Re: New traceroute algorithm, or how to ping and traceroute 110 hosts in under 15 seconds

[David Fifield <david () bamsoftware com>]

On Sun, Sep 13, 2009 at 09:33:39PM -0600, David Fifield wrote:
> I reported some cases where a traceroute could be very slow in
> http://seclists.org/nmap-dev/2009/q3/0425.html. Fyodor asked me to try
> to make it faster. There's a branch where a new faster traceroute is
> almost done.
>
> This traceroute is faster in every case I've tested, though it is still
> based fundamentally on the backwards-tracing algorithm implemented by
> Eddie Bell. Instead of there being one special reference trace, all
> traces are treated equally, and they are merged into a tree structure as
> common nodes are found. This results in fewer probes being sent. Also,
> probes are parallelized within each host, not just across all hosts.
> (The parallelism can result in more packets for small-scale scans
> because the probes often shoot past the target.)
>
> Name resolution of traceroute hops is also faster because duplicate
> addresses are culled before passing them to the resolver.
>
> The new algorithm also avoids taking a very long time when the target
> doesn't respond to the traceroute probe. Before it was changed to give
> up on such targets, the old traceroute could take over 30 minutes to
> trace one of them.

This has been merged, along with a few other minor performance
optimizations I made today. Please give it a try with
        nmap -n -sP --traceroute -v
against your favorite network. Naturally I want to know about any
problems, like the trace taking longer than it used to, or assertion
failures.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org