Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1372294
  • 博文数量: 140
  • 博客积分: 8518
  • 博客等级: 中将
  • 技术积分: 1822
  • 用 户 组: 普通用户
  • 注册时间: 2005-03-01 22:23
个人简介

嘿嘿!

文章分类
文章存档

2016年(2)

2015年(5)

2014年(6)

2013年(11)

2012年(11)

2011年(3)

2010年(4)

2009年(4)

2008年(8)

2007年(23)

2006年(26)

2005年(37)

分类: 系统运维

2006-06-07 14:50:37

我们先用上海的ADSL上网google.com的抓包结果


经过抓包分析如下:


No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.1.130         211.167.97.67         DNS      Standard query A


Frame 1 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 211.167.97.67 (211.167.97.67)
User Datagram Protocol, Src Port: 1032 (1032), Dst Port: domain (53)
Domain Name System (query)
    Transaction ID: 0x129e
    Flags: 0x0100 (Standard query)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries


No.     Time        Source                Destination           Protocol Info
      2 0.017234    211.167.97.67         192.168.1.130         DNS      Standard query response CNAME CNAME www-china.l.google.com A 66.249.89.99


Frame 2 (326 bytes on wire, 326 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 211.167.97.67 (211.167.97.67), Dst: 192.168.1.130 (192.168.1.130)
User Datagram Protocol, Src Port: domain (53), Dst Port: 1032 (1032)
Domain Name System (response)
    Transaction ID: 0x129e
    Flags: 0x8180 (Standard query response, No error)
    Questions: 1
    Answer RRs: 3
    Authority RRs: 6
    Additional RRs: 6
    Queries
    Answers
        : type CNAME, class IN, cname
        : type CNAME, class IN, cname www-china.l.google.com
        www-china.l.google.com: type A, class IN, addr 66.249.89.99
    Authoritative nameservers
        l.google.com: type NS, class IN, ns d.l.google.com
        l.google.com: type NS, class IN, ns e.l.google.com
        l.google.com: type NS, class IN, ns g.l.google.com
        l.google.com: type NS, class IN, ns a.l.google.com
        l.google.com: type NS, class IN, ns b.l.google.com
        l.google.com: type NS, class IN, ns c.l.google.com     (DNS解析)
    Additional records
        a.l.google.com: type A, class IN, addr 216.239.53.9
        b.l.google.com: type A, class IN, addr 64.233.179.9
        c.l.google.com: type A, class IN, addr 64.233.161.9
        d.l.google.com: type A, class IN, addr 64.233.183.9
        e.l.google.com: type A, class IN, addr 66.102.11.9
        g.l.google.com: type A, class IN, addr 64.233.167.9


No.     Time        Source                Destination           Protocol Info
      3 0.019949    192.168.1.130         66.249.89.99          TCP      2206 > http [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460


Frame 3 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2206 (2206), Dst Port: http (80), Seq: 0, Ack: 0, Len: 0
    Source port: 2206 (2206)
    Destination port: http (80)
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x0002 (SYN)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...0 .... = Acknowledgment: Not set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
        .... ...0 = Fin: Not set
    Window size: 16384
    Checksum: 0xce57 [correct]
    Options: (8 bytes)
        Maximum segment size: 1460 bytes
        NOP
        NOP
        SACK permitted


No.     Time        Source                Destination           Protocol Info
      4 0.066689    66.249.89.99          192.168.1.130         TCP      http > 2206 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1452


Frame 4 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: 2206 (2206)
    Sequence number: 0    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 24 bytes
    Flags: 0x0012 (SYN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
        .... ...0 = Fin: Not set
    Window size: 8190
    Checksum: 0xdf99 [correct]
    Options: (4 bytes)
        Maximum segment size: 1452 bytes
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 3
        The RTT to ACK the segment was: 0.046740000 seconds


No.     Time        Source                Destination           Protocol Info
      5 0.066766    192.168.1.130         66.249.89.99          TCP      2206 > http [ACK] Seq=1 Ack=1 Win=17424 Len=0


Frame 5 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2206 (2206), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
    Source port: 2206 (2206)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 17424
    Checksum: 0xd33c [correct]
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 4
        The RTT to ACK the segment was: 0.000077000 seconds


No.     Time        Source                Destination           Protocol Info
      6 0.067017    192.168.1.130         66.249.89.99          HTTP     GET / HTTP/1.1


