0

OS is Debian on both servers.

I found some examples showing how to measure TCP latency with nmap:

nmap --packet-trace -p 22 192.168.0.10

But I'm getting some negative results for latency. ie, it will print some output like:

Host is up (-0.0023s latency)

at the end.

What is nmap doing? Is it measuring the time difference between SYN and SYN-ACK? If so, how is it getting a negative result sometimes? Does it require clocks to be very precisely synced between the two servers?

And in addition, can I use ssh as a good TCP test server or should I use a different service?

Is there another tool I can use to measure TCP latency? I don't know if I trust nmap due to the negative results for the latency measurement.

Improve this question

1 Answer 1

Reset to default
0

You're right to mistrust things that claim to have witnessed time travel.

This is an event confusion bug, fixed in a later version of Nmap. You might want to use a more recent nmap, but it's certainly not trust-inspiring.

But generally, it is also not quite clear what you mean with "TCP latency". That term isn't canonically defined; you'll want to, really, in words, write down which time exactly, from what event happening on which interface at what logical layer, to which other event, you want to measure. Only after having defined that would you choose a tool to measure that.

To give you an example: for anything that I would care to call "TCP-induced latency", I'd need to be able to determine timing both on the kernel/Userland interface, as well as on the driver/hardware interface - so a program that runs in Userland (like nmap) couldn't even begin to be what I need.

That doesn't mean that is true for what you want to measure, it just means you need to be precise about what you need to know, and to what end you need to know that. This is basically physics research, where you first need to think about what you want to observe, before devising an experiment to observe that, and in that experiment design process then decide on the right measurement equipment fir this purpose. Can't just throw a multimeter into a volcano and call it science!

Improve this answer
10
  • Thank you! Good to know about that nmap bug. I would like to measure the time difference between SYN and SYN-ACK.
    – cat pants
    Commented Feb 2 at 20:13
  • You did not answer any of the questions I specifically explained you need to answer.
    – sina bala
    Commented Feb 2 at 22:07
  • What am I missing? Time difference between when userland program (nmap or other) sends a SYN and receives a SYN-ACK seems fairly straightforward.
    – cat pants
    Commented Feb 2 at 22:49
  • A Userland program never sends syn or receives a syn ack. That happens on layers below! A Userland process calls functions like "connect" or "accept", and you'll find that there's a lot happening between these and any IP packets, which is very relevant to latency. Or not. So it's really not straightforward, because what you ask for simply doesn't happen. What you need to measure Depends on what you actually need to know. That's why I specifically asked you to describe what the purpose of learning that time is.
    – sina bala
    Commented Feb 2 at 23:14
  • 1
    nmap has shown userland round trip tcp latency of ~10 ms for some servers, but not others. There is no load on any of the servers and they are all on the same subnet, including the source server that I'm running nmap tests on. Why do some servers show a tcp latency of ~10 ms while most show sub ms? But the first step is to get an accurate measurement, and due to occasionally seeing negative latency from nmap, I don't know if I can trust the output.
    – cat pants
    Commented Feb 2 at 23:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .