my musings 

Facebook Twitter LinkedIn YouTube E-mail RSS

zmap: mapping the internet

If you are not familiar with nmap, aka Network Mapper, it’s a command line tool which helps to map a network through of variety of methods including port scanning. Port scanning is where you send out a request on a given port (TCP, UDP, etc) to a given host (or range of hosts) to see if a service (such as a http web server) is running on the given port. This is often used by hackers but it also has more legitimate uses such as mapping a network.

I was recently shown a new but similar mapping tool called zmap which allows for “fast internet wide scanning”. Traditionally nmap scans the network in a synchronized fashion: sending out a request and waiting for a response. Through some kernel modifications and by sending out probe messages in an asynchronous fashion zmap is able to scan the entire internet in a very short period of time (45 minutes) and they are able to do that with 98% coverage (of course you do need sufficient bandwidth to run this).

To me this is just fascinating as I’ve done a bit of network visualization work in the past myself. I’d love to see the generated network map from this. Unfortunately I don’t think one could measure things like return trip latency in this (well unless you’re using ICMP for your probe) so it might be hard to map any form of connectivity of distribution but regardless you could make some great visualizations with this.

If this seems interesting to you here are a few links for more information. First, here is their slide deck which explains it much better than I have. Next here is the site for the open source implementation of zmap. Finally if you want to learn more about nmap check out this wiki page.

Leave a Reply

Your email address will not be published. Required fields are marked *