Date: Thu, 13 Mar 2014 10:25:42 -0600 From: Ken Harvey <harveydesu@gmail.com> To: freebsd-net@freebsd.org Subject: NMap scans extremely slow on FreeBSD 10, possibly BIOCIMMEDIATE Message-ID: <CANi%2BoBhOE-7uswJRwEjGGVStikTvJcPw_voc_NfVGQLBGivYwA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am attempting to troubleshoot a problem with nmap on FreeBSD 10. The issue that I am having is that when running nmap -O 10.1.2.3 it is taking around 220 seconds to complete. While if I run that same command using Windows or Linux the command completes in around 2.3 seconds. Currently FreeBSD is 100 times slower for nmap scans then Linux or Windows. After reading through the forums and the mailing list archives I think the problem may be associated with BIOCIMMEDIATE. bpf is waiting for the buffer to fill, or for the ttl to expire before it processes the packets, rather than processing them upon receiving them. I may be incorrect in this theory, but I am unsure how to verify plausibility. While looking at /usr/includes/net/bpf.h I do see that BIOCIMMEDIATE is implemented. So I am now wondering if nmap or libpcap is sending the proper switch to bpf for it to enable BIOCIMMEDIATE. Is there a way for me to verify whether BIOCIMMEDIATE is being called in bpf? Is there a better way for me to try and troubleshoot this issue? You can view my forum post at https://forums.freebsd.org/viewtopic.php?f=7&t=45286 It has a little bit more detail then this post, but it also has a lot of my random troubleshooting steps as well. Currently I am a little over my head, and I am unsure how to or where to begin troubleshooting this problem. While I do want to get this issue resolved, I also would like to learn how to troubleshoot issues like these. Any help or guidance would be greatly appreciated.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANi%2BoBhOE-7uswJRwEjGGVStikTvJcPw_voc_NfVGQLBGivYwA>