1)现象描述
今天有同事访问,他在用vmware workstation做测试的时候,使用nat模式,在家里能够ping通www.baidu.com,但是在公司怎么ping都不通,但是访问内网和网关都正常。并且测试机的selinux和iptables都是已经关闭。
2)处理过程
a、测试到内网其它主机
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@mysql-master ~]
# ping -c 5 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64
time
=0.440 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64
time
=0.968 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64
time
=3.39 ms
64 bytes from 10.10.10.1: icmp_seq=4 ttl=64
time
=4.77 ms
64 bytes from 10.10.10.1: icmp_seq=5 ttl=64
time
=1.55 ms
--- 10.10.10.1
ping
statistics ---
5 packets transmitted, 5 received, 0% packet loss,
time
4005ms
rtt min
/avg/max/mdev
= 0.440
/2
.226
/4
.777
/1
.618 ms
说明:到内网其它主机,正常
|
b、测试到网关
|
1
2
3
4
5
6
7
8
|
[root@mysql-master ~]
# ping -c 5 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_seq=1 ttl=128
time
=1.15 ms
64 bytes from 10.10.10.2: icmp_seq=2 ttl=128
time
=2.21 ms
64 bytes from 10.10.10.2: icmp_seq=3 ttl=128
time
=0.252 ms
64 bytes from 10.10.10.2: icmp_seq=4 ttl=128
time
=0.209 ms
64 bytes from 10.10.10.2: icmp_seq=5 ttl=12
说明:到网关正常
|
c、测试到baidu.com的连通性
|
1
2
3
4
5
|
[root@mysql-master ~]
# ping -c 5 www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
--- www.a.shifen.com
ping
statistics ---
5 packets transmitted, 0 received, 100% packet loss,
time
13999ms
说明:发现包完全丢失,但是dns能够解析到ip地址,对网络是不是有限制产生了怀疑?
|
d、检测dns的解析
|
1
2
3
4
5
6
7
8
9
10
|
[root@mysql-master ~]
# nslookup www.baidu.com
Server:10.10.10.2
Address:10.10.10.2
#53
Non-authoritative answer:
www.baidu.comcanonical name = www.a.shifen.com.
Name:www.a.shifen.com
Address: 61.135.169.125
Name:www.a.shifen.com
Address: 61.135.169.121
说明:DNS解析正常
|
e、测试网络是否真的连通(wget以及nmap)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[root@mysql-master ~]
# mkdir -p /packet
[root@mysql-master ~]
# cd /packet/
[root@mysql-master packet]
# wget www.baidu.com
--2016-10-19 06:01:48-- http:
//www
.baidu.com/
正在解析主机 www.baidu.com... 61.135.169.125, 61.135.169.121
正在连接 www.baidu.com|61.135.169.125|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:2381 (2.3K) [text
/html
]
正在保存至: “index.html”
100%[==================================================================================>] 2,381 --.-K
/s
in
0s
2016-10-19 06:01:48 (128 MB
/s
) - 已保存 “index.html” [2381
/2381
])
[root@mysql-master packet]
# echo $?
0
测试表明wget是正常的,能够正常下载
[root@mysql-master packet]
# nmap www.baidu.com
Starting Nmap 5.51 ( http:
//nmap
.org ) at 2016-10-19 06:02 CST
Nmap scan report
for
www.baidu.com (61.135.169.125)
Host is up (0.036s latency).
Other addresses
for
www.baidu.com (not scanned): 61.135.169.121
Not shown: 998 filtered ports
PORT STATE SERVICE
80
/tcp
open
http
443
/tcp
open
https
Nmap
done
: 1 IP address (1 host up) scanned
in
56.33 seconds
说明:能够使用nmap检测到端口开放的情况
|
f、利用tcpdump进行抓包分析
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@mysql-master ~]
# ping -c 5 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
64 bytes from 10.10.10.2: icmp_seq=1 ttl=128
time
=0.287 ms
64 bytes from 10.10.10.2: icmp_seq=2 ttl=128
time
=0.626 ms
64 bytes from 10.10.10.2: icmp_seq=3 ttl=128
time
=0.370 ms
64 bytes from 10.10.10.2: icmp_seq=4 ttl=128
time
=0.412 ms
64 bytes from 10.10.10.2: icmp_seq=5 ttl=128
time
=0.248 ms
--- 10.10.10.2
ping
statistics ---
5 packets transmitted, 5 received, 0% packet loss,
time
4003ms
rtt min
/avg/max/mdev
= 0.248
/0
.388
/0
.626
/0
.133 ms
[root@mysql-master ~]
# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -
v
or -vv
for
full protocol decode
listening on eth0, link-
type
EN10MB (Ethernet), capture size 65535 bytes
05:48:57.350869 IP mysql-master > localhost: ICMP
echo
request,
id
10786,
seq
1, length 64
05:48:57.351123 IP localhost > mysql-master: ICMP
echo
reply,
id
10786,
seq
1, length 64
05:48:58.352296 IP mysql-master > localhost: ICMP
echo
request,
id
10786,
seq
2, length 64
05:48:58.352889 IP localhost > mysql-master: ICMP
echo
reply,
id
10786,
seq
2, length 64
05:48:59.352281 IP mysql-master > localhost: ICMP
echo
request,
id
10786,
seq
3, length 64
05:48:59.352590 IP localhost > mysql-master: ICMP
echo
reply,
id
10786,
seq
3, length 64
05:49:00.353060 IP mysql-master > localhost: ICMP
echo
request,
id
10786,
seq
4, length 64
05:49:00.353433 IP localhost > mysql-master: ICMP
echo
reply,
id
10786,
seq
4, length 64
05:49:01.353288 IP mysql-master > localhost: ICMP
echo
request,
id
10786,
seq
5, length 64
05:49:01.353503 IP localhost > mysql-master: ICMP
echo
reply,
id
10786,
seq
5, length 64
|
说明:有正常的request包和reply,说明本机到10.10.10.2正常(request包),并且10.10.10.2到本机有回应(reply包)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@mysql-master ~]
# ping -c 5 www.baidu.com
PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data.
