Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nmap sometimes shows negative latencies #863

Closed
dmiller-nmap opened this issue Apr 22, 2017 · 3 comments
Closed

Nmap sometimes shows negative latencies #863

dmiller-nmap opened this issue Apr 22, 2017 · 3 comments

Comments

@dmiller-nmap
Copy link

Have seen multiple reports of this, but have no info about which systems are affected. Please provide observations including:

  1. Output of nmap --version
  2. Options used
  3. Is it repeatable?
  4. Network type (802.11n, gigabit Ethernet, 100Mbps Fast Ethernet, etc)
  5. Output with --packet-trace

Existing reports:

@szakharchenko
Copy link

szakharchenko commented Feb 15, 2018

  1. nmap --version :

Nmap version 7.40 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.0c libpcre-8.39 libpcap-1.8.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

  1. Options used: nmap -sP --packet-trace 192.168.1.1/24

  2. This is reproducible with high probability on bare hardware; OS Linux 4.9.0-4-amd64 I get this error scanning against my gpsd  #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux

  3. Network is fairly generic, e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: Rx/Tx

  4. Relevant portions of output, with altered IPs/MACs:

nmap -sP --packet-trace 192.168.1.1/24

Starting Nmap 7.40 ( https://nmap.org ) at 2018-02-15 05:29 UTC
...
SENT (1.6851s) ARP who-has 192.168.1.10 tell 192.168.1.2
...
SENT (1.7859s) ARP who-has 192.168.1.10 tell 192.168.1.2
SENT (1.8860s) ARP who-has 192.168.1.11 tell 192.168.1.2
RCVD (1.6859s) ARP reply 192.168.1.10 is-at 40:40:40:40:40:40
RCVD (1.7866s) ARP reply 192.168.1.10 is-at 40:40:40:40:40:40
...
Nmap scan report for 192.168.1.10
Host is up (-0.100s latency).
MAC Address: 40:40:40:40:40:40 (Unknown)
  1. Analysis: it seems like the ARP request is sent multiple times, and when performing latency calculation, the first response's and the last request's timestamps are used, which gives -0.1s.

@P4z
Copy link

P4z commented Feb 26, 2019

Hi, I wonder why there is no progress here.
I can see negative latency values on my network when issuing nmap -sn -T5 ... with both versions: 7.40 and 7.70SVN. Isn't @szakharchenko's analysis correct?

@szakharchenko
Copy link

@P4z : nobody seems to care:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants