Technical Specifications

Comprehensive technical specifications for ProRT-IP developers covering system requirements, protocol details, packet formats, performance characteristics, and platform-specific implementation details.


Overview

ProRT-IP is a high-performance network scanner built with Rust, implementing multiple scanning techniques across TCP, UDP, and ICMP protocols with support for both IPv4 and IPv6. This document provides the technical foundation necessary for understanding and contributing to the implementation.

Key Characteristics:

  • Language: Rust (Edition 2024, MSRV 1.85+)
  • Architecture: Multi-crate workspace with async/await runtime (Tokio)
  • Performance: 10M+ pps theoretical, 72K+ pps stateful (achieved)
  • Platform Support: 5 production targets (Linux, Windows, macOS Intel/ARM64, FreeBSD)
  • Memory Safety: Zero-cost abstractions with compile-time guarantees

System Requirements

Hardware Requirements

Minimum Configuration (Small Networks):

ComponentRequirementPurpose
CPU2 cores @ 2.0 GHzBasic scanning operations
RAM2 GBSmall network scans (<1,000 hosts)
Storage100 MBBinary + dependencies
Network100 MbpsBasic throughput (~10K pps)

Supported Workloads:

  • Single-target scans
  • Port range: 1-1000 ports
  • Network size: <1,000 hosts
  • Scan types: TCP SYN, Connect
  • No service detection

Recommended Configuration (Medium Networks):

ComponentRequirementPurpose
CPU8+ cores @ 3.0 GHzParallel scanning, high throughput
RAM16 GBLarge network scans (100K+ hosts)
Storage1 GB SSDFast result database operations
Network1 Gbps+High-speed scanning (100K pps)

Supported Workloads:

  • Multi-target scans (100K+ hosts)
  • All 65,535 ports
  • Scan types: All 8 types (SYN, Connect, UDP, FIN, NULL, Xmas, ACK, Idle)
  • Service detection + OS fingerprinting
  • Database storage

High-Performance Configuration (Internet-Scale):

ComponentRequirementPurpose
CPU16+ cores @ 3.5+ GHzInternet-scale scanning
RAM32+ GBStateful scanning of millions of targets
Storage10+ GB NVMe SSDMassive result storage
Network10 Gbps+Maximum throughput (1M+ pps)
NIC FeaturesRSS, multi-queue, SR-IOVPacket distribution across cores

Supported Workloads:

  • Internet-wide IPv4 scans (3.7B hosts)
  • All protocols (TCP, UDP, ICMP, IPv6)
  • Stateless scanning at 10M+ pps
  • NUMA-optimized packet processing
  • Real-time streaming to database

NIC Requirements:

  • RSS (Receive Side Scaling): Distribute packets across CPU cores
  • Multi-Queue: Multiple TX/RX queues (16+ recommended)
  • SR-IOV: Direct NIC hardware access for VMs
  • Hardware Offloading: TCP checksum, segmentation offload

Software Requirements

Operating Systems:

Linux (Primary Platform):

Supported Distributions:

  • Ubuntu 20.04+ LTS / 22.04+ LTS
  • Debian 11+ (Bullseye) / 12+ (Bookworm)
  • Fedora 35+ / 38+
  • RHEL 8+ / 9+ (Red Hat Enterprise Linux)
  • Arch Linux (rolling release)
  • CentOS Stream 8+ / 9+

Kernel Requirements:

  • Minimum: 4.15+ (for sendmmsg/recvmmsg syscalls)
  • Recommended: 5.x+ (for eBPF/XDP support)
  • Optimal: 6.x+ (latest performance improvements)

System Packages:

# Debian/Ubuntu
sudo apt install libpcap-dev pkg-config libssl-dev

# Fedora/RHEL/CentOS
sudo dnf install libpcap-devel pkgconfig openssl-devel

# Arch Linux
sudo pacman -S libpcap pkg-config openssl

Runtime Libraries:

  • libpcap 1.9+ (packet capture)
  • OpenSSL 1.1+ or 3.x (TLS certificate analysis)
  • glibc 2.27+ (standard C library)

Windows:

Supported Versions:

  • Windows 10 (version 1809+)
  • Windows 11 (all versions)
  • Windows Server 2016+, 2019+, 2022+

Requirements:

  • Npcap 1.70+ (packet capture driver) - Download
  • Visual C++ Redistributable 2019+ (runtime libraries)
  • Administrator privileges (required for raw packet access)

Known Limitations:

