很抓狂的问题

Yuri.G.

原帖由 baidu874 于 2010-1-13 10:05 发表


汗，，你确定？
那看来你的笔记本不是通过本地连接2上网的？

那你还是用tracert看看路由走向吧。

不是，我是说，我把手机断开了。

1. 
   
2. C:\Documents and Settings\Administrator>tracert [url]www.yurifamily.cn[/url]
   
3. 
   
4. Tracing route to [url]www.yurifamily.cn[/url] [123.196.114.70]
   
5. over a maximum of 30 hops:
   
6. 
   
7.   1    <1 ms    <1 ms    <1 ms  192.168.10.254
   
8.   2    13 ms    17 ms    53 ms  192.168.1.1
   
9.   3    25 ms    69 ms    79 ms  218.1.27.86
   
10.   4    33 ms    29 ms    30 ms  218.1.27.85
    
11.   5    25 ms    22 ms    43 ms  4ge2-ip-zb-012.online.sh.cn [218.1.4.69]
    
12.   6    24 ms    41 ms    41 ms  124.74.210.197
    
13.   7    59 ms   124 ms   109 ms  61.152.86.78
    
14.   8    63 ms   160 ms    59 ms  202.97.57.218
    
15.   9    64 ms    49 ms    56 ms  bj141-135-10.bjtelecom.net [219.141.135.10]
    
16. 10    86 ms    61 ms    71 ms  219.142.11.146
    
17. 11    45 ms    81 ms    45 ms  60.195.255.161
    
18. 12    67 ms    60 ms    62 ms  60.195.255.46
    
19. 13    63 ms    79 ms    51 ms  123.196.114.70
    
20. 
    
21. Trace complete.
    

复制代码

Yuri.G.

又开始了

1. 
   
2. Wednesday,13 Jan 2010 10:15:32 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2284->124.115.0.239:443 [Drop]
   
3. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2446->115.238.43.48:7709 [Drop]
   
4. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2438->65.54.52.254:1863 [Drop]
   
5. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2441->61.129.68.118:7709 [Drop]
   
6. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2440->61.129.68.116:7709 [Drop]
   
7. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2449->58.211.17.73:7709 [Drop]
   
8. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2448->58.211.17.72:7709 [Drop]
   
9. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2447->58.211.17.71:7709 [Drop]
   
10. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2452->61.129.68.124:443 [Drop]
    
11. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2450->58.211.17.75:7709 [Drop]
    
12. Wednesday,13 Jan 2010 10:17:27 [IP Spoofing](TCP) LAN to WAN 192.168.10.252:2445->115.238.43.47:7709 [Drop]
    
13. Wednesday,13 Jan 2010 10:18:44 Authentication successful for admin from 192.168.1.3
    

复制代码

Yuri.G.

1. 
   
2. root@F35:~# tcpdump -i wlan1 -p tcp port 80
   
3. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
   
4. listening on wlan1, link-type EN10MB (Ethernet), capture size 96 bytes
   
5. 10:21:41.220332 IP 192.168.1.3.2614 > 221.130.44.195.http: Flags [S], seq 841016939, win 65535, options [mss 1460,nop,nop,sackOK], length 0
   
6. 10:21:41.372747 IP 221.130.44.195.http > 192.168.1.3.2614: Flags [S.], seq 2829528889, ack 841016940, win 16384, options [mss 1380,nop,nop,sackOK], length 0
   
7. 10:21:41.373247 IP 192.168.1.3.2614 > 221.130.44.195.http: Flags [.], ack 1, win 65535, length 0
   
8. 10:21:41.373352 IP 192.168.1.3.2614 > 221.130.44.195.http: Flags [P.], ack 1, win 65535, length 304
   
9. 10:21:41.566818 IP 221.130.44.195.http > 192.168.1.3.2614: Flags [P.], ack 305, win 65231, length 369
   
10. 10:21:41.567729 IP 192.168.1.3.2614 > 221.130.44.195.http: Flags [P.], ack 370, win 65166, length 280
    
11. 10:21:41.755768 IP 221.130.44.195.http > 192.168.1.3.2614: Flags [P.], ack 585, win 64951, length 390
    
12. 10:21:41.756664 IP 192.168.1.3.2614 > 221.130.44.195.http: Flags [P.], ack 760, win 64776, length 280
    
13. 10:21:41.931710 IP 221.130.44.195.http > 192.168.1.3.2614: Flags [P.], ack 865, win 64671, length 178
    
14. 10:21:42.038678 IP 192.168.1.3.2614 > 221.130.44.195.http: Flags [.], ack 938, win 64598, length 0
    
15. 10:21:55.846129 IP 192.168.1.3.2616 > [url]www.linux.org.http:[/url] Flags [S], seq 3761315857, win 65535, options [mss 1460,nop,nop,sackOK], length 0
    
