[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-dev
Subject: Tudor's Status Report - #8 of #17
From: Tudor-Emil COMAN <tudor_emil.coman () cti ! pub ! ro>
Date: 2016-06-20 22:09:14
Message-ID: AM3PR01MB0694A817004C1B23E5AA1A18942A0 () AM3PR01MB0694 ! eurprd01 ! prod ! exchangelabs ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello,
This week I've been bogged down solving some issues with my code. I've finally got it \
up and running and performed some tests to see how it adds up.
So you can see the code on my GitHub: \
https://github.com/nmap/nmap/compare/master...Tudor-Coman:iocp2?expand=1
I am aware that we are using SVN for development but I thought it would be more \
accessible if the comparison was only a click away and readable in the browser.
I have used nmap's service scan to perform the test. I know that is insufficient and \
I will be looking into other ways of testing in the future.
For the first set of measurements I configured an Apache server inside a VM. Then I \
used iptables to redirect a lot of ports to port 80 with a command like: iptables -t \
nat -A PREROUTING -p tcp --dport 2000:40000 -j REDIRECT --to-port 80 So from the \
outside it would appear we have a lot of open ports with Apache listening on them. \
Now I didn't use the event MPM to support an insane number of connections. Reading \
the documentation it would appear that Apache is configured to service 256 clients \
(via it's MaxClients directive). So I figured if the parallelism level doesn't go \
above that value it shouldn't affect the measurements.
I started with:
nmap.exe -n 192.168.56.2 -sSV --nsock-engine=select -p 2000-2200 --min-parallelism 40 \
--max-parallelism 40
And I kept increasing the parallelism value with an increment of 5 until I reached 85 \
for all the engines on Windows. You can see the graph in the apache_comparison.png \
attached to this email.
For the second set of measurements I put nginx on my old computer and used that as a \
target. I also used iptables to redirect a bunch of ports. My laptop from where I'm \
performing the scan is connected to the old computer via a wi-fi router. It's a \
similar methodology with what I did above. You can see the graph in the \
nginx_comparison.png attached to this email.
One thing to note is that for the second set I used the newest commit on Github while \
on the first set for the Apache I was using an older commit, I don't know how much \
that would affect the results.
Accomplishments:
- Added support for SSL
- Solved a nasty concurrency issue
- Cleaned the code
- Made some measurements
Priorities:
- Find other ways to test it besides just using nmap.
Cheers,
Tudor
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} \
--></style> </head>
<body dir="ltr">
<div id="divtagdefaultwrapper" \
style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hello,</p>
<p><br>
</p>
<p><br>
</p>
<p>This week I've been bogged down solving some issues with my code. I've finally got \
it up and running and performed some tests to see how it adds up.</p> <p><br>
</p>
<p>So you can see the code on my GitHub: <a \
href="https://github.com/nmap/nmap/compare/master...Tudor-Coman:iocp2?expand=1" \
class="OWAAutoLink" id="LPlnk743170" \
title="https://github.com/nmap/nmap/compare/master...Tudor-Coman:iocp2?expand=1 \
Ctrl+Click or tap to follow the \
link">https://github.com/nmap/nmap/compare/master...Tudor-Coman:iocp2?expand=1</a></p>
<p>I am aware that we are using SVN for development but I thought it would be more \
accessible if the comparison was only a click away and readable in the browser.</p> \
<br> <div>I have used nmap's service scan to perform the test. I know that is \
insufficient and I will be looking into other ways of testing in the future.</div> \
<div><br> </div>
<div><br>
</div>
<div>For the first set of measurements I configured an Apache server inside a \
VM. Then I used iptables to redirect a lot of ports to port 80 with a command \
like:</div> <div><span>iptables -t nat -A PREROUTING -p tcp --dport 2000:40000 -j \
REDIRECT --to-port 80</span></div> <div>So from the outside it would appear we have a \
lot of open ports with Apache listening on them.</div> <div>Now I didn't use the \
event MPM to support an insane number of connections. Reading the documentation it \
would appear that Apache is configured to service 256 clients (via it's MaxClients \
directive). So I figured if the parallelism level doesn't go above that value it \
shouldn't affect the measurements.</div> <div><br>
</div>
<div>I started with:</div>
<div><span>nmap.exe -n 192.168.56.2 -sSV --nsock-engine=select -p 2000-2200 \
--min-parallelism 40 --max-parallelism 40</span><br> </div>
<div><span><br>
</span></div>
<div><span>And I kept increasing the parallelism value with an increment of 5 until I \
reached 85 for all the engines on Windows.</span></div> <div><span>You can see the \
graph in the apache_comparison.png attached to this email.</span></div> \
<div><span><br> </span></div>
<div><span><br>
</span></div>
<div><span>For the second set of measurements I put nginx on my old computer and used \
that as a target. I also used iptables to redirect a bunch of ports.</span></div> \
<div><span>My laptop from where I'm performing the scan is connected to the old \
computer via a wi-fi router.</span></div> <div><span>It's a similar methodology with \
what I did above.</span></div> <div><span><span style="font-family: Calibri, \
Arial, Helvetica, sans-serif, "Apple Color Emoji", "Segoe UI \
Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", \
EmojiSymbols; font-size: 16px;">You can see the graph in the \
nginx_comparison.png attached to this email.</span><br>
</span></div>
<div><span><br>
</span></div>
<div><span>One thing to note is that for the second set I used the newest commit on \
Github while on the first set for the Apache I was using an older commit, I don't \
know how much that would affect the results.</span></div> <div><span><br>
</span></div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
<div><span>Accomplishments:</span></div>
<div><span>- Added support for SSL</span></div>
<div><span>- Solved a nasty concurrency issue</span></div>
<div>- Cleaned the code</div>
<div>- Made some measurements</div>
<div><br>
</div>
<div>Priorities:</div>
<div>- Find other ways to test it besides just using nmap.</div>
<div><span><br>
</span></div>
<div><span><br>
</span></div>
<div><span>Cheers,</span></div>
<div><span>Tudor</span></div>
<div><span><br>
</span></div>
</div>
</body>
</html>
["apache_comparison.png" (image/png)]
["nginx_comparison.png" (image/png)]
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic