Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

试验:利用 dummy socket去掉 iptables依赖 #11

Open
linhua55 opened this issue Jul 11, 2017 · 12 comments
Open

试验:利用 dummy socket去掉 iptables依赖 #11

linhua55 opened this issue Jul 11, 2017 · 12 comments
Labels
enhancement

Comments

@linhua55
Copy link
Owner

linhua55 commented Jul 11, 2017
edited
Loading

去掉iptables依赖,可以在 docker(如樱花)中运行

需要修改LKL, lkl不进行三次握手,本地内核进行三次握手。 但是本地内核不处理数据,由LKL处理数据
出自: https://stackoverflow.com/questions/31762305/prevent-kernel-from-processing-tcp-segments-bound-to-a-raw-socket

TODO:

  1. 先用WireShark查看, RST原因,究竟是LKL发的,还是本地内核发的
    https://groups.google.com/forum/#!topic/bbr-dev/Nb4a1FPLkJo
@i258559
Copy link

i258559 commented Jul 13, 2017

支持大佬,期待好消息(//∇//)\

@linhua55 linhua55 mentioned this issue Aug 13, 2017
Open
@mclovin-2k
Copy link

膜拜大佬

@wangyu-
Copy link

wangyu- commented Sep 18, 2017

我在udp2raw中尝试了简单的dummy socket。没有实现你的让这个dummy socket负责握手的想法。

我只是开了一个dummy socket,bind,listen,然后放在那里不管了。

添加dummy socket以后:在server端,不添加iptables也不会产生rst,在docker中可以运行;稳定性有待考证。在client端不行,可能得实现你说的dummy socket负责握手
==补充==
我实现的是这个链接里的方法(以前你给我的链接):
https://stackoverflow.com/questions/31762305/prevent-kernel-from-processing-tcp-segments-bound-to-a-raw-socket

As suggested in the comments, you might also create a dummy TCP socket bound to the same port and address where you just receive and discard the messages. That way the kernel won't send RST replies, and you don't need to mess with iptables.

也就是:开一个dummy socket,放在那里不管。

至于为什么只有server端好使,client端不好使,我猜是这个原因:client是主动连接对方的(发送syn 等待syn ack),而bind listen产生的socket是被动的等待连接的(等待syn)。

@linhua55
Copy link
Owner Author

linhua55 commented Sep 18, 2017
edited
Loading

@wangyu-

没有实现你的让这个dummy socket负责握手的想法

这个是内核实现的,不需要在用户态手动实现,只要在用户态设置好socket就行了, 但既然dummy socket进行握手了,那么你就不能在代码里手动实现握手。 这两个会冲突,导致client端发送RST。

这时 自己的程序 相当于 一个旁路窃听器, 窃听dummy socket和client端的通信。 只是dummy socket除了握手等协商阶段发送数据,其余时间不发送数据,而是由自己的程序 发送(注入)数据。不过不知道对注入的数据(主要是IP头部数据) 有没有要求(如序号的连续性,不然会导致client端发送RST?),还有何时开始注入数据(连接建立后?),何时结束(连接关闭?)。

https://zhangbinalan.gitbooks.io/protocol/content/tcpde_rst.html

@wangyu-
Copy link

wangyu- commented Sep 18, 2017

这个是内核实现的,不需要用户手动实现

是的。但是问题是怎么和这个dummy socket无缝配合,完全实现你说的功能,貌似还是得额外写很多代码得。

但既然dummy socket进行握手了,那么你就不能在代码里手动实现握手。 这两个会冲突,导致client端发送RST。

从实测看来,在server端,这个没有产生问题。 在client端不行。

不过不知道对注入的数据 有没有要求(如序号的连续性,不然会导致client端发送RST?)

有的环境下对序号的连续性有要求,比如网络穿过了Iptables的SNAT和DNAT,这个会跟踪序号,不连续的序号会导致序号跟踪失效(卡在某个序号),还有如果发送的序号超出了对方的receive windows会被丢掉。

如果做的好的话,应该可以克服这个问题,只是要再写一些代码。。。

开一个dummy socket然后不管了这个方法不完美,不过在docker上运行server这个目的暂时是达到了。

@linhua55
Copy link
Owner Author

linhua55 commented Sep 18, 2017
edited
Loading

需要 跟踪(connection tracking) 连接(dummy socket和client建立的)的状态,根据状态,决定何时发送、停止发送数据,IP头部怎么写。 不过有时可能需要 主动用dummy socket对client发起连接(?)

