Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nmap sometimes shows negative latencies #863

dmiller-nmap opened this issue Apr 22, 2017 · 3 comments

Nmap sometimes shows negative latencies #863

dmiller-nmap opened this issue Apr 22, 2017 · 3 comments


Copy link

Have seen multiple reports of this, but have no info about which systems are affected. Please provide observations including:

  1. Output of nmap --version
  2. Options used
  3. Is it repeatable?
  4. Network type (802.11n, gigabit Ethernet, 100Mbps Fast Ethernet, etc)
  5. Output with --packet-trace

Existing reports:

Copy link

szakharchenko commented Feb 15, 2018

  1. nmap --version :

Nmap version 7.40 ( )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.0c libpcre-8.39 libpcap-1.8.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

  1. Options used: nmap -sP --packet-trace

  2. This is reproducible with high probability on bare hardware; OS Linux 4.9.0-4-amd64 I get this error scanning against my gpsd  #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux

  3. Network is fairly generic, e1000e: eth0 NIC Link is Up 100 Mbps Full Duplex, Flow Control: Rx/Tx

  4. Relevant portions of output, with altered IPs/MACs:

nmap -sP --packet-trace

Starting Nmap 7.40 ( ) at 2018-02-15 05:29 UTC
SENT (1.6851s) ARP who-has tell
SENT (1.7859s) ARP who-has tell
SENT (1.8860s) ARP who-has tell
RCVD (1.6859s) ARP reply is-at 40:40:40:40:40:40
RCVD (1.7866s) ARP reply is-at 40:40:40:40:40:40
Nmap scan report for
Host is up (-0.100s latency).
MAC Address: 40:40:40:40:40:40 (Unknown)
  1. Analysis: it seems like the ARP request is sent multiple times, and when performing latency calculation, the first response's and the last request's timestamps are used, which gives -0.1s.

Copy link

P4z commented Feb 26, 2019

Hi, I wonder why there is no progress here.
I can see negative latency values on my network when issuing nmap -sn -T5 ... with both versions: 7.40 and 7.70SVN. Isn't @szakharchenko's analysis correct?

Copy link

@P4z : nobody seems to care:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

3 participants