使用 tcp 数据包的 Traceroute 只需一跳即可到达目的地
Traceroute using tcp packets reach the destination in just one hop
我正在研究一些有用的 unix 网络工具,如 traceroute,我发现使用 tcp 数据包而不是使用 udp 或 icmp 数据包的奇怪行为。
特别是,如果我尝试跟踪任何网站,系统只需一跳即可到达目的地。这些是我做过的一些试验:
$ traceroute -T google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 mil07s12-in-f14.1e100.net (216.58.209.46) 10.316 ms 10.263 ms 10.241 ms
$ traceroute -T tomshw.com
traceroute to tomshw.com (64.190.63.111), 30 hops max, 60 byte packets
1 64.190.63.111 (64.190.63.111) 2.940 ms 2.900 ms 2.878 ms
$ traceroute -T corriere.it
traceroute to corriere.it (185.53.36.36), 30 hops max, 60 byte packets
1 cache.corriere.it (185.53.36.36) 6.123 ms 6.063 ms 6.017 ms
$ traceroute -T facebook.com
traceroute to facebook.com (157.240.203.35), 30 hops max, 60 byte packets
1 edge-star-mini-shv-01-mxp2.facebook.com (157.240.203.35) 2.889 ms 2.855 ms 2.838 ms
$ traceroute -T interno.gov.it
traceroute to interno.gov.it (99.86.153.34), 30 hops max, 60 byte packets
1 server-99-86-153-34.mxp64.r.cloudfront.net (99.86.153.34) 5.960 ms 5.923 ms 5.892 ms
而是使用 udp 数据包或 icmp 数据包以合理的跃点数到达目的地:
$ traceroute google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 24.216 ms 24.172 ms 24.155 ms
2 192.168.10.1 (192.168.10.1) 24.143 ms 24.117 ms 24.088 ms
3 82.113.192.132 (82.113.192.132) 33.846 ms 33.818 ms 33.800 ms
4 185.25.74.93 (185.25.74.93) 47.396 ms 47.379 ms 47.367 ms
5 hu-0-0-1-2.ncs55-1-jn.network.twt.it (185.25.74.130) 47.350 ms 47.337 ms 54.092 ms
6 142.250.169.248 (142.250.169.248) 54.073 ms 32.662 ms 35.847 ms
7 * * *
8 108.170.245.65 (108.170.245.65) 35.724 ms 61.251 ms 216.239.40.200 (216.239.40.200) 51.454 ms
9 108.170.245.73 (108.170.245.73) 131.758 ms 108.170.232.181 (108.170.232.181) 105.612 ms 108.170.245.73 (108.170.245.73) 131.720 ms
10 172.253.71.141 (172.253.71.141) 61.114 ms mil07s12-in-f14.1e100.net (216.58.209.46) 61.095 ms 61.126 ms
$ traceroute -I google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 21.592 ms 37.848 ms 41.086 ms
2 192.168.10.1 (192.168.10.1) 47.584 ms 50.838 ms 54.088 ms
3 82.113.192.132 (82.113.192.132) 57.354 ms 63.878 ms 63.870 ms
4 185.25.74.93 (185.25.74.93) 63.861 ms 63.846 ms 63.901 ms
5 hu-0-0-1-2.ncs55-1-jn.network.twt.it (185.25.74.130) 63.891 ms 1457.578 ms 1457.568 ms
6 142.250.169.248 (142.250.169.248) 70.296 ms 14.804 ms 33.535 ms
7 209.85.242.39 (209.85.242.39) 82.764 ms 82.748 ms 82.731 ms
8 108.170.232.169 (108.170.232.169) 82.712 ms 82.696 ms 82.745 ms
9 mil07s12-in-f14.1e100.net (216.58.209.46) 225.226 ms 228.457 ms 228.433 ms
查看 Wireshark,我有一个 synack 用于第一个 ttl = 1 的 syn 探测器,这很奇怪,因为它应该过期。
最后,尝试更改端口,例如更改为 22,它似乎有点工作:
$ traceroute -T -p 22 google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 10.014 ms 9.943 ms 9.921 ms
2 192.168.10.1 (192.168.10.1) 13.022 ms 12.947 ms 12.917 ms
3 82.113.192.132 (82.113.192.132) 38.882 ms 38.855 ms 38.832 ms
4 185.25.74.93 (185.25.74.93) 38.802 ms 38.846 ms 38.818 ms
5 hu-0-0-1-2.ncs55-1-jn.network.twt.it (185.25.74.130) 38.790 ms 38.765 ms 38.748 ms
6 142.250.169.248 (142.250.169.248) 38.649 ms 10.215 ms 10.256 ms
7 * * *
8 * * *
...
