Hacking Nmap: Using Nmap to Calculate Network Response Time

ICMP Can’t Be Trusted

Why use Nmap to determine network response time, when an ICMP ping has always done the job? Unfortunately, the round-trip timestamp of an ICMP ping can’t always be trusted to provide an accurate representation of network response time:

  • ICMP doesn’t always get through – Network security often requires the blocking of ICMP packets on firewalls and packet filters. If response time testing is required outside of a local network, there’s a good chance that ICMP won’t make the trip. Most modern hardware-based and software-based firewalls automatically filter out ICMP by default.
  • ICMP may have a lower priority on some devices – Many routers and switches are configured to lower the priority of ICMP traffic as it passes through the device. This is a logical configuration, since the first job of an infrastructure device is to pass critical application conversations instead of network management traffic. If a router or switch is well utilized, the response times of a prioritized ICMP conversation may not provide an accurate representation of the actual network delay.
  • ICMP can be administratively prioritized – Smart network managers know that the application traffic must go through first, and they’ve configured their systems to provide priorities to critical packets. New Quality of Service (QoS) integration methods can affect response times across the board, and ICMP is often relegated to the lowest priority.

Why Use Nmap to Determine Network Response Time?

What makes Nmap a better option than ICMP – Unlike ICMP, Nmap uses the same protocols and ports as the existing applications. If the application uses TCP over port 80, then Nmap will also use TCP over port 80. This application-like traffic is guaranteed to get through firewalls and packet filters because the application itself must also use the same ports.

Since many protocol prioritization techniques are also based on port number, network response times generated by Nmap will closely match the experience of the end user. Nmap provides an accurate port-based representation of network response times to any server on the network.