Sacchi's comments are valid, but I'd debate some of them. Trying to pump
data onto a gigbit network is hard for slower CPU's. Sort of like having a
Ferrari engine with a 2-barrell on it. It is true that waiting for responses
doesn't require CPU usage, but think about it. If you increase the Scan threads
(Threads are a CPU Function) and you are trying to pump out a high scan
connection count onto a Gigabit pipe, the bottleneck with most likely be getting
info from the systems being scanned. Decreasing timeouts and retries would speed
things up but at what cost? Especially with switches, ICMPs can get lost and you
have a high rate of hosts not responding. If this was an old 10mbit half-dulplx
lan, I'd agree the bottleneck is the lan, but it doesn't seem to be that slow of
a network. It is definetly a combination of a lot of things. Experimentation is
the key.
Debate
is good!!
regards!
Mark
-----Original Message-----
From: Sacchi Mario [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 02, 2002 4:01 PM
To: Wisniewski, Michael; [EMAIL PROTECTED]
Subject: RE: [ISSForum] Optimizing Internet Scanner
From: Sacchi Mario [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 02, 2002 4:01 PM
To: Wisniewski, Michael; [EMAIL PROTECTED]
Subject: RE: [ISSForum] Optimizing Internet Scanner
[Sacchi Mario] CPU power is always almost non-relevant to such an application as Internet Scanner is. You can try monitoring CPU usage of your two machines running a scan, and you will surely notice that the processor is idle all the time.Speeding up a scan depends greatly on the network you are scanning. If you are scanning your LAN (the one you are directly connected to, for instance), you could try shortening timeouts and reducing retry counts where possible. You don't need a muscular PC to wait for an ICMP probe to time out if there was no host at that address...If you are scanning over a narrow channel, maybe the bottleneck is bandwidth? (unlikely unless you're using a slow modem, but doesn't seem to be your case since you're talking of gigabit ethernet).Try configuring the scanner to probe more addresses in parallel, this should be the trick - twice the machines, half the time.HTHMario-----Original Message-----
From: Wisniewski, Michael [mailto:[EMAIL PROTECTED]]
Sent: luned� 2 dicembre 2002 15.37
To: '[EMAIL PROTECTED]'
Subject: [ISSForum] Optimizing Internet ScannerHi! I was wondering if anybody had any tips or tricks to make Internet Scanner run faster. I'm very confused and wished that it would speed things up. We've upgraded our scanning systems to a P4, 1.8 GHz, 256 meg ram, and gigabit fiber nic, and the scans still run at the same pace as our 500 MHz, 256 meg ram, and 100mbps nic. If anybody has any ideas or tips to optimize the scans, that would be great! Thanks!---------------------------------------------------------------Michael WisniewskiCyber Security Analyst- Sans GIAC Security Essentials Certified -- Internet Security Systems Certified -Argonne National LaboratoryOffice of the Chief Information Officer630-252-7560 (Work)630-514-2874 (Mobile)