29 * * *
30 * * *
$ traceroute -T -p 22 tomshw.com
traceroute to tomshw.com (64.190.63.111), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 5.657 ms 5.594 ms 5.567 ms
2 192.168.10.1 (192.168.10.1) 12.123 ms 12.099 ms 12.075 ms
3 82.113.192.132 (82.113.192.132) 17.724 ms 20.958 ms 20.934 ms
4 185.25.74.93 (185.25.74.93) 24.177 ms 24.154 ms 24.198 ms
5 te-0-2-0-1.asr9kp-jn.network.twt.it (82.113.194.246) 20.835 ms 20.812 ms 20.817 ms
6 81.25.202.185 (81.25.202.185) 24.095 ms 15.309 ms 18.446 ms
7 mno-b3-link.ip.twelve99.net (62.115.144.98) 18.414 ms 14.755 ms 17.877 ms
8 ffm-bb2-link.ip.twelve99.net (62.115.116.172) 29.702 ms 39.470 ms 39.454 ms
9 mcn-b3-link.ip.twelve99.net (62.115.124.47) 39.430 ms 39.407 ms 39.374 ms
10 internetx-ic332227-mcn-b2.ip.twelve99-cust.net (62.115.160.178) 39.350 ms 39.355 ms 39.329 ms
11 91.195.241.102 (91.195.241.102) 39.269 ms 39.239 ms 164.766 ms
12 91.195.241.118 (91.195.241.118) 167.982 ms 167.951 ms 91.195.241.114 (91.195.241.114) 207.035 ms
13 64.190.63.111 (64.190.63.111) 206.969 ms 206.940 ms 203.627 ms
对这种行为的解释是什么?我使用的操作系统是默认设置的 Kubuntu 21.10,所以我会排除代理或类似的东西。
traceroute 人说:
tcp -T
Well-known modern method, intended to bypass firewalls.
Uses the constant destination port (default is 80, http).
看来您的网络中有某种 80 端口的隐形代理
我正在研究一些有用的 unix 网络工具,如 traceroute,我发现使用 tcp 数据包而不是使用 udp 或 icmp 数据包的奇怪行为。
特别是,如果我尝试跟踪任何网站,系统只需一跳即可到达目的地。这些是我做过的一些试验:
$ traceroute -T google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 mil07s12-in-f14.1e100.net (216.58.209.46) 10.316 ms 10.263 ms 10.241 ms
$ traceroute -T tomshw.com
traceroute to tomshw.com (64.190.63.111), 30 hops max, 60 byte packets
1 64.190.63.111 (64.190.63.111) 2.940 ms 2.900 ms 2.878 ms
$ traceroute -T corriere.it
traceroute to corriere.it (185.53.36.36), 30 hops max, 60 byte packets
1 cache.corriere.it (185.53.36.36) 6.123 ms 6.063 ms 6.017 ms
$ traceroute -T facebook.com
traceroute to facebook.com (157.240.203.35), 30 hops max, 60 byte packets
1 edge-star-mini-shv-01-mxp2.facebook.com (157.240.203.35) 2.889 ms 2.855 ms 2.838 ms
$ traceroute -T interno.gov.it
traceroute to interno.gov.it (99.86.153.34), 30 hops max, 60 byte packets
1 server-99-86-153-34.mxp64.r.cloudfront.net (99.86.153.34) 5.960 ms 5.923 ms 5.892 ms
而是使用 udp 数据包或 icmp 数据包以合理的跃点数到达目的地:
$ traceroute google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 24.216 ms 24.172 ms 24.155 ms
2 192.168.10.1 (192.168.10.1) 24.143 ms 24.117 ms 24.088 ms
3 82.113.192.132 (82.113.192.132) 33.846 ms 33.818 ms 33.800 ms
4 185.25.74.93 (185.25.74.93) 47.396 ms 47.379 ms 47.367 ms
5 hu-0-0-1-2.ncs55-1-jn.network.twt.it (185.25.74.130) 47.350 ms 47.337 ms 54.092 ms
6 142.250.169.248 (142.250.169.248) 54.073 ms 32.662 ms 35.847 ms
7 * * *
8 108.170.245.65 (108.170.245.65) 35.724 ms 61.251 ms 216.239.40.200 (216.239.40.200) 51.454 ms
