Nmap - RTTVAR has grown to over 2.3 seconds, decreasing to 2.0

cflinspach picture cflinspach · Nov 9, 2016 · Viewed 41.4k times · Source

I have a script that I'm using to build a config for icinga2. The network is large, multiple /13's large. When I run the script I keep getting the RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 error. I've tried raising my gc_thresh and breaking up the subnets. I've dived through the little info from google and can't seem to find a fix. If anyone has any ideas, I'd really appreciate it. I'm on Ubuntu 16.04

My script:

# Find devices and create IP list
i=72
while [ $i -lt 255 ]
    do
    echo "$(date) - Scanning xx.$i.0.0/16" >> files/scan.log
    nmap -sn --host-timeout 5 xx.$i.0.0/16 -oG - | awk '/Up$/{print $2}' >> files/ip-list
    let i=i+1
    done

My /etc/sysctl.conf

# Force gc to clean-up quickly
net.ipv4.neigh.default.gc_interval = 3600

# Set ARP cache entry timeout
net.ipv4.neigh.default.gc_stale_time = 3600

# Setup DNS threshold for arp 
net.ipv4.neigh.default.gc_thresh3 = 8192
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh1 = 2048

Edit: added host-timeout 5 removed -n

Answer

OscarAkaElvis picture OscarAkaElvis · Nov 9, 2016

I can suggest you tu use ping scan. If you want an "overall sight" of your network you can use

nmap -sP -n

It decreases the time a little bit comparing to nmap -sn , you can check it with small examples.

As I said in a comment. Use --host-timeout and --max-retries and that will improve your performance.