search

nmap / nmap

Nmap - the Network Mapper. Github mirror of official SVN repository.
https://svn.nmap.org/
Other
10.1k stars 2.4k forks source link

nping loss when use tcp mode on windows10 #2492

Closed bettswang closed 1 year ago

bettswang commented 2 years ago

Describe the bug when use nping tcp mode on windows10 ,to much loss . But use icmp is normal.

To Reproduce nping --tcp -p 80 -c 100 --rate 10 www.qq.com

Expected behavior SENT (8.5250s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (8.6260s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (8.7270s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (8.8280s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (8.9290s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 RCVD (8.9560s) TCP 121.14.77.221:80 > 10.16.255.200:12402 SA ttl=53 id=0 iplen=44 seq=3375742565 win=29200 <mss 1200> SENT (9.0300s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.1310s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.2310s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.3320s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.4330s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 RCVD (9.4580s) TCP 121.14.77.221:80 > 10.16.255.200:12402 SA ttl=53 id=0 iplen=44 seq=3375742565 win=29200 <mss 1200> SENT (9.5330s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.6340s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.7350s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.8360s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (9.9710s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 RCVD (10.0350s) TCP 121.14.77.221:80 > 10.16.255.200:12402 SA ttl=53 id=0 iplen=44 seq=3375742565 win=29200 <mss 1200> SENT (10.1110s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (10.2490s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 SENT (10.3770s) TCP 10.16.255.200:12402 > 121.14.77.221:80 S ttl=64 id=23623 iplen=40 seq=3330652315 win=1480 RCVD (11.0530s) TCP 121.14.77.221:80 > 10.16.255.200:12402 SA ttl=53 id=0 iplen=44 seq=3375742565 win=29200 <mss 1200>

Max rtt: 669.000ms | Min rtt: 24.000ms | Avg rtt: 55.040ms Raw packets sent: 100 (5.400KB) | Rcvd: 22 (1.012KB) | Lost: 78 (78.00%) Nping done: 1 IP address pinged in 11.06 seconds

C:\Windows\system32>nping --tcp -p 80 -c 100 --rate 10 www.qq.com

Version info (please complete the following information):

Additional context Add any other context about the problem here, such as special network type.

gvanem commented 2 years ago

The 121.14.77.221 address is in China. High loss should be expected. If I do the same command, the probes stops in Stockholm/Sweden. Some Akamai stuff stops the probes; from my Geo-ip traceroute tool:

ICMP traceroute to www.qq.com (2.16.68.224), 30 hops max, 38 byte packets
 1  router                         (10.0.0.1)         195 ms 716 ms  priv
 2  ti0040q160-gw.ti.telenor.net   (88.95.101.1)      461 ms  39 ms, Norway / Sandsli
 3  ti0040a400.ti.telenor.net      (146.172.70.112)    29 ms  39 ms, Norway / Nesoddtangen
 4  ti0003c360-ae14-0.ti.telenor.net (146.172.18.53)   39 ms  36 ms, Norway / Nesoddtangen
 5  ti0001c360-ae15-0.ti.telenor.net (146.172.23.125)  55 ms  34 ms, Norway / Nesoddtangen
 6  ti0275c360-ae1-0.ti.telenor.net (146.172.22.37)    45 ms  85 ms, Norway / Nesoddtangen
 7  ti3001c360-ae3-0.ti.telenor.net (146.172.14.150)   46 ms  37 ms, Norway / Nesoddtangen
 8  ti3001b400-ae4-0.ti.telenor.net (146.172.105.29)   42 ms  64 ms, Norway / Nesoddtangen
 9  148.122.9.58                   (148.122.9.58)      44 ms  56 ms, Norway / Nesoddtangen
10  * *
11  * *
12  * *
13  a2-16-68-224.deploy.static.akamaitechnologies.com (2.16.68.224)  43 ms  41 ms, Sweden / Stockholm
bettswang commented 2 years ago

I am in China. Taceroute is OK. And tcp-con mode works well too. In order to avoid the impact of Internet , I try to test on a LAN(virtual machine on my local host). But is also loss too much. What is the problem? I had saw no loss on some few test., but to much loss in almost test. 

_RCVD (8.8690s) TCP 192.168.121.100:22 > 192.168.121.1:32446 SA ttl=64 id=0 iplen=44  seq=31535313 win=29200 <mss 1460>
SENT (8.9690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.0690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.1690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.2690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.3690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
RCVD (9.3690s) TCP 192.168.121.100:22 > 192.168.121.1:32446 SA ttl=64 id=0 iplen=44  seq=31535313 win=29200 <mss 1460>
SENT (9.4690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.5690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.6690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.7690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (9.8690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
RCVD (9.8690s) TCP 192.168.121.100:22 > 192.168.121.1:32446 SA ttl=64 id=0 iplen=44  seq=31535313 win=29200 <mss 1460>
SENT (9.9690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (10.0690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
SENT (10.1690s) TCP 192.168.121.1:32446 > 192.168.121.100:22 S ttl=64 id=388 iplen=40  seq=1477615330 win=1480
RCVD (10.9140s) TCP 192.168.121.100:22 > 192.168.121.1:32446 SA ttl=64 id=0 iplen=44  seq=31535313 win=29200 <mss 1460>

Max rtt: 745.000ms | Min rtt: 745.000ms | Avg rtt: 33.907ms
Raw packets sent: 100 (5.400KB) | Rcvd: 22 (1.012KB) | Lost: 78 (78.00%)
Nping done: 1 IP address pinged in 10.92 seconds

C:\Users\betts>nping --tcp -p 22 -c 100 --rate 10 192.168.121.100_