On 06 February 2012 at 10:53 Mark Lumsden <m...@showcomplex.com> wrote:
> >On 2012/02/06 00:21, Bryan Steele wrote: > >> On Mon, Feb 06, 2012 at 04:47:45AM +0000, Mark Lumsden wrote: > >> > There is a CAVEAT section in the man page that should also be > >> > amended, I suspect. > >> > >> Heh, whoops. :) > >> > >> > Although useless on the initaiting machine, is it of any use to > >> > be able to scan a range of UDP ports, for diagnotic reasons, and > >> > to see what is received (or not) on the receiving machine? As in, > >> > can anything be infered from the opens reaching (or not) > >> > the scanned machine? > >> > >> From what I can tell, no traffic is actually generated on the initaiting > >> machine.. nothing in tcpdump anyway. > > > >Traffic is generated for me, but it's inconsistent, if I try > >'nc -z -u somehost 1-65535' sometimes I get 10K ports, sometimes > >a few hundred. Haven't seen the full set. > > > > The source code has a comment in udptest() in netcat.c about this problem. > Actually, I notice from systat that the maximum connections in the [states] screen goes up to 10,000 (e.g if you use a range of 1-50000) then no more UDP packets can be sent until some of the existing ones start timing out at 60+seconds. Then, if you reissue the command, as you reach 10,000 again no more UDP packets are sent. So looks like the maximum connections is a PF limitation. When PF is switched off the number increases.
