1)现象描述
今天有同事访问,他在用vmware workstation做测试的时候,使用nat模式,在家里能够ping通www.baidu.com,但是在公司怎么ping都不通,但是访问内网和网关都正常。并且测试机的selinux和iptables都是已经关闭。
2)处理过程
a、测试到内网其它主机
[root@MysqL-master~]#ping-c510.10.10.1 PING10.10.10.1(10.10.10.1)56(84)bytesofdata. 64bytesfrom10.10.10.1:icmp_seq=1ttl=64time=0.440ms 64bytesfrom10.10.10.1:icmp_seq=2ttl=64time=0.968ms 64bytesfrom10.10.10.1:icmp_seq=3ttl=64time=3.39ms 64bytesfrom10.10.10.1:icmp_seq=4ttl=64time=4.77ms 64bytesfrom10.10.10.1:icmp_seq=5ttl=64time=1.55ms ---10.10.10.1pingstatistics--- 5packetstransmitted,5received,0%packetloss,time4005ms rttmin/avg/max/mdev=0.440/2.226/4.777/1.618ms 说明:到内网其它主机,正常
b、测试到网关
[root@MysqL-master~]#ping-c510.10.10.2 PING10.10.10.2(10.10.10.2)56(84)bytesofdata. 64bytesfrom10.10.10.2:icmp_seq=1ttl=128time=1.15ms 64bytesfrom10.10.10.2:icmp_seq=2ttl=128time=2.21ms 64bytesfrom10.10.10.2:icmp_seq=3ttl=128time=0.252ms 64bytesfrom10.10.10.2:icmp_seq=4ttl=128time=0.209ms 64bytesfrom10.10.10.2:icmp_seq=5ttl=12 说明:到网关正常
c、测试到baidu.com的连通性
[root@MysqL-master~]#ping-c5www.baidu.com PINGwww.a.shifen.com(61.135.169.121)56(84)bytesofdata. ---www.a.shifen.compingstatistics--- 5packetstransmitted,0received,100%packetloss,time13999ms 说明:发现包完全丢失,但是dns能够解析到ip地址,对网络是不是有限制产生了怀疑?
d、检测dns的解析
[root@MysqL-master~]#nslookupwww.baidu.com Server:10.10.10.2 Address:10.10.10.2#53 Non-authoritativeanswer: www.baidu.comcanonicalname=www.a.shifen.com. Name:www.a.shifen.com Address:61.135.169.125 Name:www.a.shifen.com Address:61.135.169.121 说明:DNS解析正常
e、测试网络是否真的连通(wget以及nmap)
[root@MysqL-master~]#mkdir-p/packet [root@MysqL-master~]#cd/packet/ [root@MysqL-masterpacket]#wgetwww.baidu.com --2016-10-1906:01:48--http://www.baidu.com/ 正在解析主机www.baidu.com...61.135.169.125,61.135.169.121 正在连接www.baidu.com|61.135.169.125|:80...已连接。 已发出HTTP请求,正在等待回应...200OK 长度:2381(2.3K)[text/html] 正在保存至:“index.html” 100%[==================================================================================>]2,381--.-K/sin0s 2016-10-1906:01:48(128MB/s)-已保存“index.html”[2381/2381]) [root@MysqL-masterpacket]#echo$? 0 测试表明wget是正常的,能够正常下载 [root@MysqL-masterpacket]#nmapwww.baidu.com StartingNmap5.51(http://nmap.org)at2016-10-1906:02CST Nmapscanreportforwww.baidu.com(61.135.169.125) Hostisup(0.036slatency). Otheraddressesforwww.baidu.com(notscanned):61.135.169.121 Notshown:998filteredports PORTSTATESERVICE 80/tcpopenhttp 443/tcpopenhttps Nmapdone:1IPaddress(1hostup)scannedin56.33seconds 说明:能够使用nmap检测到端口开放的情况
f、利用tcpdump进行抓包分析
[root@MysqL-master~]#ping-c510.10.10.2 PING10.10.10.2(10.10.10.2)56(84)bytesofdata. 