Frame 6 (536 bytes on wire, 536 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2206 (2206), Dst Port: http (80), Seq: 1, Ack: 1, Len: 482
    Source port: 2206 (2206)
    Destination port: http (80)
    Sequence number: 1    (relative sequence number)
    Next sequence number: 483    (relative sequence number)
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 17424
    Checksum: 0xd5f3 [correct]
Hypertext Transfer Protocol
    GET / HTTP/1.1\r\n
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\n
    Accept-Language: zh-cn\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322)\r\n
    Host: \r\n
    Connection: Keep-Alive\r\n
    Cookie: PREF=ID=3b46059cf941bd85:TB=2:NW=1:TM=1148016147:LM=1148016147:S=fOuHTWu8ej4GLCWr\r\n
    \r\n


No.     Time        Source                Destination           Protocol Info
      7 0.097908    66.249.89.99          192.168.1.130         TCP      http > 2206 [RST] Seq=1 Ack=1 Win=0 Len=0


Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: 2206 (2206)
    Sequence number: 1    (relative sequence number)
    Header length: 20 bytes
    Flags: 0x0004 (RST)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...0 .... = Acknowledgment: Not set
        .... 0... = Push: Not set
        .... .1.. = Reset: Set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 0
    Checksum: 0x1759 [correct]
    SEQ/ACK analysis


No.     Time        Source                Destination           Protocol Info
      8 0.101113    66.249.89.99          192.168.1.130         TCP      http > 2206 [RST] Seq=1 Ack=483 Win=0 Len=0


Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 483, Len: 0
    Source port: http (80)
    Destination port: 2206 (2206)
    Sequence number: 1    (relative sequence number)
    Header length: 20 bytes
    Flags: 0x0004 (RST)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...0 .... = Acknowledgment: Not set
        .... 0... = Push: Not set
        .... .1.. = Reset: Set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 0
    Checksum: 0x1577 [correct]


就是这个RST(Reset)的数据包导致了浏览google.com出错。Flags定义为了RST。过了五分钟后,google.com就会浏览正常了。但是只要填写goverment敏感的词汇,google.com会过滤并且出错界面到客户端浏览器的,但是还有人发现不是google.com发的数据包,而是ISP伪造消息包发给了用户端浏览器。


No.     Time        Source                Destination           Protocol Info
      9 0.121012    66.249.89.99          192.168.1.130         TCP      http > 2206 [ACK] Seq=1 Ack=483 Win=7708 Len=0


Frame 9 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 483, Len: 0
    Source port: http (80)
    Destination port: 2206 (2206)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 483    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 7708
    Checksum: 0xf74e [correct]
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 6
        The RTT to ACK the segment was: 0.053995000 seconds


No.     Time        Source                Destination           Protocol Info
     10 0.122453    66.249.89.99          192.168.1.130         TCP      [TCP Window Update] http > 2206 [ACK] Seq=1 Ack=483 Win=6432 Len=0


Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 483, Len: 0
    Source port: http (80)
    Destination port: 2206 (2206)
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 483    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6432
    Checksum: 0xfc4a [correct]
    SEQ/ACK analysis
        TCP Analysis Flags
            This is a tcp window update

下面的是我VPN到日本服务器的抓包结果,摘抄如下

No.     Time        Source                Destination           Protocol Info
     20 1.663086    10.0.100.202          66.249.89.99          TCP      2334 > http [ACK] Seq=435 Ack=128 Win=17553 Len=0

Frame 20 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 01:00:01:00:00:00 (01:00:01:00:00:00), Dst: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00)
Internet Protocol, Src: 10.0.100.202 (10.0.100.202), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2334 (2334), Dst Port: http (80), Seq: 435, Ack: 128, Len: 0
    Source port: 2334 (2334)
    Destination port: http (80)
    Sequence number: 435    (relative sequence number)
    Acknowledgement number: 128    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 17553
    Checksum: 0x4036 [correct]
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 19
        The RTT to ACK the segment was: 0.178711000 seconds

No.     Time        Source                Destination           Protocol Info
     21 13.962890   10.0.100.202          66.249.89.99          HTTP     GET /search?hl=zh-CN&q=%E6%AF%9B%E6%B3%BD%E4%B8%9C&btnG=Google+%E6%90%9C%E7%B4%A2&lr= HTTP/1.1

