服务器 Gind.cn
  1. 服务器 Gind.cn
  3. tcpdump捕获主机的TCP重置
Intereting Posts
SQL Server日志logging停止冗长的SharePoint操作 Hbase目录表的自定义位置 疑难解答shinken 上网本作为服务器? 有没有办法禁用nginx自动索引目录的符号链接? 在Windows 7上,SSL FTP失败,但不是Windows XP客户端 重启后出现“过时的NFS文件句柄” Exchange 2010公用文件夹高可用性或负载平衡 使用商业邮件服务器路由电子邮件aviod黑名单 安装/ var / www进行文件恢复 不能使用亚马逊VPC子网中的Box连接到站点到站点VPN隧道的另一端 英镑代理与多个SSL证书 通过ssh限制访问 如何解决“producaoaudio.com”上的“父母列出的多余的名称服务器”? 无法运行任何apt-get更新而不杀死服务器

tcpdump捕获主机的TCP重置

我想弄清楚我的networking服务器上的TCP重置发生在哪里。 我有以下的捕获: 

tcpdump -fnni bond0:-nnvvS -w dump.pcap 'tcp[tcpflags] & (tcp-rst) !=0'

当我看着wireshark中的pcap显示我重置: 

  Flags: 0x004 (RST) .... .... .1.. = Reset: Set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 0 Calculated window size: 0 Window size scaling factor: -1 (unknown) Checksum: 0x0f2f [validation disabled] Good Checksum: False Bad Checksum: False

但不显示谁重置连接。 我相信在tcpdump中有交换机,可以让我看到谁重置连接,可能是为什么。 我已经尝试了各种开关没有运气。

在此先感谢您的帮助。

注意Src PortDst Port

 Transmission Control Protocol, Src Port: http (80), Dst Port: norton-lambert (2338), Seq: 1406431331, Len: 0 Source port: http (80) Destination port: norton-lambert (2338) [Stream index: 3] Sequence number: 1406431331 Header length: 20 bytes Flags: 0x004 (RST) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .1.. = Reset: Set [Expert Info (Chat/Sequence): Connection reset (RST)] [Message: Connection reset (RST)] [Severity level: Chat] [Group: Sequence] .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set

Src Port: http (80)表示这个RST包是从服务器端发送的。

如果它来自客户端,那么你应该看到原因: 

 Transmission Control Protocol, Src Port: 57715 (57715), Dst Port: http (80), Seq: 3509013939, Len: 0 Source port: 57715 (57715) Destination port: http (80) [Stream index: 32] Sequence number: 3509013939 Acknowledgment Number: 0xd1274db3 [should be 0x00000000 because ACK flag is not set] [Expert Info (Warn/Protocol): Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is no t set] [Message: Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set] [Severity level: Warn] [Group: Protocol] Header length: 20 bytes Flags: 0x004 (RST) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .1.. = Reset: Set [Expert Info (Chat/Sequence): Connection reset (RST)] [Message: Connection reset (RST)] [Severity level: Chat] [Group: Sequence] .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set