  • FIN/NULL/Xmas scans not supported (Windows TCP/IP stack limitation)
  • Administrator privileges required (no capability-based alternative)
  • SYN discovery tests fail on loopback (127.0.0.1) - expected Npcap behavior

macOS:

Supported Versions:

  • macOS 11.0+ (Big Sur) - Intel & Apple Silicon
  • macOS 12.0+ (Monterey) - M1/M2 chips
  • macOS 13.0+ (Ventura) - M1/M2/M3 chips
  • macOS 14.0+ (Sonoma) - M1/M2/M3/M4 chips

Requirements:

  • Xcode Command Line Tools (clang compiler)
  • libpcap (pre-installed on macOS)
  • Root privileges OR access_bpf group membership

Setup BPF Access (Recommended):

# Grant user BPF device access (avoids sudo)
sudo dseditgroup -o edit -a $(whoami) -t user access_bpf

# Verify group membership
dseditgroup -o checkmember -m $(whoami) access_bpf

# Logout and login for changes to take effect

Protocol Specifications

Ethernet (Layer 2)

Frame Format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Destination MAC Address                    |
+                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                               |                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
|                      Source MAC Address                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           EtherType           |          Payload...           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Field Specifications:

FieldSizeDescriptionCommon Values
Destination MAC6 bytesTarget MAC addressFF:FF:FF:FF:FF:FF (broadcast)
Source MAC6 bytesScanner's MAC addressInterface MAC
EtherType2 bytesProtocol identifier0x0800 (IPv4), 0x0806 (ARP), 0x86DD (IPv6)

ProRT-IP Implementation:

  • Automatically discovers gateway MAC via ARP for remote targets
  • Uses broadcast MAC for LAN scans
  • Supports VLAN tagging (802.1Q) when --vlan flag specified

IPv4 (Layer 3)

Header Format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  IHL  |Type of Service|          Total Length         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Identification        |Flags|      Fragment Offset    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Time to Live |    Protocol   |         Header Checksum       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       Source IP Address                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Destination IP Address                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Options (if IHL > 5)                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Field Specifications:

FieldSizeDescriptionProRT-IP Default
Version4 bitsIP version4 (IPv4)
IHL4 bitsHeader length in 32-bit words5 (20 bytes, no options)
ToS/DSCP8 bitsType of Service0 (default, configurable with --tos)
Total Length16 bitsEntire packet sizeVariable (header + TCP/UDP)
Identification16 bitsFragment identificationRandom (per packet)
Flags3 bitsDF, MF, ReservedDF=1 (Don't Fragment)
Fragment Offset13 bitsFragment position0 (no fragmentation)
TTL8 bitsTime To Live64 (Linux default), configurable with --ttl
Protocol8 bitsUpper layer protocol6 (TCP), 17 (UDP), 1 (ICMP)
Header Checksum16 bitsOne's complement checksumCalculated automatically
Source IP32 bitsScanner's IP addressInterface IP (configurable with -S)
Destination IP32 bitsTarget IP addressUser-specified target

Fragmentation Support:

ProRT-IP supports IP fragmentation for firewall evasion (-f flag):

# Fragment packets into 8-byte segments (28-byte MTU)
prtip -f -sS -p 80,443 192.168.1.1

# Custom MTU (Maximum Transmission Unit, must be ≥68 and multiple of 8)
prtip --mtu 200 -sS -p 80,443 192.168.1.1

IPv6 (Layer 3)

Header Format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class |           Flow Label                  |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Payload Length        |  Next Header  |   Hop Limit   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+                                                               +
|                                                               |
+                         Source Address                        +
|                                                               |
+                                                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+                                                               +
|                                                               |
+                      Destination Address                      +
|                                                               |
+                                                               +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Field Specifications:

FieldSizeDescriptionProRT-IP Default
Version4 bitsIP version6 (IPv6)
Traffic Class8 bitsQoS/DSCP0 (default)
Flow Label20 bitsFlow identification0 (not used)
Payload Length16 bitsPayload size (excluding header)Variable
Next Header8 bitsProtocol identifier6 (TCP), 17 (UDP), 58 (ICMPv6)
Hop Limit8 bitsEquivalent to IPv4 TTL64 (default)
Source Address128 bitsScanner's IPv6 addressInterface IPv6
Destination Address128 bitsTarget IPv6 addressUser-specified

IPv6 Address Types:

  • Global Unicast: 2000::/3 (Internet routable)
  • Link-Local: fe80::/10 (local network only)
  • Unique Local Address (ULA): fd00::/8 (private networks)
  • Multicast: ff00::/8 (group communication)

ProRT-IP IPv6 Support:

  • 100% scanner coverage (all 8 scan types)
  • ICMPv6 Echo (Type 128/129) for discovery
  • NDP (Neighbor Discovery Protocol) support
  • Dual-stack automatic detection
  • Random Interface Identifier generation for decoy scanning

TCP (Layer 4)

Header Format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          Source Port          |       Destination Port        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Sequence Number                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Acknowledgment Number                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Data |       |C|E|U|A|P|R|S|F|                               |
| Offset| Rsrvd |W|C|R|C|S|S|Y|I|            Window             |
|       |       |R|E|G|K|H|T|N|N|                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           Checksum            |         Urgent Pointer        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Options (if Data Offset > 5)               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Field Specifications:

FieldSizeDescriptionProRT-IP Default
Source Port16 bitsScanner's source portRandom 1024-65535 (configurable with -g)
Destination Port16 bitsTarget port being scannedUser-specified (-p flag)
Sequence Number32 bitsInitial sequence numberRandom (SYN scan), SipHash-derived (stateless)
Acknowledgment Number32 bitsACK number0 (SYN scan), varies (Connect scan)
Data Offset4 bitsHeader length in 32-bit words5 (20 bytes) or 6 (24 bytes with MSS)
Flags8 bitsCWR, ECE, URG, ACK, PSH, RST, SYN, FINScan-type dependent
Window16 bitsReceive window size64240 (typical), 65535 (max)
Checksum16 bitsTCP checksum (includes pseudo-header)Calculated automatically
Urgent Pointer16 bitsUrgent data pointer0 (not used in scanning)

TCP Flag Combinations by Scan Type:

Scan TypeSYNFINRSTACKPSHURGUse Case
SYN (-sS)100000Stealth, most common
Connect (-sT)100000Full TCP handshake
FIN (-sF)010000Firewall evasion
NULL (-sN)000000Stealth scan
Xmas (-sX)010011Named for "lit up" flags
ACK (-sA)000100Firewall rule detection

TCP Options:

Common options used in scanning:

OptionKindLengthDataPurpose
EOL (End of Option List)01-Terminates option list
NOP (No Operation)11-Padding for alignment
MSS (Maximum Segment Size)242 bytesMaximum segment size (typical: 1460)
Window Scale331 byteWindow scaling factor (0-14)
SACK Permitted42-Selective ACK support
Timestamp8108 bytesTimestamps (TSval, TSecr)

Standard Option Ordering (for OS fingerprinting):

MSS, NOP, Window Scale, NOP, NOP, Timestamp, SACK Permitted, EOL

UDP (Layer 4)

Header Format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          Source Port          |       Destination Port        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|            Length             |           Checksum            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                         Payload...                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Field Specifications:

FieldSizeDescriptionProRT-IP Default
Source Port16 bitsScanner's source portRandom 1024-65535
Destination Port16 bitsTarget UDP portUser-specified (-p)
Length16 bitsHeader + payload lengthVariable (8 + payload_len)
Checksum16 bitsUDP checksum (optional)Calculated (0 if disabled)

UDP Scan Challenges:

UDP scanning is 10-100x slower than TCP due to:

  1. No handshake: Cannot determine "open" without application response
  2. ICMP rate limiting: Many firewalls/routers rate-limit ICMP unreachable messages
  3. Stateless: Requires protocol-specific payloads to elicit responses

Protocol-Specific Payloads:

ProRT-IP includes built-in payloads for common UDP services:

PortServicePayload TypeExpected Response
53DNSStandard DNS A queryDNS response or ICMP unreachable
161SNMPGetRequest (community: public)GetResponse or ICMP unreachable
123NTPNTP version 3 queryNTP response or ICMP unreachable
137NetBIOSNBNS name queryName response or ICMP unreachable
111RPC (Portmapper)NULL procedure callRPC response or ICMP unreachable
500ISAKMP (IKE)IKE SA INITIKE response or ICMP unreachable
1900UPnP (SSDP)M-SEARCH discoverySSDP response or ICMP unreachable

ICMP (Layer 3/4)

Echo Request/Reply Format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |     Code      |          Checksum             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           Identifier          |        Sequence Number        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                         Payload...                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type/Code Combinations:

TypeCodeMeaningUse in ProRT-IP
00Echo ReplyHost discovery confirmation
30Network UnreachableTarget network filtered
31Host UnreachableTarget host filtered
33Port UnreachableUDP scan: port closed
39Network ProhibitedFirewall blocking
310Host ProhibitedFirewall blocking
313Admin ProhibitedRate limiting triggered
80Echo RequestHost discovery probe
110Time ExceededTraceroute (TTL=0)
130Timestamp RequestOS fingerprinting probe
170Address Mask RequestOS fingerprinting probe