9 108.170.245.73 (108.170.245.73) 131.758 ms 108.170.232.181 (108.170.232.181) 105.612 ms 108.170.245.73 (108.170.245.73) 131.720 ms
10 172.253.71.141 (172.253.71.141) 61.114 ms mil07s12-in-f14.1e100.net (216.58.209.46) 61.095 ms 61.126 ms
$ traceroute -I google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 21.592 ms 37.848 ms 41.086 ms
2 192.168.10.1 (192.168.10.1) 47.584 ms 50.838 ms 54.088 ms
3 82.113.192.132 (82.113.192.132) 57.354 ms 63.878 ms 63.870 ms
4 185.25.74.93 (185.25.74.93) 63.861 ms 63.846 ms 63.901 ms
5 hu-0-0-1-2.ncs55-1-jn.network.twt.it (185.25.74.130) 63.891 ms 1457.578 ms 1457.568 ms
6 142.250.169.248 (142.250.169.248) 70.296 ms 14.804 ms 33.535 ms
7 209.85.242.39 (209.85.242.39) 82.764 ms 82.748 ms 82.731 ms
8 108.170.232.169 (108.170.232.169) 82.712 ms 82.696 ms 82.745 ms
9 mil07s12-in-f14.1e100.net (216.58.209.46) 225.226 ms 228.457 ms 228.433 ms
查看 Wireshark,我有一个 synack 用于第一个 ttl = 1 的 syn 探测器,这很奇怪,因为它应该过期。
最后,尝试更改端口,例如更改为 22,它似乎有点工作:
$ traceroute -T -p 22 google.com
traceroute to google.com (216.58.209.46), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 10.014 ms 9.943 ms 9.921 ms
2 192.168.10.1 (192.168.10.1) 13.022 ms 12.947 ms 12.917 ms
3 82.113.192.132 (82.113.192.132) 38.882 ms 38.855 ms 38.832 ms
4 185.25.74.93 (185.25.74.93) 38.802 ms 38.846 ms 38.818 ms
5 hu-0-0-1-2.ncs55-1-jn.network.twt.it (185.25.74.130) 38.790 ms 38.765 ms 38.748 ms
6 142.250.169.248 (142.250.169.248) 38.649 ms 10.215 ms 10.256 ms
7 * * *
8 * * *
...
29 * * *
30 * * *
$ traceroute -T -p 22 tomshw.com
traceroute to tomshw.com (64.190.63.111), 30 hops max, 60 byte packets
1 _gateway (192.168.182.1) 5.657 ms 5.594 ms 5.567 ms
2 192.168.10.1 (192.168.10.1) 12.123 ms 12.099 ms 12.075 ms
3 82.113.192.132 (82.113.192.132) 17.724 ms 20.958 ms 20.934 ms
4 185.25.74.93 (185.25.74.93) 24.177 ms 24.154 ms 24.198 ms
5 te-0-2-0-1.asr9kp-jn.network.twt.it (82.113.194.246) 20.835 ms 20.812 ms 20.817 ms
6 81.25.202.185 (81.25.202.185) 24.095 ms 15.309 ms 18.446 ms
7 mno-b3-link.ip.twelve99.net (62.115.144.98) 18.414 ms 14.755 ms 17.877 ms
8 ffm-bb2-link.ip.twelve99.net (62.115.116.172) 29.702 ms 39.470 ms 39.454 ms
9 mcn-b3-link.ip.twelve99.net (62.115.124.47) 39.430 ms 39.407 ms 39.374 ms
10 internetx-ic332227-mcn-b2.ip.twelve99-cust.net (62.115.160.178) 39.350 ms 39.355 ms 39.329 ms
11 91.195.241.102 (91.195.241.102) 39.269 ms 39.239 ms 164.766 ms
12 91.195.241.118 (91.195.241.118) 167.982 ms 167.951 ms 91.195.241.114 (91.195.241.114) 207.035 ms
13 64.190.63.111 (64.190.63.111) 206.969 ms 206.940 ms 203.627 ms
对这种行为的解释是什么?我使用的操作系统是默认设置的 Kubuntu 21.10,所以我会排除代理或类似的东西。
traceroute 人说:
tcp -T
Well-known modern method, intended to bypass firewalls. Uses the constant destination port (default is 80, http).
看来您的网络中有某种 80 端口的隐形代理