)
- <Possible follow-ups>
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 07)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 08)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 10)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 11)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 11)
- Re: Nmap on Solaris 9 and Solaris 10 not working right? Going way too slow. jayrhine (Aug 11)
(Thread continues...)