嘿嘿!
全部博文(140)
分类: 系统运维
2006-06-07 14:50:37
我们先用上海的ADSL上网google.com的抓包结果
经过抓包分析如下:
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.130 211.167.97.67 DNS Standard query A
Frame 1 (74 bytes on wire, 74 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 211.167.97.67 (211.167.97.67)
User Datagram Protocol, Src Port: 1032 (1032), Dst Port: domain (53)
Domain Name System (query)
Transaction ID: 0x129e
Flags: 0x0100 (Standard query)
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
No. Time Source Destination Protocol Info
2 0.017234 211.167.97.67 192.168.1.130 DNS Standard query response CNAME CNAME www-china.l.google.com A 66.249.89.99
Frame 2 (326 bytes on wire, 326 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 211.167.97.67 (211.167.97.67), Dst: 192.168.1.130 (192.168.1.130)
User Datagram Protocol, Src Port: domain (53), Dst Port: 1032 (1032)
Domain Name System (response)
Transaction ID: 0x129e
Flags: 0x8180 (Standard query response, No error)
Questions: 1
Answer RRs: 3
Authority RRs: 6
Additional RRs: 6
Queries
Answers
: type CNAME, class IN, cname
: type CNAME, class IN, cname www-china.l.google.com
www-china.l.google.com: type A, class IN, addr 66.249.89.99
Authoritative nameservers
l.google.com: type NS, class IN, ns d.l.google.com
l.google.com: type NS, class IN, ns e.l.google.com
l.google.com: type NS, class IN, ns g.l.google.com
l.google.com: type NS, class IN, ns a.l.google.com
l.google.com: type NS, class IN, ns b.l.google.com
l.google.com: type NS, class IN, ns c.l.google.com (DNS解析)
Additional records
a.l.google.com: type A, class IN, addr 216.239.53.9
b.l.google.com: type A, class IN, addr 64.233.179.9
c.l.google.com: type A, class IN, addr 64.233.161.9
d.l.google.com: type A, class IN, addr 64.233.183.9
e.l.google.com: type A, class IN, addr 66.102.11.9
g.l.google.com: type A, class IN, addr 64.233.167.9
No. Time Source Destination Protocol Info
3 0.019949 192.168.1.130 66.249.89.99 TCP 2206 > http [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460
Frame 3 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2206 (2206), Dst Port: http (80), Seq: 0, Ack: 0, Len: 0
Source port: 2206 (2206)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 16384
Checksum: 0xce57 [correct]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
No. Time Source Destination Protocol Info
4 0.066689 66.249.89.99 192.168.1.130 TCP http > 2206 [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1452
Frame 4 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 2206 (2206)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x0012 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 8190
Checksum: 0xdf99 [correct]
Options: (4 bytes)
Maximum segment size: 1452 bytes
SEQ/ACK analysis
This is an ACK to the segment in frame: 3
The RTT to ACK the segment was: 0.046740000 seconds
No. Time Source Destination Protocol Info
5 0.066766 192.168.1.130 66.249.89.99 TCP 2206 > http [ACK] Seq=1 Ack=1 Win=17424 Len=0
Frame 5 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2206 (2206), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 2206 (2206)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17424
Checksum: 0xd33c [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 4
The RTT to ACK the segment was: 0.000077000 seconds
No. Time Source Destination Protocol Info
6 0.067017 192.168.1.130 66.249.89.99 HTTP GET / HTTP/1.1
Frame 6 (536 bytes on wire, 536 bytes captured)
Ethernet II, Src: Clevo_34:03:8d (00:90:f5:34:03:8d), Dst: ThomsonT_01:20:e5 (00:0e:50:01:20:e5)
Internet Protocol, Src: 192.168.1.130 (192.168.1.130), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2206 (2206), Dst Port: http (80), Seq: 1, Ack: 1, Len: 482
Source port: 2206 (2206)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 483 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17424
Checksum: 0xd5f3 [correct]
Hypertext Transfer Protocol
GET / HTTP/1.1\r\n
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\n
Accept-Language: zh-cn\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322)\r\n
Host: \r\n
Connection: Keep-Alive\r\n
Cookie: PREF=ID=3b46059cf941bd85:TB=2:NW=1:TM=1148016147:LM=1148016147:S=fOuHTWu8ej4GLCWr\r\n
\r\n
No. Time Source Destination Protocol Info
7 0.097908 66.249.89.99 192.168.1.130 TCP http > 2206 [RST] Seq=1 Ack=1 Win=0 Len=0
Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 1, Len: 0
Source port: http (80)
Destination port: 2206 (2206)
Sequence number: 1 (relative sequence number)
Header length: 20 bytes
Flags: 0x0004 (RST)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0x1759 [correct]
SEQ/ACK analysis
No. Time Source Destination Protocol Info
8 0.101113 66.249.89.99 192.168.1.130 TCP http > 2206 [RST] Seq=1 Ack=483 Win=0 Len=0
Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 483, Len: 0
Source port: http (80)
Destination port: 2206 (2206)
Sequence number: 1 (relative sequence number)
Header length: 20 bytes
Flags: 0x0004 (RST)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0x1577 [correct]
就是这个RST(Reset)的数据包导致了浏览google.com出错。Flags定义为了RST。过了五分钟后,google.com就会浏览正常了。但是只要填写goverment敏感的词汇,google.com会过滤并且出错界面到客户端浏览器的,但是还有人发现不是google.com发的数据包,而是ISP伪造消息包发给了用户端浏览器。
No. Time Source Destination Protocol Info
9 0.121012 66.249.89.99 192.168.1.130 TCP http > 2206 [ACK] Seq=1 Ack=483 Win=7708 Len=0
Frame 9 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 483, Len: 0
Source port: http (80)
Destination port: 2206 (2206)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 7708
Checksum: 0xf74e [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 6
The RTT to ACK the segment was: 0.053995000 seconds
No. Time Source Destination Protocol Info
10 0.122453 66.249.89.99 192.168.1.130 TCP [TCP Window Update] http > 2206 [ACK] Seq=1 Ack=483 Win=6432 Len=0
Frame 10 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: ThomsonT_01:20:e5 (00:0e:50:01:20:e5), Dst: Clevo_34:03:8d (00:90:f5:34:03:8d)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 192.168.1.130 (192.168.1.130)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2206 (2206), Seq: 1, Ack: 483, Len: 0
Source port: http (80)
Destination port: 2206 (2206)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0xfc4a [correct]
SEQ/ACK analysis
TCP Analysis Flags
This is a tcp window update
下面的是我VPN到日本服务器的抓包结果,摘抄如下
No. Time Source Destination Protocol Info
20 1.663086 10.0.100.202 66.249.89.99 TCP 2334 > http [ACK] Seq=435 Ack=128 Win=17553 Len=0
Frame 20 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 01:00:01:00:00:00 (01:00:01:00:00:00), Dst: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00)
Internet Protocol, Src: 10.0.100.202 (10.0.100.202), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2334 (2334), Dst Port: http (80), Seq: 435, Ack: 128, Len: 0
Source port: 2334 (2334)
Destination port: http (80)
Sequence number: 435 (relative sequence number)
Acknowledgement number: 128 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17553
Checksum: 0x4036 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 19
The RTT to ACK the segment was: 0.178711000 seconds
No. Time Source Destination Protocol Info
21 13.962890 10.0.100.202 66.249.89.99 HTTP GET /search?hl=zh-CN&q=%E6%AF%9B%E6%B3%BD%E4%B8%9C&btnG=Google+%E6%90%9C%E7%B4%A2&lr= HTTP/1.1
Frame 21 (649 bytes on wire, 649 bytes captured)
Ethernet II, Src: 01:00:01:00:00:00 (01:00:01:00:00:00), Dst: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00)
Internet Protocol, Src: 10.0.100.202 (10.0.100.202), Dst: 66.249.89.99 (66.249.89.99)