16. 10:21:56.159477 IP [url]www.linux.org.http[/url] > 192.168.1.3.2616: Flags [S.], seq 2457011863, ack 3761315858, win 5840, options [mss 1452,nop,nop,sackOK], length 0
    
17. 10:21:56.160052 IP 192.168.1.3.2616 > [url]www.linux.org.http:[/url] Flags [.], ack 1, win 65535, length 0
    
18. 10:21:56.160176 IP 192.168.1.3.2616 > [url]www.linux.org.http:[/url] Flags [P.], ack 1, win 65535, length 384
    
19. 10:21:56.493424 IP [url]www.linux.org.http[/url] > 192.168.1.3.2616: Flags [.], ack 385, win 6432, length 0
    
20. 10:21:56.675711 IP [url]www.linux.org.http[/url] > 192.168.1.3.2616: Flags [.], ack 385, win 6432, length 1452
    
21. 10:21:56.696567 IP 192.168.1.3.2617 > [url]www.linux.org.http:[/url] Flags [S], seq 1815508676, win 65535, options [mss 1460,nop,nop,sackOK], length 0
    

复制代码

也看不出什么不正常的数据呀

Yuri.G.

你看看这个,我等半天才听到一个

1. 
   
2. root@F35:~# tcpdump -i wlan1 host 192.168.10.252
   
3. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
   
4. listening on wlan1, link-type EN10MB (Ethernet), capture size 96 bytes
   
5. 10:31:58.684216 IP 192.168.10.252.cvspserver > 114.80.180.13.http: Flags [R.], seq 420642875, ack 3998223560, win 0, length 0
   

复制代码

Yuri.G.

原帖由 baidu874 于 2010-1-13 10:29 发表
Netgear上有几个接口？
Lan口是不是一个交换端口？上面除了用无线连接F35之外，还连接了什么设备？
在Netgear上收到来自192.168.10.252的数据包肯定是不应该的，现在得找找原因，看这个数据包是怎么送到Netge ...

Netgear上有交换口，但仅仅也只是PC客户端而已

Yuri.G.

又有几个，是我关闭SSH客户端与服务器连接的时候出现的。

1. 
   
2. root@F35:~# tcpdump -i wlan1 host 192.168.10.252 -vv
   
3. tcpdump: listening on wlan1, link-type EN10MB (Ethernet), capture size 96 bytes
   
4. 10:41:56.176763 IP (tos 0x0, ttl 127, id 28504, offset 0, flags [DF], proto TCP (6), length 40)
   
5.     192.168.10.252.2214 > 123.196.114.78.22: Flags [F.], cksum 0x7828 (correct), seq 3285791838, ack 3901198880, win 65535, length 0
   
6. 10:41:59.030017 IP (tos 0x0, ttl 127, id 28506, offset 0, flags [DF], proto TCP (6), length 40)
   
7.     192.168.10.252.2214 > 123.196.114.78.22: Flags [F.], cksum 0x7828 (correct), seq 0, ack 1, win 65535, length 0
   
8. 10:42:05.065139 IP (tos 0x0, ttl 127, id 28514, offset 0, flags [DF], proto TCP (6), length 40)
   
9.     192.168.10.252.2214 > 123.196.114.78.22: Flags [F.], cksum 0x7828 (correct), seq 0, ack 1, win 65535, length 0
   
10. 10:42:17.034933 IP (tos 0x0, ttl 127, id 28528, offset 0, flags [DF], proto TCP (6), length 40)
    
11.     192.168.10.252.2214 > 123.196.114.78.22: Flags [F.], cksum 0x7828 (correct), seq 0, ack 1, win 65535, length 0
    

复制代码

Yuri.G.

原帖由 baidu874 于 2010-1-13 10:48 发表
我觉得可能是F35对无线网卡的支持不好造成的。

你能不能配置Netgear？如果可以，你在Netgear上增加静态路由，类似下面的格式
route add 192.168.10.0/24 gw 192.168.1.3
也就是说，用F35来当一台路由器，完 ...

你是说支持不好，他就不NAT直接扔出去了是么？
Netgear上可以做静态路由，但是没法做两个网段的NAT，只能填写一个内网网段，其余的肯定会是IP Spoofing
只能填一个网段，或者把掩码改掉，把网改大也行，但那样做达不到我的预想效果，我要把我的笔记本之类的完全隐藏在1.3这个IP里头，因为不只是这一个笔记本，还有其他弱设备，比如手机的wlan也会连到F35上去走NAT出去。

其次这是一个问题，就是F35他怎么就不NAT出去了，那不是暴露目标了么，吃里扒外

[ 本帖最后由 Yuri.G. 于 2010-1-13 10:55 编辑 ]