Tudor's Status Report - #11 of 17

[Tudor-Emil COMAN <tudor_emil.coman () cti pub ro>]

Hi,


The past week I got access to the research server and I spent most of the time conducting some scans just to get a feel 
of it's limits.

While doing the scans I used nload to monitor network utilization and top to monitor CPU usage.


By taking --min-rate as far as 150000 it seems to  average out at about 40 Mbps for a syn scan (-sS -Pn). At this point 
CPU utilization is almost 100% and no matter how high i take --min-rate it won't go above this. Even enabling debug 
info at this point with -ddd gives such a performance hit it lowers the speed to 30 Mbps.


Having big hostgroups seems to bring some performance penalty. I think it's from the usage of two lists in 
scan_engine.cc (incompleteHosts and completedHosts). A lot of popping and pushing happen on them and if the hostgroups 
are big enough all that memory allocations take a toll on the CPU. I was thinking of unifying those two lists in a 
single vector and using a variable to determine whether a host there was completed or not.



Accomplishments:

- Fixed a memory leak in engine_iocp.

- Started scanning with the research server and found a bottleneck in scan_engine.


Priorities:

- Use the research server to find bottlenecks.

- Change the CONCURRENCY_LIMIT in NSE.

- Take another look at the tftp-enum.


Also if you have a Windows computer and feel comfortable compiling code please check out my engine_iocp and do some 
scans with the --nsock-engine=iocp.

nmap-exp: https://svn.nmap.org/nmap-exp/tudor/nsock-iocp/


Cheers,

Tudor

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/