Transmission Control Protocol, Src Port: 2333 (2333), Dst Port: http (80), Seq: 322, Ack: 1949, Len: 595
Source port: 2333 (2333)
Destination port: http (80)
Sequence number: 322 (relative sequence number)
Next sequence number: 917 (relative sequence number)
Acknowledgement number: 1949 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17680
Checksum: 0xf576 [correct]
Hypertext Transfer Protocol
GET /search?hl=zh-CN&q=%E6%AF%9B%E6%B3%BD%E4%B8%9C&btnG=Google+%E6%90%9C%E7%B4%A2&lr= HTTP/1.1\r\n
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\n
Referer: http:///\r\n
Accept-Language: zh-cn\r\n
Accept-Encoding: gzip, deflate\r\n
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; .NET CLR 1.1.4322)\r\n
Host: \r\n
Connection: Keep-Alive\r\n
Cookie: PREF=ID=3b46059cf941bd85:TB=2:NW=1:TM=1148016147:LM=1148016147:S=fOuHTWu8ej4GLCWr\r\n
\r\n
No. Time Source Destination Protocol Info
22 14.082031 66.249.89.99 10.0.100.202 TCP http > 2333 [ACK] Seq=1949 Ack=917 Win=7595 Len=0
Frame 22 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 1949, Ack: 917, Len: 0
Source port: http (80)
Destination port: 2333 (2333)
Sequence number: 1949 (relative sequence number)
Acknowledgement number: 917 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 7595
Checksum: 0xa658 [correct]
SEQ/ACK analysis
This is an ACK to the segment in frame: 21
The RTT to ACK the segment was: 0.119141000 seconds
No. Time Source Destination Protocol Info
23 14.083984 66.249.89.99 10.0.100.202 TCP [TCP Window Update] http > 2333 [ACK] Seq=1949 Ack=917 Win=6853 Len=0
Frame 23 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 1949, Ack: 917, Len: 0
Source port: http (80)
Destination port: 2333 (2333)
Sequence number: 1949 (relative sequence number)
Acknowledgement number: 917 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6853
Checksum: 0xa93e [correct]
SEQ/ACK analysis
TCP Analysis Flags
This is a tcp window update
No. Time Source Destination Protocol Info
24 14.321289 66.249.89.99 10.0.100.202 TCP [TCP segment of a reassembled PDU]
Frame 24 (1414 bytes on wire, 1414 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 1949, Ack: 917, Len: 1360
Source port: http (80)
Destination port: 2333 (2333)
Sequence number: 1949 (relative sequence number)
Next sequence number: 3309 (relative sequence number)
Acknowledgement number: 917 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6853
Checksum: 0x1dd2 [correct]
Reassembled PDU in frame: 30
TCP segment data (1360 bytes)
No. Time Source Destination Protocol Info
25 14.337890 66.249.89.99 10.0.100.202 TCP [TCP segment of a reassembled PDU]
Frame 25 (1040 bytes on wire, 1040 bytes captured)
Ethernet II, Src: 2e:1a:20:00:01:00 (2e:1a:20:00:01:00), Dst: 01:00:01:00:00:00 (01:00:01:00:00:00)
Internet Protocol, Src: 66.249.89.99 (66.249.89.99), Dst: 10.0.100.202 (10.0.100.202)
Transmission Control Protocol, Src Port: http (80), Dst Port: 2333 (2333), Seq: 3309, Ack: 917, Len: 986
Source port: http (80)
Destination port: 2333 (2333)
Sequence number: 3309 (relative sequence number)
Next sequence number: 4295 (relative sequence number)
Acknowledgement number: 917 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Ech Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6853
Checksum: 0xf8ec [correct]
Reassembled PDU in frame: 30
TCP segment data (986 bytes)
在这些包中,并没有看到RST的封包,而且搜索毛泽东关键字符串可以正常浏览。
一:通过google.com去访问的任何字符串,其实都是通过了当地的ISP管理服务器过滤。也就是说,网警时时刻刻都是可以监视到的。哪个IP在找什么资料。
二:如果搜索关键字符串在ISP管理服务器的不允许范围内,该服务器会伪造IP数据包,其中包含了RST包内容来拒绝客户端浏览到该资料。而且限定了该客户端5分钟之内无法浏览。也就是说假如一个NAT设备下面有100个客户端上google.com,其中一个人因为搜索了不该搜索的内容而被过滤,那么这些100台客户端5分钟之内都无法上。
三:google.com并没有过滤敏感字符串,我通过VPN连接到日本搜索毛泽东可以查询到相关资料。
VPN本身带有加密功能。我所有做的都是通过VPN加密数据到了日本,所以上海当地ISP无法检测出来我搜索的数据是什么。也就无法发RST给客户端了。
四:综上所述,当地ISP在监视而且搞鬼,google.com没有错。