Frame 21 (649 bytes on wire, 649 bytes captured)
Ethernet II, Src: 01:00:01:00:00:00 (01:00:01:00:00:00), Dst: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00)
Internet Protocol, Src: 10.0.100.202 (10.0.100.202), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2333 (2333), Dst Port: http (80), Seq: 322, Ack: 1949, Len: 595
    Source port: 2333 (2333)
    Destination port: http (80)
    Sequence number: 322    (relative sequence number)
    Next sequence number: 917    (relative sequence number)
    Acknowledgement number: 1949    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 17680
    Checksum: 0xf576 [correct]
Hypertext Transfer Protocol
    GET /search?hl=zh-CN&q=%E6%AF%9B%E6%B3%BD%E4%B8%9C&btnG=Google+%E6%90%9C%E7%B4%A2&lr= HTTP/1.1\r\n
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\n
    Referer: http:///\r\n
    Accept-Language: zh-cn\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322)\r\n
    Host: \r\n
    Connection: Keep-Alive\r\n
    Cookie: PREF=ID=3b46059cf941bd85:TB=2:NW=1:TM=1148016147:LM=1148016147:S=fOuHTWu8ej4GLCWr\r\n
    \r\n

No.     Time        Source                Destination           Protocol Info
     22 14.082031   66.249.89.99          10.0.100.202          TCP      http > 2333 [ACK] Seq=1949 Ack=917 Win=7595 Len=0

Frame 22 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 1949, Ack: 917, Len: 0
    Source port: http (80)
    Destination port: 2333 (2333)
    Sequence number: 1949    (relative sequence number)
    Acknowledgement number: 917    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 7595
    Checksum: 0xa658 [correct]
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 21
        The RTT to ACK the segment was: 0.119141000 seconds

No.     Time        Source                Destination           Protocol Info
     23 14.083984   66.249.89.99          10.0.100.202          TCP      [TCP Window Update] http > 2333 [ACK] Seq=1949 Ack=917 Win=6853 Len=0

Frame 23 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 1949, Ack: 917, Len: 0
    Source port: http (80)
    Destination port: 2333 (2333)
    Sequence number: 1949    (relative sequence number)
    Acknowledgement number: 917    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6853
    Checksum: 0xa93e [correct]
    SEQ/ACK analysis
        TCP Analysis Flags
            This is a tcp window update

No.     Time        Source                Destination           Protocol Info
     24 14.321289   66.249.89.99          10.0.100.202          TCP      [TCP segment of a reassembled PDU]

Frame 24 (1414 bytes on wire, 1414 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 1949, Ack: 917, Len: 1360
    Source port: http (80)
    Destination port: 2333 (2333)
    Sequence number: 1949    (relative sequence number)
    Next sequence number: 3309    (relative sequence number)
    Acknowledgement number: 917    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6853
    Checksum: 0x1dd2 [correct]
    Reassembled PDU in frame: 30
    TCP segment data (1360 bytes)

No.     Time        Source                Destination           Protocol Info
     25 14.337890   66.249.89.99          10.0.100.202          TCP      [TCP segment of a reassembled PDU]

Frame 25 (1040 bytes on wire, 1040 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 3309, Ack: 917, Len: 986
    Source port: http (80)
    Destination port: 2333 (2333)
    Sequence number: 3309    (relative sequence number)
    Next sequence number: 4295    (relative sequence number)
    Acknowledgement number: 917    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Ech Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6853
    Checksum: 0xf8ec [correct]
    Reassembled PDU in frame: 30
    TCP segment data (986 bytes)
在这些包中,并没有看到RST的封包,而且搜索毛泽东关键字符串可以正常浏览。

一:通过google.com去访问的任何字符串,其实都是通过了当地的ISP管理服务器过滤。也就是说,网警时时刻刻都是可以监视到的。哪个IP在找什么资料。

二:如果搜索关键字符串在ISP管理服务器的不允许范围内,该服务器会伪造IP数据包,其中包含了RST包内容来拒绝客户端浏览到该资料。而且限定了该客户端5分钟之内无法浏览。也就是说假如一个NAT设备下面有100个客户端上google.com,其中一个人因为搜索了不该搜索的内容而被过滤,那么这些100台客户端5分钟之内都无法上。

三:google.com并没有过滤敏感字符串,我通过VPN连接到日本搜索毛泽东可以查询到相关资料。

       VPN本身带有加密功能。我所有做的都是通过VPN加密数据到了日本,所以上海当地ISP无法检测出来我搜索的数据是什么。也就无法发RST给客户端了。

四:综上所述,当地ISP在监视而且搞鬼,google.com没有错。

阅读(10309) | 评论(2) | 转发(0) |
给主人留下些什么吧!~~

chinaunix网友2009-10-02 18:23:36

讨厌,Google在中国真受罪~为他喊冤~!

chinaunix网友2008-03-13 20:43:54

中国墙真可恶