至于为什么只有server端好使,client端不好使,我猜是这个原因:client是主动连接对方的(发送syn 等待syn ack),而bind listen产生的socket是被动的等待连接的(等待syn)。

对,因为client是先发送的,而且第一次发送的SYN是正常的数据包,server端内核没有产生RST(自己的代码不会产生RST),然后server进行响应发送的数据包不对,所以应该是client先产生RST,既然client产生RST了,server端就不会产生了。 在client端屏蔽掉输入后,server也不会产生RST,这可能是你client端代码写的比较好。 你client是在输入端屏蔽输入,还是输出端屏蔽RST的? 应该是输入吧

@wangyu-
Copy link

wangyu- commented Sep 18, 2017

对,因为client是先发送的,而且第一次发送的SYN是正常的数据包,server端内核没有产生RST(自己的代码不会产生RST),然后server进行响应发送的数据包不对,所以应该是client先产生RST,既然client产生RST了,server端就不会产生了

如果client和server都用dummy socket的话,两边都会产生RST。貌似应该是client先产生RST,然后server那边也产生了。

如果client用iptables,server用dummy socket的话,目前看来没有问题,可以一直用,两边都不会产生RST。

一般来说,client不用运行在docker上,即使运行在docker上了,用户也对docker的宿主机有控制权,iptables可以在宿主机上添加。

@linhua55
Copy link
Owner Author

嗯,这个可以测试一下
测试时,需要在两边同时抓包。 如果用packet(/raw) socket进行发送和接收的话,用tcpdump或wireshark不能抓到发送出去的包,可以抓到接收到的包

@wangyu-
Copy link

wangyu- commented Sep 18, 2017
edited
Loading

你client是在输入端屏蔽输入,还是输出端屏蔽RST的? 应该是输入吧

屏蔽的是输入,用iptables drop掉接受的包。

就像这样,iptables -I INPUT -s 44.55.66.77/32 -p tcp -m tcp --sport 8855 -j DROP

嗯,这个可以测试一下

这个是说貌似应该是client先产生RST,然后server那边也产生了吗。这个基本上不用测了,client这边预期收到的是SYN,但是他收到了SYN ACK,按理说应该会先产生RST。

==update==

测试时,需要在两边同时抓包。 如果用packet(/raw) socket进行发送和接收的话,用tcpdump或wireshark不能抓到发送出去的包,可以抓到接收到的包

只能抓到一个方向的包的话,抓完之后不知道怎么把两边结果按时间同步起来,有了tcpdump结果,也难以知道哪个是先哪个是后。貌似很麻烦,一想到这个,就不想测了。。。

@wangyu-
Copy link

wangyu- commented Sep 18, 2017

只能抓到一个方向的包的话,貌似有些困难。抓完之后不知道怎么把两边结果按时间同步起来,有了tcpdump结果,也难以知道哪个是先哪个是后。

貌似没有想象的那么复杂,tcpdump在2层抓包,双向的都能抓到,只要一边就可以了。现在同时贴上两边的结果,以便互相对照:

可以看到client在收到syn ack之后,马上回复了RST。

server那边,收到RST之后没有回RST。但是收到ack以后,马上回复了个RST(因为之前的RST已经把TCP连接重置了,所以这个ACK是非法的)。

client这边的结果:

root@raspberrypi:/home/pi# tcpdump -i eth0 port 9966
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:32:13.559574 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [S], seq 3509489661, win 41442, options [mss 1460,sackOK,TS val 91488934 ecr 0,nop,wscale 5], length 0
17:32:13.773892 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [S.], seq 2646971543, ack 3509489662, win 28960, options [mss 1460,sackOK,TS val 3945953258 ecr 91488934,nop,wscale 6], length 0
17:32:13.774302 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489662, win 0, length 0
17:32:13.774878 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], ack 1, win 41038, options [nop,nop,TS val 91489149 ecr 3945953258], length 0
17:32:13.775210 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [S.], seq 3235141037, ack 3509489662, win 41015, options [mss 1460,sackOK,TS val 367897807 ecr 91488934,nop,wscale 5], length 0
17:32:13.775587 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489662, win 0, length 0
17:32:13.775885 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], seq 1:49, ack 3706797803, win 41182, options [nop,nop,TS val 91489150 ecr 3945953258], length 48
17:32:13.998663 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971544, win 0, length 0
17:32:14.000424 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971544, win 0, length 0
17:32:14.000427 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706797803:3706797851, ack 49, win 41359, options [nop,nop,TS val 367898021 ecr 91489150], length 48
17:32:14.001161 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489710, win 0, length 0
17:32:14.001836 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], seq 49:97, ack 3706797851, win 41038, options [nop,nop,TS val 91489376 ecr 367898021], length 48
17:32:14.226399 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971592, win 0, length 0
17:32:14.226402 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706797851:3706797899, ack 97, win 41409, options [nop,nop,TS val 367898249 ecr 91489376], length 48
17:32:14.227119 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489758, win 0, length 0
17:32:14.227906 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], seq 97:145, ack 3706797899, win 41054, options [nop,nop,TS val 91489602 ecr 367898249], length 48
17:32:14.444484 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971640, win 0, length 0
17:32:15.424051 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706797899:3706797947, ack 145, win 41110, options [nop,nop,TS val 367899449 ecr 91489602], length 48
17:32:15.424453 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489806, win 0, length 0
17:32:15.558710 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], seq 145:193, ack 3706797947, win 41021, options [nop,nop,TS val 91490933 ecr 367899449], length 48
17:32:15.768384 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971688, win 0, length 0
17:32:16.615240 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706797947:3706797995, ack 193, win 41146, options [nop,nop,TS val 367900649 ecr 91490933], length 48
17:32:16.615697 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489854, win 0, length 0
17:32:16.758705 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], seq 193:241, ack 3706797995, win 40999, options [nop,nop,TS val 91492133 ecr 367900649], length 48
17:32:16.980256 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971736, win 0, length 0
17:32:17.814633 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706797995:3706798043, ack 241, win 41297, options [nop,nop,TS val 367901849 ecr 91492133], length 48
17:32:17.815144 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489902, win 0, length 0
17:32:17.958731 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], seq 241:289, ack 3706798043, win 41211, options [nop,nop,TS val 91493333 ecr 367901849], length 48
17:32:18.176890 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971784, win 0, length 0
17:32:19.003721 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706798043:3706798091, ack 289, win 41178, options [nop,nop,TS val 367903049 ecr 91493333], length 48
17:32:19.004185 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489950, win 0, length 0
17:32:19.158697 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [.], seq 289:337, ack 3706798091, win 41230, options [nop,nop,TS val 91494533 ecr 367903049], length 48
17:32:19.374697 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [R], seq 2646971832, win 0, length 0
17:32:20.222538 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706798091:3706798139, ack 337, win 41183, options [nop,nop,TS val 367904249 ecr 91494533], length 48
17:32:20.222947 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489998, win 0, length 0
17:32:21.413427 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 3706798139:3706798187, ack 337, win 41457, options [nop,nop,TS val 367905449 ecr 91494533], length 48
17:32:21.413815 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489998, win 0, length 0
17:32:22.624965 IP 44.55.66.77.9966 > 192.168.200.205.22917: Flags [.], seq 1059826259:1059826307, ack 337, win 41304, options [nop,nop,TS val 367906649 ecr 91494533], length 48
17:32:22.625426 IP 192.168.200.205.22917 > 44.55.66.77.9966: Flags [R], seq 3509489998, win 0, length 0

server这边的结果:

[[email protected]:~]
$ tcpdump -i eth0 port 9966
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:32:13.627602 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [S], seq 3509489661, win 41442, options [mss 1452,sackOK,TS val 91488934 ecr 0,nop,wscale 5], length 0
17:32:13.627732 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [S.], seq 2646971543, ack 3509489662, win 28960, options [mss 1460,sackOK,TS val 3945953258 ecr 91488934,nop,wscale 6], length 0
17:32:13.629288 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [S.], seq 3235141037, ack 3509489662, win 41015, options [mss 1460,sackOK,TS val 367897807 ecr 91488934,nop,wscale 5], length 0
17:32:13.841948 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489662, win 0, length 0
17:32:13.842067 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [.], ack 3706797803, win 41038, options [nop,nop,TS val 91489149 ecr 3945953258], length 0
17:32:13.842110 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [R], seq 2646971544, win 0, length 0
17:32:13.842614 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489662, win 0, length 0
17:32:15.270896 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [.], seq 3706797899:3706797947, ack 145, win 41110, options [nop,nop,TS val 367899449 ecr 91489602], length 48
17:32:15.492076 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489806, win 0, length 0
17:32:15.626620 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [.], seq 145:193, ack 3706797947, win 41021, options [nop,nop,TS val 91490933 ecr 367899449], length 48
17:32:15.626883 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [R], seq 2646971688, win 0, length 0
17:32:16.471096 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [.], seq 3706797947:3706797995, ack 193, win 41146, options [nop,nop,TS val 367900649 ecr 91490933], length 48
17:32:16.683282 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489854, win 0, length 0
17:32:16.826592 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [.], seq 193:241, ack 3706797995, win 40999, options [nop,nop,TS val 91492133 ecr 367900649], length 48
17:32:16.826714 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [R], seq 2646971736, win 0, length 0
17:32:17.670901 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [.], seq 3706797995:3706798043, ack 241, win 41297, options [nop,nop,TS val 367901849 ecr 91492133], length 48
17:32:17.882641 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489902, win 0, length 0
17:32:18.026512 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [.], seq 241:289, ack 3706798043, win 41211, options [nop,nop,TS val 91493333 ecr 367901849], length 48
17:32:18.026618 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [R], seq 2646971784, win 0, length 0
17:32:18.870872 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [.], seq 3706798043:3706798091, ack 289, win 41178, options [nop,nop,TS val 367903049 ecr 91493333], length 48
17:32:19.071724 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489950, win 0, length 0
17:32:19.226975 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [.], seq 289:337, ack 3706798091, win 41230, options [nop,nop,TS val 91494533 ecr 367903049], length 48
17:32:19.227084 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [R], seq 2646971832, win 0, length 0
17:32:20.071095 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [.], seq 3706798091:3706798139, ack 337, win 41183, options [nop,nop,TS val 367904249 ecr 91494533], length 48
17:32:20.291321 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489998, win 0, length 0
17:32:21.270926 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [.], seq 3706798139:3706798187, ack 337, win 41457, options [nop,nop,TS val 367905449 ecr 91494533], length 48
17:32:21.481327 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489998, win 0, length 0
17:32:22.470877 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54692: Flags [.], seq 1059826259:1059826307, ack 337, win 41304, options [nop,nop,TS val 367906649 ecr 91494533], length 48
17:32:22.692996 IP 111.222.11.22.54692 > 44.55.66.77.vultr.com.9966: Flags [R], seq 3509489998, win 0, length 0

@wangyu-
Copy link

wangyu- commented Sep 18, 2017

另外再附上client用iptables,server端用dummy socket的:

client:

