将项目部署到现场环境,HTTP请求莫名奇妙的连接超时,通过抓包定位了问题,是请求的IP被禁止掉。其中用到了抓包,将记录记录于此。
tcpdump host 120.197.89.51 -i any -vvv
14:14:06.241085 IP (tos 0x0, ttl 64, id 56139, offset 0, flags [DF], proto TCP (6), length 60) 192.168.106.107.44667 > 120.197.89.51.http: Flags [S], cksum 0x3884 (correct), seq 3271352889, win 14600, options [mss 1460,sackOK,TS val 1274296690 ecr 0,nop,wscale 6], length 0 14:14:06.268772 IP (tos 0x0, ttl 118, id 29508, offset 0, flags [DF], proto TCP (6), length 56) 120.197.89.51.http > 192.168.106.107.44667: Flags [S.], cksum 0xdfa2 (correct), seq 2738935600, ack 3271352890, win 8192, options [mss 1380,sackOK,TS val 2492299062 ecr 1274296690], length 0 14:14:06.268790 IP (tos 0x0, ttl 64, id 56140, offset 0, flags [DF], proto TCP (6), length 52) 192.168.106.107.44667 > 120.197.89.51.http: Flags [.], cksum 0xe0eb (correct), seq 1, ack 1, win 14600, options [nop,nop,TS val 1274296719 ecr 2492299062], length 0 14:14:06.268925 IP (tos 0x0, ttl 64, id 56141, offset 0, flags [DF], proto TCP (6), length 416) 192.168.106.107.44667 > 120.197.89.51.http: Flags [P.], cksum 0xd3eb (correct), seq 1:365, ack 1, win 14600, options [nop,nop,TS val 1274296719 ecr 2492299062], length 364 14:14:06.301625 IP (tos 0x0, ttl 118, id 29513, offset 0, flags [DF], proto TCP (6), length 381) 120.197.89.51.http > 192.168.106.107.44667: Flags [P.], cksum 0x15f1 (correct), seq 1:330, ack 365, win 65535, options [nop,nop,TS val 2492299065 ecr 1274296719], length 329 14:14:06.301647 IP (tos 0x0, ttl 64, id 56142, offset 0, flags [DF], proto TCP (6), length 52) 192.168.106.107.44667 > 120.197.89.51.http: Flags [.], cksum 0xda62 (correct), seq 365, ack 330, win 15544, options [nop,nop,TS val 1274296752 ecr 2492299065], length 0 14:14:06.301778 IP (tos 0x0, ttl 64, id 56143, offset 0, flags [DF], proto TCP (6), length 52) 192.168.106.107.44667 > 120.197.89.51.http: Flags [F.], cksum 0xda61 (correct), seq 365, ack 330, win 15544, options [nop,nop,TS val 1274296752 ecr 2492299065], length 0 14:14:06.329476 IP (tos 0x0, ttl 118, id 29518, offset 0, flags [DF], proto TCP (6), length 52) 120.197.89.51.http > 192.168.106.107.44667: Flags [.], cksum 0x1717 (correct), seq 330, ack 366, win 65535, options [nop,nop,TS val 2492299068 ecr 1274296752], length 0 14:14:06.329710 IP (tos 0x0, ttl 118, id 29519, offset 0, flags [DF], proto TCP (6), length 52) 120.197.89.51.http > 192.168.106.107.44667: Flags [F.], cksum 0x1716 (correct), seq 330, ack 366, win 65535, options [nop,nop,TS val 2492299068 ecr 1274296752], length 0 14:14:06.329719 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52) 192.168.106.107.44667 > 120.197.89.51.http: Flags [.], cksum 0xda41 (correct), seq 366, ack 331, win 15544, options [nop,nop,TS val 1274296780 ecr 2492299068], length 0
这里简单解释下tcpdump TCP包的输出信息
用TCPDUMP捕获的TCP包的一般输出信息是: src > dst: flags data-seqno ack window urgent options src > dst:表明从源地址到目的地址, flags是TCP包中的标志信息,S 是SYN标志, F (FIN), P (PUSH) , R (RST) "." (没有标记); data-seqno是数据包中的数据的顺序号,
ack是下次期望的顺序号,
window是接收缓存的窗口大小, urgent表明数据包中是否有紧急指针.
options是选项. 每一行中间都有这个包所携带的标志: S=SYN,发起连接标志 P=PUSH,传送数据标志 F=FIN,关闭连接标志 ack 表示确认包 RST= RESET,异常关闭连接 . 表示没有任何标志
参考
http://dngood.blog.51cto.com/446195/988968/