Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: -iR N for N < 16

From: jah <jah () zadkiel plus com>
Date: Mon, 25 Nov 2013 23:59:48 +0000
On 24/11/2013 21:18, jah wrote:

That ideal_scan_group_sz doesn't take into account o.max_ips_to_scan when using -iR.  The following produces the 
correct behaviour:

@@ -1848,4 +1848,6 @@
 
   do {
     ideal_scan_group_sz = determineScanGroupSize(o.numhosts_scanned, &ports);
+    if (o.max_ips_to_scan && o.max_ips_to_scan < ideal_scan_group_sz)
+      ideal_scan_group_sz = o.max_ips_to_scan;
     while (Targets.size() < ideal_scan_group_sz) {

Actually this proposed fix doesn't take into account the number of random hosts already scanned, so this could happen:

nmap -n -Pn -p 1-1001 -sS -iR 5
Starting Nmap 6.41SVN ( http://nmap.org ) at 2013-11-25 22:28 GMT Standard Time
Stats: 0:00:04 elapsed; 0 hosts completed (4 up), 4 undergoing SYN Stealth Scan
...
Stats: 0:20:55 elapsed; 4 hosts completed (9 up), 5 undergoing SYN Stealth Scan
...

That is, when doing a TCP scan of more than 1000 ports at a timing level of 4 or lower, the first hostgroup will be 4 
hosts (or 8 at -T4) and this number of hosts must be accounted for when determining the size of subsequent hostgroups.

I've committed the fix in r32527, but inside determineScanGroupSize() rather than immediately after calling 
determineScanGroupSize().

nmap -n -sL -iR 1
Starting Nmap 6.41SVN ( http://nmap.org ) at 2013-11-25 23:38 GMT Standard Time
...
Nmap done: 1 IP address (0 hosts up) scanned in 0.03 seconds

nmap -n -Pn -p 1-1001 -sS -iR 5
Starting Nmap 6.41SVN ( http://nmap.org ) at 2013-11-25 23:39 GMT Standard Time
Stats: 0:00:03 elapsed; 0 hosts completed (4 up), 4 undergoing SYN Stealth Scan
...
Stats: 0:01:02 elapsed; 4 hosts completed (5 up), 1 undergoing SYN Stealth Scan
...

nmap -n -Pn -p 1-1001 -sS -iR 0
Starting Nmap 6.41SVN ( http://nmap.org ) at 2013-11-25 23:41 GMT Standard Time
Stats: 0:00:03 elapsed; 0 hosts completed (4 up), 4 undergoing SYN Stealth Scan
...
Stats: 0:13:28 elapsed; 4 hosts completed (64 up), 60 undergoing SYN Stealth Scan
...

jah

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: