[问题求助]用tcpdump抓的包，帮我看看是什么问题 ？ [复制链接]

网关自己连接这个.IP没问题，但是客户端连接的时.候连接不上， 这是从一个网关上抓的数据包.，比较郁闷，高手帮我看看是什么问题，系统参数设置有问题吗？linux版本 2.6.14.7.

17:28:54.584290 IP 218.90.173..66.3071 > 202.102.2.108.80: S 254.6516110:2.546516110(0) win 8192 <mss 1460,nop,nop,sackOK>健康
17:28:..54.585199 IP 202.102.2.108.80 > 218.90.173.66.3071: S. 2546516110:2546516110(0) ack 2000669681 win 65535 <mss. 1460,nop,nop,sackOK>--- 印刷
17:28:54..585263 IP 218.90.173.66.307.1 > 202.102.2.108.80: R 2000669681:2000669681.(0) win 0.
17:28:54.585269 IP 202.102.2..108.80 > 218.90.173.66.3071: S 4233833560:4233833.560(0) ack 2546516111 win 5840 <mss 1460,no.p,n.op,sackOK>.
17:28:54.585283 IP 218.90.173.66.3071 > 202.102.2.108.80: R 2546516.111:2.546516111(0) win. 0.
17:28:57.475795 IP 218.90.173..66.3071 > 202.102.2.108..80: S 2546.516110:2546516110(0) win 8192 <mss 1460,nop,nop,sackOK>.
17:28:57.47.7178 IP 202.102.2.108.80 > 218.90.173.66.3071: S 25465161.10:25465161.10(0) ack 2000669681 win 65535 <mss 1460,.nop,nop,sackOK>(        游戏          )
17:28:5.7.4.77226 IP 218.90.173.66.3071 > 202.102.2.108.80: R 2000669681:2000669681(0.) win 0教育
17:28:57.478055 IP 202.102.2.108.80 > 218.90.173.66.30.71: S 4236.725135:4236725135(0) ack 2546516111 w.in 5840 <mss 1460,no.p,nop,sackOK>             电子
17:28:57.478113 IP 218.90.173.66..3071 > 202.102.2.108.80: R 25.46516111:2546516111(0) w.in 0    外汇
17:29:03.510963 IP 218.90.173.66.3071 > 202.102.2.108.80.: S 2546516110:2546516110(0) win 8192 <mss 1460,n.op,nop.,sackOK>    外汇
17:29:03.511925 IP 202.102.2.108.80 > 218.90.173.66..3071: S 2546516110.:2546516110(0.) ack 2000669681 win 65.535 <mss 1460,nop,nop,sackOK>.
17:29:03.511972 IP 21.8.90.173.66.3071 > 202.102.2.108.80:. R 2.000669681:2000669681(0) win 0.
17:29:03.512552 IP .202.102.2.108.80 > 218.90.173.66.3071: S 4242759804:4242759804(0) ac.k 2546516111 ..win 5840 <mss 1460,nop,nop,sackOK>    外汇
17:29:03.512609 IP 218.90.17.3.66.30.71 > 202.102.2.108.80: R 25465161.11:2546516111(0) win 0.

我来回答

用 tcpdump 抓包的时候加上 -vs0 -w <filename> 参数，保存成文件，然后发附件出来

QUOTE:原帖由 platinum 于 2007-4-26 08:13 发表于 2楼  
用 tcpdump 抓包的时候加上 -vs0 -w <filename> 参数，保存成文件，然后发附件出来



tcpdump保存的文件，请帮我看看
11.rar (420 Bytes) 下载次数:81
2007-04-26 10:26

tcpdump保存的文件

10:27:25.549852 IP (tos 0x0, ttl  63, id 11789, offset 0, flags [none], proto 6, length: 4 218.90.173.66.2113 > 202.102.2.108.80: S [tcp sum ok] 833692817:833692817(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:25.550894 IP (tos 0x0, ttl 250, id 49683, offset 0, flags [DF], proto 6, length: 4 202.102.2.108.80 > 218.90.173.66.2113: S [tcp sum ok] 833692817:833692817(0) ack 2021772273 win 65535 <mss 1460,nop,nop,sackOK>
10:27:25.550974 IP (tos 0x0, ttl  64, id 64320, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2113 > 202.102.2.108.80: R [tcp sum ok] 2021772273:2021772273(0) win 0
10:27:25.551508 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 4 202.102.2.108.80 > 218.90.173.66.2113: S [tcp sum ok] 1197535:1197535(0) ack 833692818 win 5840 <mss 1460,nop,nop,sackOK>
10:27:25.551538 IP (tos 0x0, ttl  64, id 64321, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2113 > 202.102.2.108.80: R [tcp sum ok] 833692818:833692818(0) win 0
10:27:28.475448 IP (tos 0x0, ttl  63, id 11921, offset 0, flags [none], proto 6, length: 4 218.90.173.66.2113 > 202.102.2.108.80: S [tcp sum ok] 833692817:833692817(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:28.476985 IP (tos 0x0, ttl 250, id 49683, offset 0, flags [DF], proto 6, length: 4 202.102.2.108.80 > 218.90.173.66.2113: S [tcp sum ok] 833692817:833692817(0) ack 2021772273 win 65535 <mss 1460,nop,nop,sackOK>
10:27:28.477031 IP (tos 0x0, ttl  64, id 64329, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2113 > 202.102.2.108.80: R [tcp sum ok] 2021772273:2021772273(0) win 0
10:27:28.478491 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 4 202.102.2.108.80 > 218.90.173.66.2113: S [tcp sum ok] 4123244:4123244(0) ack 833692818 win 5840 <mss 1460,nop,nop,sackOK>
10:27:28.478549 IP (tos 0x0, ttl  64, id 64330, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2113 > 202.102.2.108.80: R [tcp sum ok] 833692818:833692818(0) win 0
10:27:34.509746 IP (tos 0x0, ttl  63, id 12016, offset 0, flags [none], proto 6, length: 4 218.90.173.66.2113 > 202.102.2.108.80: S [tcp sum ok] 833692817:833692817(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:34.510732 IP (tos 0x0, ttl 250, id 49683, offset 0, flags [DF], proto 6, length: 4 202.102.2.108.80 > 218.90.173.66.2113: S [tcp sum ok] 833692817:833692817(0) ack 2021772273 win 65535 <mss 1460,nop,nop,sackOK>
10:27:34.510779 IP (tos 0x0, ttl  64, id 64343, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2113 > 202.102.2.108.80: R [tcp sum ok] 2021772273:2021772273(0) win 0
10:27:34.511239 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 4 202.102.2.108.80 > 218.90.173.66.2113: S [tcp sum ok] 10156744:10156744(0) ack 833692818 win 5840 <mss 1460,nop,nop,sackOK>
10:27:34.511297 IP (tos 0x0, ttl  64, id 64344, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2113 > 202.102.2.108.80: R [tcp sum ok] 833692818:833692818(0) win 0
10:27:46.587394 IP (tos 0x0, ttl  63, id 12126, offset 0, flags [none], proto 6, length: 4 218.90.173.66.2125 > 202.102.2.108.80: S [tcp sum ok] 4000017528:4000017528(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:46.588596 IP (tos 0x0, ttl 250, id 49695, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2125: S [tcp sum ok] 4000017528:4000017528(0) ack 2022558705 win 65535 <mss 1460,nop,nop,sackOK>
10:27:46.588660 IP (tos 0x0, ttl  64, id 64363, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2125 > 202.102.2.108.80: R [tcp sum ok] 2022558705:2022558705(0) win 0
10:27:46.588856 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2125: S [tcp sum ok] 17435080:17435080(0) ack 4000017529 win 5840 <mss 1460,nop,nop,sackOK>
10:27:46.588905 IP (tos 0x0, ttl  64, id 64364, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2125 > 202.102.2.108.80: R [tcp sum ok] 4000017529:4000017529(0) win 0
10:27:46.601404 IP (tos 0x0, ttl  63, id 12135, offset 0, flags [none], proto 6, length: 48) 218.90.173.66.2127 > 202.102.2.108.80: S [tcp sum ok] 1301300915:1301300915(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:46.602846 IP (tos 0x0, ttl 250, id 49693, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2127: S [tcp sum ok] 1301300915:1301300915(0) ack 2022689777 win 65535 <mss 1460,nop,nop,sackOK>
10:27:46.602903 IP (tos 0x0, ttl  64, id 64365, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2127 > 202.102.2.108.80: R [tcp sum ok] 2022689777:2022689777(0) win 0