--- www.a.shifen.com
ping
statistics ---
5 packets transmitted, 0 received, 100% packet loss,
time
14003ms
[root@mysql-master ~]
# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -
v
or -vv
for
full protocol decode
listening on eth0, link-
type
EN10MB (Ethernet), capture size 65535 bytes
05:53:27.820920 IP mysql-master > 61.135.169.125: ICMP
echo
request,
id
14370,
seq
1, length 64
05:53:28.822483 IP mysql-master > 61.135.169.125: ICMP
echo
request,
id
14370,
seq
2, length 64
05:53:29.823843 IP mysql-master > 61.135.169.125: ICMP
echo
request,
id
14370,
seq
3, length 64
05:53:30.823290 IP mysql-master > 61.135.169.125: ICMP
echo
request,
id
14370,
seq
4, length 64
05:53:31.823680 IP mysql-master > 61.135.169.125: ICMP
echo
request,
id
14370,
seq
5, length 64
说明:发现有request包,表明本机到baidu的包,baidu是接收到的,可能是百度没响应(可能性不大)或者被公司防火墙阻断了
|
使用手机热点,共享给测试机使用
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
[root@mysql-master ~]
# ping -c 5 www.baidu.com
PING www.a.shifen.com (183.232.231.173) 56(84) bytes of data.
64 bytes from 183.232.231.173: icmp_seq=1 ttl=128
time
=74.4 ms
64 bytes from 183.232.231.173: icmp_seq=2 ttl=128
time
=74.7 ms
64 bytes from 183.232.231.173: icmp_seq=3 ttl=128
time
=64.4 ms
64 bytes from 183.232.231.173: icmp_seq=4 ttl=128
time
=57.0 ms
64 bytes from 183.232.231.173: icmp_seq=5 ttl=128
time
=60.5 ms
--- www.a.shifen.com
ping
statistics ---
5 packets transmitted, 5 received, 0% packet loss,
time
4065ms
rtt min
/avg/max/mdev
= 57.081
/66
.263
/74
.772
/7
.216 ms
[root@mysql-master ~]
# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -
v
or -vv
for
full protocol decode
listening on eth0, link-
type
EN10MB (Ethernet), capture size 65535 bytes
05:58:31.031646 IP mysql-master > 183.232.231.173: ICMP
echo
request,
id
40226,
seq
1, length 64
05:58:31.106104 IP 183.232.231.173 > mysql-master: ICMP
echo
reply,
id
40226,
seq
1, length 64
05:58:32.032448 IP mysql-master > 183.232.231.173: ICMP
echo
request,
id
40226,
seq
2, length 64
05:58:32.107194 IP 183.232.231.173 > mysql-master: ICMP
echo
reply,
id
40226,
seq
2, length 64
05:58:33.034464 IP mysql-master > 183.232.231.173: ICMP
echo
request,
id
40226,
seq
3, length 64
05:58:33.098846 IP 183.232.231.173 > mysql-master: ICMP
echo
reply,
id
40226,
seq
3, length 64
05:58:34.035272 IP mysql-master > 183.232.231.173: ICMP
echo
request,
id
40226,
seq
4, length 64
05:58:34.092322 IP 183.232.231.173 > mysql-master: ICMP
echo
reply,
id
40226,
seq
4, length 64
05:58:35.036289 IP mysql-master > 183.232.231.173: ICMP
echo
request,
id
40226,
seq
5, length 64
05:58:35.096837 IP 183.232.231.173 > mysql-master: ICMP
echo
reply,
id
40226,
seq
5, length 64
说明:到baidu是有request和reply包,进出的包都是正常的
|
综合分析:应该是公司内部网络时对回来的网络包做了些限制,随后与网络工程师核对了下,的确在防火墙上做了些限制。
本文转自 冰冻vs西瓜 51CTO博客,原文链接:http://blog.51cto.com/molewan/1865812,如需转载请自行联系原作者