64bytesfrom10.10.10.2:icmp_seq=1ttl=128time=0.287ms 64bytesfrom10.10.10.2:icmp_seq=2ttl=128time=0.626ms 64bytesfrom10.10.10.2:icmp_seq=3ttl=128time=0.370ms 64bytesfrom10.10.10.2:icmp_seq=4ttl=128time=0.412ms 64bytesfrom10.10.10.2:icmp_seq=5ttl=128time=0.248ms ---10.10.10.2pingstatistics--- 5packetstransmitted,time4003ms rttmin/avg/max/mdev=0.248/0.388/0.626/0.133ms [root@MysqL-master~]#tcpdump-ieth0icmp tcpdump:verboSEOutputsuppressed,use-vor-vvforfullprotocoldecode listeningoneth0,link-typeEN10MB(Ethernet),capturesize65535bytes 05:48:57.350869IPMysqL-master>localhost:ICMPechorequest,id10786,seq1,length64 05:48:57.351123IPlocalhost>MysqL-master:ICMPechoreply,length64 05:48:58.352296IPMysqL-master>localhost:ICMPechorequest,seq2,length64 05:48:58.352889IPlocalhost>MysqL-master:ICMPechoreply,length64 05:48:59.352281IPMysqL-master>localhost:ICMPechorequest,seq3,length64 05:48:59.352590IPlocalhost>MysqL-master:ICMPechoreply,length64 05:49:00.353060IPMysqL-master>localhost:ICMPechorequest,seq4,length64 05:49:00.353433IPlocalhost>MysqL-master:ICMPechoreply,length64 05:49:01.353288IPMysqL-master>localhost:ICMPechorequest,seq5,length64 05:49:01.353503IPlocalhost>MysqL-master:ICMPechoreply,length64
说明:有正常的request包和reply,说明本机到10.10.10.2正常(request包),并且10.10.10.2到本机有回应(reply包)
[root@MysqL-master~]#ping-c5www.baidu.com PINGwww.a.shifen.com(61.135.169.125)56(84)bytesofdata. ---www.a.shifen.compingstatistics--- 5packetstransmitted,time14003ms [root@MysqL-master~]#tcpdump-ieth0icmp tcpdump:verboSEOutputsuppressed,capturesize65535bytes 05:53:27.820920IPMysqL-master>61.135.169.125:ICMPechorequest,id14370,length64 05:53:28.822483IPMysqL-master>61.135.169.125:ICMPechorequest,length64 05:53:29.823843IPMysqL-master>61.135.169.125:ICMPechorequest,length64 05:53:30.823290IPMysqL-master>61.135.169.125:ICMPechorequest,length64 05:53:31.823680IPMysqL-master>61.135.169.125:ICMPechorequest,length64 说明:发现有request包,表明本机到baidu的包,baidu是接收到的,可能是百度没响应(可能性不大)或者被公司防火墙阻断了
使用手机热点,共享给测试机使用
[root@MysqL-master~]#ping-c5www.baidu.com PINGwww.a.shifen.com(183.232.231.173)56(84)bytesofdata. 64bytesfrom183.232.231.173:icmp_seq=1ttl=128time=74.4ms 64bytesfrom183.232.231.173:icmp_seq=2ttl=128time=74.7ms 64bytesfrom183.232.231.173:icmp_seq=3ttl=128time=64.4ms 64bytesfrom183.232.231.173:icmp_seq=4ttl=128time=57.0ms 64bytesfrom183.232.231.173:icmp_seq=5ttl=128time=60.5ms ---www.a.shifen.compingstatistics--- 5packetstransmitted,time4065ms rttmin/avg/max/mdev=57.081/66.263/74.772/7.216ms [root@MysqL-master~]#tcpdump-ieth0icmp tcpdump:verboSEOutputsuppressed,capturesize65535bytes 05:58:31.031646IPMysqL-master>183.232.231.173:ICMPechorequest,id40226,length64 05:58:31.106104IP183.232.231.173>MysqL-master:ICMPechoreply,length64 05:58:32.032448IPMysqL-master>183.232.231.173:ICMPechorequest,length64 05:58:32.107194IP183.232.231.173>MysqL-master:ICMPechoreply,length64 05:58:33.034464IPMysqL-master>183.232.231.173:ICMPechorequest,length64 05:58:33.098846IP183.232.231.173>MysqL-master:ICMPechoreply,length64 05:58:34.035272IPMysqL-master>183.232.231.173:ICMPechorequest,length64 05:58:34.092322IP183.232.231.173>MysqL-master:ICMPechoreply,length64 05:58:35.036289IPMysqL-master>183.232.231.173:ICMPechorequest,length64 05:58:35.096837IP183.232.231.173>MysqL-master:ICMPechoreply,length64 说明:到baidu是有request和reply包,进出的包都是正常的
综合分析:应该是公司内部网络时对回来的网络包做了些限制,随后与网络工程师核对了下,的确在防火墙上做了些限制。
原文链接:https://www.f2er.com/centos/380207.html