root@raspberrypi:/home/pi# tcpdump -i eth0 port 9966
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:51:20.816344 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [S], seq 3676145666, win 41171, options [mss 1460,sackOK,TS val 92636191 ecr 0,nop,wscale 5], length 0
17:51:21.021719 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [S.], seq 3401050675, ack 3676145667, win 28960, options [mss 1460,sackOK,TS val 1965784064 ecr 92636191,nop,wscale 6], length 0
17:51:21.022519 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [S.], seq 579942257, ack 3676145667, win 41407, options [mss 1460,sackOK,TS val 369045061 ecr 92636191,nop,wscale 5], length 0
17:51:21.022644 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], ack 2821108419, win 41202, options [nop,nop,TS val 92636397 ecr 1965784064], length 0
17:51:21.023362 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1:49, ack 2821108419, win 41230, options [nop,nop,TS val 92636398 ecr 1965784064], length 48
17:51:21.242863 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], ack 49, win 453, options [nop,nop,TS val 1965784116 ecr 92636398], length 0
17:51:21.243572 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108419:2821108467, ack 49, win 41036, options [nop,nop,TS val 369045267 ecr 92636398], length 48
17:51:21.244389 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 49:97, ack 2821108467, win 41054, options [nop,nop,TS val 92636619 ecr 369045267], length 48
17:51:21.454200 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108467:2821108515, ack 97, win 41257, options [nop,nop,TS val 369045487 ecr 92636619], length 48
17:51:21.455033 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 97:145, ack 2821108515, win 41450, options [nop,nop,TS val 92636829 ecr 369045487], length 48
17:51:22.664391 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108515:2821108563, ack 145, win 40970, options [nop,nop,TS val 369046687 ecr 92636829], length 48
17:51:22.816103 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 145:193, ack 2821108563, win 41382, options [nop,nop,TS val 92638190 ecr 369046687], length 48
17:51:23.865869 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108563:2821108611, ack 193, win 41316, options [nop,nop,TS val 369047887 ecr 92638190], length 48
17:51:24.016100 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 193:241, ack 2821108611, win 41464, options [nop,nop,TS val 92639390 ecr 369047887], length 48
17:51:25.061788 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108611:2821108659, ack 241, win 41201, options [nop,nop,TS val 369049087 ecr 92639390], length 48
17:51:25.216097 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 241:289, ack 2821108659, win 41001, options [nop,nop,TS val 92640590 ecr 369049087], length 48
17:51:26.264976 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108659:2821108707, ack 289, win 41453, options [nop,nop,TS val 369050288 ecr 92640590], length 48
17:51:26.416099 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 289:337, ack 2821108707, win 41253, options [nop,nop,TS val 92641790 ecr 369050288], length 48
17:51:27.448658 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108707:2821108755, ack 337, win 41384, options [nop,nop,TS val 369051488 ecr 92641790], length 48
17:51:27.616094 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 337:385, ack 2821108755, win 41043, options [nop,nop,TS val 92642990 ecr 369051488], length 48
17:51:28.649479 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108755:2821108803, ack 385, win 41251, options [nop,nop,TS val 369052687 ecr 92642990], length 48
17:51:28.816107 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 385:433, ack 2821108803, win 41420, options [nop,nop,TS val 92644190 ecr 369052687], length 48
17:51:29.855427 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108803:2821108851, ack 433, win 41421, options [nop,nop,TS val 369053888 ecr 92644190], length 48
17:51:30.016104 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 433:481, ack 2821108851, win 40992, options [nop,nop,TS val 92645390 ecr 369053888], length 48
17:51:31.054028 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108851:2821108899, ack 481, win 41239, options [nop,nop,TS val 369055088 ecr 92645390], length 48
17:51:31.216098 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 481:529, ack 2821108899, win 41051, options [nop,nop,TS val 92646590 ecr 369055088], length 48
17:51:32.254802 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108899:2821108947, ack 529, win 41386, options [nop,nop,TS val 369056287 ecr 92646590], length 48
17:51:32.416107 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 529:577, ack 2821108947, win 41006, options [nop,nop,TS val 92647790 ecr 369056287], length 48
17:51:33.460807 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108947:2821108995, ack 577, win 41340, options [nop,nop,TS val 369057488 ecr 92647790], length 48
17:51:33.616107 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 577:625, ack 2821108995, win 41366, options [nop,nop,TS val 92648990 ecr 369057488], length 48
17:51:34.664176 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821108995:2821109043, ack 625, win 41369, options [nop,nop,TS val 369058688 ecr 92648990], length 48
17:51:34.816098 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 625:673, ack 2821109043, win 40967, options [nop,nop,TS val 92650190 ecr 369058688], length 48
17:51:35.864152 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109043:2821109091, ack 673, win 41135, options [nop,nop,TS val 369059888 ecr 92650190], length 48
17:51:36.016101 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 673:721, ack 2821109091, win 41361, options [nop,nop,TS val 92651390 ecr 369059888], length 48
17:51:37.054113 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109091:2821109139, ack 721, win 41378, options [nop,nop,TS val 369061087 ecr 92651390], length 48
17:51:37.216095 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 721:769, ack 2821109139, win 41147, options [nop,nop,TS val 92652590 ecr 369061087], length 48
17:51:38.255970 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109139:2821109187, ack 769, win 41126, options [nop,nop,TS val 369062288 ecr 92652590], length 48
17:51:38.416108 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 769:817, ack 2821109187, win 41469, options [nop,nop,TS val 92653790 ecr 369062288], length 48
17:51:39.452311 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109187:2821109235, ack 817, win 41200, options [nop,nop,TS val 369063488 ecr 92653790], length 48
17:51:39.616101 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 817:865, ack 2821109235, win 41188, options [nop,nop,TS val 92654990 ecr 369063488], length 48
17:51:40.659598 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109235:2821109283, ack 865, win 41119, options [nop,nop,TS val 369064688 ecr 92654990], length 48
17:51:40.816095 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 865:913, ack 2821109283, win 41051, options [nop,nop,TS val 92656190 ecr 369064688], length 48
17:51:41.855442 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109283:2821109331, ack 913, win 41186, options [nop,nop,TS val 369065888 ecr 92656190], length 48
17:51:42.016100 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 913:961, ack 2821109331, win 41177, options [nop,nop,TS val 92657390 ecr 369065888], length 48
17:51:43.059104 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109331:2821109379, ack 961, win 41025, options [nop,nop,TS val 369067087 ecr 92657390], length 48
17:51:43.216105 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 961:1009, ack 2821109379, win 40963, options [nop,nop,TS val 92658590 ecr 369067087], length 48
17:51:44.265797 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109379:2821109427, ack 1009, win 40968, options [nop,nop,TS val 369068287 ecr 92658590], length 48
17:51:44.416112 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1009:1057, ack 2821109427, win 40966, options [nop,nop,TS val 92659790 ecr 369068287], length 48
17:51:45.460414 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109427:2821109475, ack 1057, win 41009, options [nop,nop,TS val 369069487 ecr 92659790], length 48
17:51:45.616096 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1057:1105, ack 2821109475, win 41280, options [nop,nop,TS val 92660990 ecr 369069487], length 48
17:51:46.662670 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109475:2821109523, ack 1105, win 41135, options [nop,nop,TS val 369070688 ecr 92660990], length 48
17:51:46.816099 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1105:1153, ack 2821109523, win 41014, options [nop,nop,TS val 92662190 ecr 369070688], length 48
17:51:47.850760 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109523:2821109571, ack 1153, win 41368, options [nop,nop,TS val 369071887 ecr 92662190], length 48
17:51:48.016095 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1153:1201, ack 2821109571, win 41134, options [nop,nop,TS val 92663390 ecr 369071887], length 48
17:51:49.062988 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109571:2821109619, ack 1201, win 41404, options [nop,nop,TS val 369073087 ecr 92663390], length 48
17:51:49.216098 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1201:1249, ack 2821109619, win 41162, options [nop,nop,TS val 92664590 ecr 369073087], length 48
17:51:50.256993 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109619:2821109667, ack 1249, win 41215, options [nop,nop,TS val 369074287 ecr 92664590], length 48
17:51:50.416110 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1249:1297, ack 2821109667, win 41409, options [nop,nop,TS val 92665790 ecr 369074287], length 48
17:51:51.434127 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109667:2821109715, ack 1297, win 41259, options [nop,nop,TS val 369075487 ecr 92665790], length 48
17:51:51.616101 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1297:1345, ack 2821109715, win 41417, options [nop,nop,TS val 92666990 ecr 369075487], length 48
17:51:52.651501 IP 44.55.66.77.9966 > 192.168.200.205.18552: Flags [.], seq 2821109715:2821109763, ack 1345, win 41457, options [nop,nop,TS val 369076687 ecr 92666990], length 48
17:51:52.816105 IP 192.168.200.205.18552 > 44.55.66.77.9966: Flags [.], seq 1345:1393, ack 2821109763, win 41258, options [nop,nop,TS val 92668190 ecr 369076687], length 48