10:27:46.604715 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2127: S [tcp sum ok] 20983839:20983839(0) ack 1301300916 win 5840 <mss 1460,nop,nop,sackOK>
10:27:46.604757 IP (tos 0x0, ttl  64, id 64366, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2127 > 202.102.2.108.80: R [tcp sum ok] 1301300916:1301300916(0) win 0
10:27:49.597609 IP (tos 0x0, ttl  63, id 12185, offset 0, flags [none], proto 6, length: 48) 218.90.173.66.2125 > 202.102.2.108.80: S [tcp sum ok] 4000017528:4000017528(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:49.597758 IP (tos 0x0, ttl  63, id 12186, offset 0, flags [none], proto 6, length: 48) 218.90.173.66.2127 > 202.102.2.108.80: S [tcp sum ok] 1301300915:1301300915(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:49.599415 IP (tos 0x0, ttl 250, id 49695, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2125: S [tcp sum ok] 4000017528:4000017528(0) ack 2022558705 win 65535 <mss 1460,nop,nop,sackOK>
10:27:49.599478 IP (tos 0x0, ttl  64, id 64378, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2125 > 202.102.2.108.80: R [tcp sum ok] 2022558705:2022558705(0) win 0
10:27:49.599487 IP (tos 0x0, ttl 250, id 49693, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2127: S [tcp sum ok] 1301300915:1301300915(0) ack 2022689777 win 65535 <mss 1460,nop,nop,sackOK>
10:27:49.599501 IP (tos 0x0, ttl  64, id 64379, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2127 > 202.102.2.108.80: R [tcp sum ok] 2022689777:2022689777(0) win 0
10:27:49.602163 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2125: S [tcp sum ok] 20445382:20445382(0) ack 4000017529 win 5840 <mss 1460,nop,nop,sackOK>
10:27:49.602218 IP (tos 0x0, ttl  64, id 64380, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2125 > 202.102.2.108.80: R [tcp sum ok] 4000017529:4000017529(0) win 0
10:27:49.602227 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2127: S [tcp sum ok] 23979897:23979897(0) ack 1301300916 win 5840 <mss 1460,nop,nop,sackOK>
10:27:49.602241 IP (tos 0x0, ttl  64, id 64381, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2127 > 202.102.2.108.80: R [tcp sum ok] 1301300916:1301300916(0) win 0
10:27:55.532195 IP (tos 0x0, ttl  63, id 12197, offset 0, flags [none], proto 6, length: 48) 218.90.173.66.2125 > 202.102.2.108.80: S [tcp sum ok] 4000017528:4000017528(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:55.532350 IP (tos 0x0, ttl  63, id 12198, offset 0, flags [none], proto 6, length: 48) 218.90.173.66.2127 > 202.102.2.108.80: S [tcp sum ok] 1301300915:1301300915(0) win 8192 <mss 1460,nop,nop,sackOK>
10:27:55.535323 IP (tos 0x0, ttl 250, id 49695, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2125: S [tcp sum ok] 4000017528:4000017528(0) ack 2022558705 win 65535 <mss 1460,nop,nop,sackOK>
10:27:55.535360 IP (tos 0x0, ttl  64, id 64390, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2125 > 202.102.2.108.80: R [tcp sum ok] 2022558705:2022558705(0) win 0
10:27:55.535367 IP (tos 0x0, ttl 250, id 49693, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2127: S [tcp sum ok] 1301300915:1301300915(0) ack 2022689777 win 65535 <mss 1460,nop,nop,sackOK>
10:27:55.535381 IP (tos 0x0, ttl  64, id 64391, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2127 > 202.102.2.108.80: R [tcp sum ok] 2022689777:2022689777(0) win 0
10:27:55.537079 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2125: S [tcp sum ok] 26379482:26379482(0) ack 4000017529 win 5840 <mss 1460,nop,nop,sackOK>
10:27:55.537135 IP (tos 0x0, ttl  64, id 64392, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2125 > 202.102.2.108.80: R [tcp sum ok] 4000017529:4000017529(0) win 0
10:27:55.537329 IP (tos 0x0, ttl  59, id 0, offset 0, flags [DF], proto 6, length: 48) 202.102.2.108.80 > 218.90.173.66.2127: S [tcp sum ok] 29914010:29914010(0) ack 1301300916 win 5840 <mss 1460,nop,nop,sackOK>
10:27:55.537374 IP (tos 0x0, ttl  64, id 64393, offset 0, flags [DF], proto 6, length: 40) 218.90.173.66.2127 > 202.102.2.108.80: R [tcp sum ok] 1301300916:1301300916(0) win 0

是在服务器抓的包吗？
在 client 端装 wireshark 也抓一下包看看
另外，在网关上再抓一个正常访问的过程发上来看一下

想即时通讯交流效率快点，现在着急解决这个问题

刚才做了个测试， 如果在网关处不进行SNAT的话，可以正常上那个网站，对比了在网关处直接wget 一个文件的时候抓的数据包，发现TCP数据包中的win参数跟客户端不同， 客户端和网关分别为win=8192、win=5840; 通过测试发现，不经过SNAT好象win参数的协商由客户端自己做，做SNAT规则，win参数的协商由网关负责，而网关不支持win协商一样，win 的参数始终不变。


福建是在网关直接wget一个网页时抓的数据包
网关处OK.rar (1.29 KB) 下载次数:50
2007-04-26 11:56

画出你的网络拓扑，贴出你的 iptables-save 以及路由等其他相关信息，感觉你的网络设计存在问题

猜想，LZ是不是又被网络尖兵like搞了

网络是没问题的，上其他的网站都没问题，就单独这一个有问题