Packet Format Specifications

TCP SYN Scan Packet (Complete Structure)

Full packet: 58 bytes (Ethernet + IPv4 + TCP with MSS)

#![allow(unused)]
fn main() {
// Ethernet Header (14 bytes)
[
    0x00, 0x11, 0x22, 0x33, 0x44, 0x55,  // Destination MAC (target or gateway)
    0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,  // Source MAC (scanner's interface)
    0x08, 0x00,                          // EtherType: IPv4 (0x0800)
]

// IPv4 Header (20 bytes, no options)
[
    0x45,              // Version (4) + IHL (5 = 20 bytes)
    0x00,              // DSCP (0) + ECN (0)
    0x00, 0x2C,        // Total Length: 44 bytes (20 IP + 24 TCP)
    0x12, 0x34,        // Identification: random (e.g., 0x1234)
    0x40, 0x00,        // Flags: DF (0x4000) + Fragment Offset (0)
    0x40,              // TTL: 64 (Linux default)
    0x06,              // Protocol: TCP (6)
    0x00, 0x00,        // Header Checksum (calculated, placeholder here)
    0x0A, 0x00, 0x00, 0x01,  // Source IP: 10.0.0.1
    0x0A, 0x00, 0x00, 0x02,  // Destination IP: 10.0.0.2
]

// TCP Header with MSS Option (24 bytes)
[
    0x30, 0x39,        // Source Port: 12345 (random 1024-65535)
    0x00, 0x50,        // Destination Port: 80 (HTTP)
    0xAB, 0xCD, 0xEF, 0x12,  // Sequence Number: random or SipHash-derived
    0x00, 0x00, 0x00, 0x00,  // Acknowledgment: 0 (not ACK flag)
    0x60,              // Data Offset: 6 (24 bytes) + Reserved (0)
    0x02,              // Flags: SYN (0x02)
    0xFF, 0xFF,        // Window: 65535 (maximum)
    0x00, 0x00,        // Checksum (calculated, placeholder here)
    0x00, 0x00,        // Urgent Pointer: 0 (not urgent)

    // TCP Options (4 bytes)
    0x02, 0x04,        // MSS: Kind=2, Length=4
    0x05, 0xB4,        // MSS Value: 1460 (typical Ethernet MTU 1500 - 40)
]
}

Checksum Calculation:

IPv4 Checksum:

#![allow(unused)]
fn main() {
// One's complement sum of 16-bit words
let mut sum: u32 = 0;
for chunk in header.chunks(2) {
    sum += u16::from_be_bytes([chunk[0], chunk[1]]) as u32;
}
while (sum >> 16) > 0 {
    sum = (sum & 0xFFFF) + (sum >> 16);
}
let checksum = !(sum as u16);
}

TCP Checksum (includes pseudo-header):

#![allow(unused)]
fn main() {
// Pseudo-header: Source IP (4) + Dest IP (4) + Zero (1) + Protocol (1) + TCP Length (2)
let pseudo_header = [
    src_ip[0], src_ip[1], src_ip[2], src_ip[3],
    dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3],
    0x00,
    0x06,  // Protocol: TCP
    (tcp_len >> 8) as u8, tcp_len as u8,
];
// Then checksum pseudo_header + TCP header + payload
}

Scanning Technique Specifications

TCP SYN Scan (-sS)

Packet Sequence Diagram:

Scanner                           Target
   |                                 |
   |-------- SYN ------------------>|  (1) Probe: SYN flag set
   |                                 |
   |<------- SYN/ACK --------------|  (2a) OPEN: Responds with SYN/ACK
   |-------- RST ------------------>|  (3a) Reset connection (stealth)
   |                                 |
   |<------- RST ------------------|  (2b) CLOSED: Responds with RST
   |                                 |
   |         (timeout)               |  (2c) FILTERED: No response
   |                                 |
   |<------- ICMP Unreachable -----|  (2d) FILTERED: ICMP Type 3

State Determination Logic:

ResponsePort StateFlagsCode
SYN/ACK receivedOpenTCP: SYN+ACK-
RST receivedClosedTCP: RST-
ICMP Type 3 Code 1/2/3/9/10/13Filtered-ICMP unreachable
No response after timeout + retriesFiltered--

Timing Parameters by Template:

