Nmap Development mailing list archives
Re: [NSE] NTP info gathering script...
From: David Fifield <david () bamsoftware com>
Date: Mon, 21 Dec 2009 13:28:43 -0700
On Mon, Dec 14, 2009 at 06:55:31PM +0100, Richard Sammet wrote:
Hi David, On Sun, Dec 13, 2009 at 12:46 AM, David Fifield <david () bamsoftware com> wrote: ...* As a consequence of the above, short timeouts are no longer required, so I removed the timeout code to just use the defaults.... well, it looks like this was a bad idea ;) I performed some extensive tests with the version you checked in to the trunk and I noted that the script now "blocks" the hole scan if no data is returned by the ntp server while waiting for the default timeout value which is - obviously - to long. The benchmarks: command and options: ./nmap -sU -p 123 --script=ntp-info XXX.XXX.72.0/24 XXX.XXX.12.0/24 --open -n -T5 --max-hostgroup 128 --max-retries 1 -vvv -PN Script with default timeouts (version from trunk): Nmap done: 512 IP addresses (512 hosts up) scanned in 1640.67 seconds Raw packets sent: 1021 (77.596KB) | Rcvd: 22 (1608B) Script with modified timeouts: Nmap done: 512 IP addresses (512 hosts up) scanned in 65.72 seconds Raw packets sent: 1020 (77.520KB) | Rcvd: 18 (1232B)
You're right. I hadn't considered that the script will run for open|filtered ports. The 30-second default timeout is too long to do many of those. I think the proposed timeouts of 5500, 3500, 3000, 1500, and 750 ms, differing based on timing template, are overall too short. I've set a static timeout of 5000 ms, as is used in some other UDP scripts, and changed the script not to wait for a response to the second probe if the first one didn't work. If this is still too slow, a way to do this scan faster is to increase --max-parallelism, which will increase the number of simultaneous sockets used by NSE. It is 20 by default. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] NTP info gathering script..., (continued)
- Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
- Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)
- Re: [NSE] NTP info gathering script... Matt Selsky (Nov 30)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 01)
- Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 12)
- Re: [NSE] NTP info gathering script... David Fifield (Dec 12)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 13)
- Re: [NSE] NTP info gathering script... Richard Sammet (Dec 14)
- Re: [NSE] NTP info gathering script... David Fifield (Dec 21)
- Re: [NSE] NTP info gathering script... Richard Sammet (Nov 30)