server:

[[email protected]:~]
$ tcpdump -i eth0 port 9966
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:51:20.881369 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [S], seq 3676145666, win 41171, options [mss 1452,sackOK,TS val 92636191 ecr 0,nop,wscale 5], length 0
17:51:20.881676 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [S.], seq 3401050675, ack 3676145667, win 28960, options [mss 1460,sackOK,TS val 1965784064 ecr 92636191,nop,wscale 6], length 0
17:51:20.882934 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [S.], seq 579942257, ack 3676145667, win 41407, options [mss 1460,sackOK,TS val 369045061 ecr 92636191,nop,wscale 5], length 0
17:51:21.087456 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], ack 2821108419, win 41202, options [nop,nop,TS val 92636397 ecr 1965784064], length 0
17:51:21.088037 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1:49, ack 2821108419, win 41230, options [nop,nop,TS val 92636398 ecr 1965784064], length 48
17:51:21.088091 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], ack 49, win 453, options [nop,nop,TS val 1965784116 ecr 92636398], length 0
17:51:21.088664 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108419:2821108467, ack 49, win 41036, options [nop,nop,TS val 369045267 ecr 92636398], length 48
17:51:22.509513 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108515:2821108563, ack 145, win 40970, options [nop,nop,TS val 369046687 ecr 92636829], length 48
17:51:22.881062 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 145:193, ack 2821108563, win 41382, options [nop,nop,TS val 92638190 ecr 369046687], length 48
17:51:23.709577 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108563:2821108611, ack 193, win 41316, options [nop,nop,TS val 369047887 ecr 92638190], length 48
17:51:24.080807 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 193:241, ack 2821108611, win 41464, options [nop,nop,TS val 92639390 ecr 369047887], length 48
17:51:24.909540 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108611:2821108659, ack 241, win 41201, options [nop,nop,TS val 369049087 ecr 92639390], length 48
17:51:25.280682 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 241:289, ack 2821108659, win 41001, options [nop,nop,TS val 92640590 ecr 369049087], length 48
17:51:26.109614 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108659:2821108707, ack 289, win 41453, options [nop,nop,TS val 369050288 ecr 92640590], length 48
17:51:26.480710 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 289:337, ack 2821108707, win 41253, options [nop,nop,TS val 92641790 ecr 369050288], length 48
17:51:27.309632 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108707:2821108755, ack 337, win 41384, options [nop,nop,TS val 369051488 ecr 92641790], length 48
17:51:27.680714 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 337:385, ack 2821108755, win 41043, options [nop,nop,TS val 92642990 ecr 369051488], length 48
17:51:28.509606 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108755:2821108803, ack 385, win 41251, options [nop,nop,TS val 369052687 ecr 92642990], length 48
17:51:28.880967 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 385:433, ack 2821108803, win 41420, options [nop,nop,TS val 92644190 ecr 369052687], length 48
17:51:29.709890 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108803:2821108851, ack 433, win 41421, options [nop,nop,TS val 369053888 ecr 92644190], length 48
17:51:30.080817 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 433:481, ack 2821108851, win 40992, options [nop,nop,TS val 92645390 ecr 369053888], length 48
17:51:30.909665 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108851:2821108899, ack 481, win 41239, options [nop,nop,TS val 369055088 ecr 92645390], length 48
17:51:31.280692 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 481:529, ack 2821108899, win 41051, options [nop,nop,TS val 92646590 ecr 369055088], length 48
17:51:32.109590 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108899:2821108947, ack 529, win 41386, options [nop,nop,TS val 369056287 ecr 92646590], length 48
17:51:32.480811 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 529:577, ack 2821108947, win 41006, options [nop,nop,TS val 92647790 ecr 369056287], length 48
17:51:33.309660 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108947:2821108995, ack 577, win 41340, options [nop,nop,TS val 369057488 ecr 92647790], length 48
17:51:33.680833 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 577:625, ack 2821108995, win 41366, options [nop,nop,TS val 92648990 ecr 369057488], length 48
17:51:34.509619 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821108995:2821109043, ack 625, win 41369, options [nop,nop,TS val 369058688 ecr 92648990], length 48
17:51:34.880833 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 625:673, ack 2821109043, win 40967, options [nop,nop,TS val 92650190 ecr 369058688], length 48
17:51:35.709810 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109043:2821109091, ack 673, win 41135, options [nop,nop,TS val 369059888 ecr 92650190], length 48
17:51:36.080718 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 673:721, ack 2821109091, win 41361, options [nop,nop,TS val 92651390 ecr 369059888], length 48