TemplateInitial TimeoutMax TimeoutMax RetriesScan Delay
T0 (Paranoid)300 sec300 sec55 min
T1 (Sneaky)15 sec15 sec515 sec
T2 (Polite)1 sec10 sec50.4 sec
T3 (Normal)1 sec10 sec20
T4 (Aggressive)500 ms1250 ms60
T5 (Insane)250 ms300 ms20

Performance Specifications

Throughput Characteristics

Achieved Performance:

ModePackets/SecondNotes
Stateless1,000,000+ pps10GbE + 16+ cores (theoretical)
Stateful SYN72,000+ ppsLocalhost scan (achieved)
TCP Connect1,000-5,000 ppsOS limit
Service Detection100-500 ports/secProbe-dependent
OS Fingerprinting50-100 hosts/min16-probe sequence

Scan Speed Benchmarks:

ScenarioDurationThroughputSpeedup vs Baseline
65K ports SYN scan0.91s72K pps198x faster
1K ports SYN scan66ms~15K pps48x faster
Service detection2.3s~434 ports/sec3.5x faster
OS fingerprinting1.8s~33 hosts/min3x faster

Rate Limiting Performance:

Rate (pps)OverheadStatus
10K-8.2%✅ Faster than no limiting
50K-1.8%✅ Faster than no limiting
75K-200K-3% to -4%✅ Sweet spot
500K-1M+0% to +3%✅ Near-zero overhead

Memory Characteristics

Memory Scaling Formula:

Memory = 2 MB (baseline) + ports × 1.0 KB

Examples:

  • 1,000 ports: ~3 MB
  • 10,000 ports: ~12 MB
  • 65,535 ports: ~68 MB

Service Detection Memory:

  • Baseline: 2.7 MB
  • With detection: 1.97 GB (730x increase)
  • Recommendation: Limit service detection to 10-20 ports

CPU Characteristics

CPU Utilization:

  • Futex Contention: 77-88% CPU time (Phase 6.1 optimization target)
  • Network I/O: 0.9-1.6% (industry-leading efficiency)
  • Packet Construction: 58.8ns (zero-copy optimization)

Performance Targets (Phase 6):

  • Futex Reduction: 30-50% CPU savings (QW-1 priority)
  • Memory Pool: 60% brk reduction + 50% memory savings (QW-2 priority)
  • Vector Preallocation: 10-15% memory reduction (QW-3 priority)

Platform Specifications

Build Targets

Production Platforms (5 targets, ~95% user base):

PlatformTarget TripleStatusNotes
Linux x86_64 (glibc)x86_64-unknown-linux-gnu✅ ProductionRecommended platform
Windows x86_64x86_64-pc-windows-msvc✅ ProductionRequires Npcap + Administrator
macOS Intelx86_64-apple-darwin✅ ProductionmacOS 10.13+
macOS Apple Siliconaarch64-apple-darwin✅ ProductionM1/M2/M3/M4 chips, 110% baseline performance
FreeBSD x86_64x86_64-unknown-freebsd✅ ProductionFreeBSD 12+

Experimental Platforms (4 targets, known limitations):

PlatformTarget TripleStatusKnown Issues
Linux x86_64 (musl)x86_64-unknown-linux-musl⚠️ ExperimentalType mismatch issues
Linux ARM64 (glibc)aarch64-unknown-linux-gnu⚠️ ExperimentalOpenSSL cross-compilation issues
Linux ARM64 (musl)aarch64-unknown-linux-musl⚠️ ExperimentalMultiple compilation issues
Windows ARM64aarch64-pc-windows-msvc⚠️ RemovedToolchain unavailable in CI

Platform Performance Comparison

Performance and characteristics relative to Linux x86_64 baseline:

| Platform | Binary Size | Startup Time | Performance | Package Manager | |----------|-------------|--------------|-------------|-----------------| | Linux x86_64 (glibc) | ~8MB | <50ms | 100% (baseline) | apt, dnf, pacman | | Linux x86_64 (musl) | ~6MB | <30ms | 95% | apk | | Linux ARM64 | ~8MB | <60ms | 85% | apt, dnf | | Windows x86_64 | ~9MB | <100ms | 90% | chocolatey, winget | | macOS Intel | ~8MB | <70ms | 95% | brew | | macOS ARM64 | ~7MB | <40ms | 110% | brew | | FreeBSD x86_64 | ~8MB | <60ms | 90% | pkg |

Notes:

  • macOS ARM64 is fastest platform (110% baseline, native optimization)
  • musl builds are smallest and fastest startup
  • Performance measured with 65,535-port SYN scan baseline

See Also