Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nmap sometimes shows negative latencies #863

Closed
dmiller-nmap opened this Issue Apr 22, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@dmiller-nmap
Copy link

dmiller-nmap commented Apr 22, 2017

Have seen multiple reports of this, but have no info about which systems are affected. Please provide observations including:

  1. Output of nmap --version
  2. Options used
  3. Is it repeatable?
  4. Network type (802.11n, gigabit Ethernet, 100Mbps Fast Ethernet, etc)
  5. Output with --packet-trace

Existing reports:

@szakharchenko

This comment has been minimized.

Copy link

szakharchenko commented Feb 15, 2018

  1. nmap --version :

Nmap version 7.40 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.0c libpcre-8.39 libpcap-1.8.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

  1. Options used: nmap -sP --packet-trace 192.168.1.1/24

  2. This is reproducible with high probability on bare hardware; OS Linux 4.9.0-4-amd64 #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux

  3. Network is fairly generic, e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: Rx/Tx

  4. Relevant portions of output, with altered IPs/MACs:

nmap -sP --packet-trace 192.168.1.1/24

Starting Nmap 7.40 ( https://nmap.org ) at 2018-02-15 05:29 UTC
...
SENT (1.6851s) ARP who-has 192.168.1.10 tell 192.168.1.2
...
SENT (1.7859s) ARP who-has 192.168.1.10 tell 192.168.1.2
SENT (1.8860s) ARP who-has 192.168.1.11 tell 192.168.1.2
RCVD (1.6859s) ARP reply 192.168.1.10 is-at 40:40:40:40:40:40
RCVD (1.7866s) ARP reply 192.168.1.10 is-at 40:40:40:40:40:40
...
Nmap scan report for 192.168.1.10
Host is up (-0.100s latency).
MAC Address: 40:40:40:40:40:40 (Unknown)
  1. Analysis: it seems like the ARP request is sent multiple times, and when performing latency calculation, the first response's and the last request's timestamps are used, which gives -0.1s.
@P4z

This comment has been minimized.

Copy link

P4z commented Feb 26, 2019

Hi, I wonder why there is no progress here.
I can see negative latency values on my network when issuing nmap -sn -T5 ... with both versions: 7.40 and 7.70SVN. Isn't @szakharchenko's analysis correct?

@szakharchenko

This comment has been minimized.

Copy link

szakharchenko commented Feb 26, 2019

@P4z : nobody seems to care:)

@nmap-bot nmap-bot closed this in f519e64 Mar 1, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.