17:51:36.909610 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109091:2821109139, ack 721, win 41378, options [nop,nop,TS val 369061087 ecr 92651390], length 48
17:51:37.280649 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 721:769, ack 2821109139, win 41147, options [nop,nop,TS val 92652590 ecr 369061087], length 48
17:51:38.109616 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109139:2821109187, ack 769, win 41126, options [nop,nop,TS val 369062288 ecr 92652590], length 48
17:51:38.480769 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 769:817, ack 2821109187, win 41469, options [nop,nop,TS val 92653790 ecr 369062288], length 48
17:51:39.309614 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109187:2821109235, ack 817, win 41200, options [nop,nop,TS val 369063488 ecr 92653790], length 48
17:51:39.680716 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 817:865, ack 2821109235, win 41188, options [nop,nop,TS val 92654990 ecr 369063488], length 48
17:51:40.509629 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109235:2821109283, ack 865, win 41119, options [nop,nop,TS val 369064688 ecr 92654990], length 48
17:51:40.880722 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 865:913, ack 2821109283, win 41051, options [nop,nop,TS val 92656190 ecr 369064688], length 48
17:51:41.709680 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109283:2821109331, ack 913, win 41186, options [nop,nop,TS val 369065888 ecr 92656190], length 48
17:51:42.081047 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 913:961, ack 2821109331, win 41177, options [nop,nop,TS val 92657390 ecr 369065888], length 48
17:51:42.909538 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109331:2821109379, ack 961, win 41025, options [nop,nop,TS val 369067087 ecr 92657390], length 48
17:51:43.280881 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 961:1009, ack 2821109379, win 40963, options [nop,nop,TS val 92658590 ecr 369067087], length 48
17:51:44.109608 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109379:2821109427, ack 1009, win 40968, options [nop,nop,TS val 369068287 ecr 92658590], length 48
17:51:44.480627 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1009:1057, ack 2821109427, win 40966, options [nop,nop,TS val 92659790 ecr 369068287], length 48
17:51:45.309537 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109427:2821109475, ack 1057, win 41009, options [nop,nop,TS val 369069487 ecr 92659790], length 48
17:51:45.680854 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1057:1105, ack 2821109475, win 41280, options [nop,nop,TS val 92660990 ecr 369069487], length 48
17:51:46.509670 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109475:2821109523, ack 1105, win 41135, options [nop,nop,TS val 369070688 ecr 92660990], length 48
17:51:46.880819 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1105:1153, ack 2821109523, win 41014, options [nop,nop,TS val 92662190 ecr 369070688], length 48
17:51:47.709538 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109523:2821109571, ack 1153, win 41368, options [nop,nop,TS val 369071887 ecr 92662190], length 48
17:51:48.080863 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1153:1201, ack 2821109571, win 41134, options [nop,nop,TS val 92663390 ecr 369071887], length 48
17:51:48.909613 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109571:2821109619, ack 1201, win 41404, options [nop,nop,TS val 369073087 ecr 92663390], length 48
17:51:49.281152 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1201:1249, ack 2821109619, win 41162, options [nop,nop,TS val 92664590 ecr 369073087], length 48
17:51:50.109603 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109619:2821109667, ack 1249, win 41215, options [nop,nop,TS val 369074287 ecr 92664590], length 48
17:51:50.480374 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1249:1297, ack 2821109667, win 41409, options [nop,nop,TS val 92665790 ecr 369074287], length 48
17:51:51.309575 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109667:2821109715, ack 1297, win 41259, options [nop,nop,TS val 369075487 ecr 92665790], length 48
17:51:51.680877 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1297:1345, ack 2821109715, win 41417, options [nop,nop,TS val 92666990 ecr 369075487], length 48
17:51:52.509583 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109715:2821109763, ack 1345, win 41457, options [nop,nop,TS val 369076687 ecr 92666990], length 48
17:51:52.882213 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1345:1393, ack 2821109763, win 41258, options [nop,nop,TS val 92668190 ecr 369076687], length 48
17:51:53.709773 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109763:2821109811, ack 1393, win 41416, options [nop,nop,TS val 369077888 ecr 92668190], length 48
17:51:54.080856 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1393:1441, ack 2821109811, win 41109, options [nop,nop,TS val 92669390 ecr 369077888], length 48
17:51:54.909616 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54727: Flags [.], seq 2821109811:2821109859, ack 1441, win 41290, options [nop,nop,TS val 369079088 ecr 92669390], length 48
17:51:55.280911 IP 111.222.11.22.54727 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1441:1489, ack 2821109859, win 41147, options [nop,nop,TS val 92670590 ecr 369079088], length 48

