5

I have a script that I'm using to build a config for icinga2. The network is large, multiple /13's large. When I run the script I keep getting the RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 error. I've tried raising my gc_thresh and breaking up the subnets. I've dived through the little info from google and can't seem to find a fix. If anyone has any ideas, I'd really appreciate it. I'm on Ubuntu 16.04

My script:

# Find devices and create IP list
i=72
while [ $i -lt 255 ]
    do
    echo "$(date) - Scanning xx.$i.0.0/16" >> files/scan.log
    nmap -sn --host-timeout 5 xx.$i.0.0/16 -oG - | awk '/Up$/{print $2}' >> files/ip-list
    let i=i+1
    done

My /etc/sysctl.conf

# Force gc to clean-up quickly
net.ipv4.neigh.default.gc_interval = 3600

# Set ARP cache entry timeout
net.ipv4.neigh.default.gc_stale_time = 3600

# Setup DNS threshold for arp 
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh1 = 2048

Edit: added host-timeout 5 removed -n

cflinspach
  • 290
  • 1
  • 4
  • 16
  • 1
    not sure... maybe you can put some kind of nmap parameter to try to improve the performance... maybe --host-timeout or --max-retries can help you. – OscarAkaElvis Nov 09 '16 at 19:10
  • I'll give it a try now! – cflinspach Nov 09 '16 at 19:14
  • 1
    Regarding nmap parameters you put... -n is ok to avoid DNS resolution... but if you put -sn is not necessary to put -n I think it has no effect... – OscarAkaElvis Nov 09 '16 at 19:16
  • I changed it up and am running it now. This error has been the bane of my existence for days now. – cflinspach Nov 09 '16 at 19:20
  • @OscarAkaElvis It's running way better. I'm not done yet so I can't confirm I got all the hosts but yesterday it took me 20 hours to scan a /13. It just flew through one in 10 minutes. – cflinspach Nov 09 '16 at 19:33
  • Anyone legitimately scanning such a large network legally would not be using this site or google to find answers. Also the answers are partly wrong. Pinging your target is not a very smart thing to do in quite a few situations. – Anon Jul 16 '19 at 06:25

1 Answers1

4

I can suggest you tu use ping scan. If you want an "overall sight" of your network you can use

nmap -sP -n

It decreases the time a little bit comparing to nmap -sn , you can check it with small examples.

As I said in a comment. Use --host-timeout and --max-retries and that will improve your performance.

OscarAkaElvis
  • 5,384
  • 4
  • 27
  • 51
  • Yeah it's fixed. I lost about 1800 hosts but I bumped the timeout up to 10 seconds and I'm trying it again, thank you! – cflinspach Nov 09 '16 at 19:53