Nmap Development mailing list archives
Tudor's Status Report - #11 of 17
From: Tudor-Emil COMAN <tudor_emil.coman () cti pub ro>
Date: Tue, 12 Jul 2016 05:02:03 +0000
Hi, The past week I got access to the research server and I spent most of the time conducting some scans just to get a feel of it's limits. While doing the scans I used nload to monitor network utilization and top to monitor CPU usage. By taking --min-rate as far as 150000 it seems to average out at about 40 Mbps for a syn scan (-sS -Pn). At this point CPU utilization is almost 100% and no matter how high i take --min-rate it won't go above this. Even enabling debug info at this point with -ddd gives such a performance hit it lowers the speed to 30 Mbps. Having big hostgroups seems to bring some performance penalty. I think it's from the usage of two lists in scan_engine.cc (incompleteHosts and completedHosts). A lot of popping and pushing happen on them and if the hostgroups are big enough all that memory allocations take a toll on the CPU. I was thinking of unifying those two lists in a single vector and using a variable to determine whether a host there was completed or not. Accomplishments: - Fixed a memory leak in engine_iocp. - Started scanning with the research server and found a bottleneck in scan_engine. Priorities: - Use the research server to find bottlenecks. - Change the CONCURRENCY_LIMIT in NSE. - Take another look at the tftp-enum. Also if you have a Windows computer and feel comfortable compiling code please check out my engine_iocp and do some scans with the --nsock-engine=iocp. nmap-exp: https://svn.nmap.org/nmap-exp/tudor/nsock-iocp/ Cheers, Tudor
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Tudor's Status Report - #11 of 17 Tudor-Emil COMAN (Jul 11)