根据我的理解,S代表SYN标志,R代表RST,.代表ACK

@wangyu-
Copy link

wangyu- commented Sep 18, 2017
edited
Loading

在tcpdump关闭了相对序号的功能,看得更清楚些。

依然是client用iptables,server端用dummy socket

client:

root@raspberrypi:/home/pi# tcpdump -i eth0 port 9966 -S
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:03:23.434259 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [S], seq 1785285294, win 41085, options [mss 1460,sackOK,TS val 93358809 ecr 0,nop,wscale 5], length 0
18:03:23.630842 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [S.], seq 1950336998, ack 1785285295, win 28960, options [mss 1460,sackOK,TS val 586999818 ecr 93358809,nop,wscale 6], length 0
18:03:23.631403 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], ack 1950336999, win 41260, options [nop,nop,TS val 93359006 ecr 586999818], length 0
18:03:23.631779 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285295:1785285343, ack 1950336999, win 41356, options [nop,nop,TS val 93359006 ecr 586999818], length 48
18:03:23.632198 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [S.], seq 804005325, ack 1785285295, win 40982, options [mss 1460,sackOK,TS val 369767679 ecr 93358809,nop,wscale 5], length 0
18:03:23.823223 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], ack 1785285343, win 453, options [nop,nop,TS val 586999867 ecr 93359006], length 0
18:03:23.823656 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950336999:1950337047, ack 1785285343, win 41230, options [nop,nop,TS val 369767875 ecr 93359006], length 48
18:03:23.824185 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285343:1785285391, ack 1950337047, win 41457, options [nop,nop,TS val 93359198 ecr 369767875], length 48
18:03:24.019494 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337047:1950337095, ack 1785285391, win 41063, options [nop,nop,TS val 369768068 ecr 93359198], length 48
18:03:24.020050 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285391:1785285439, ack 1950337095, win 41349, options [nop,nop,TS val 93359394 ecr 369768068], length 48
18:03:25.034015 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285439:1785285487, ack 1950337095, win 41350, options [nop,nop,TS val 93360408 ecr 369768068], length 48
18:03:25.218784 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337095:1950337143, ack 1785285439, win 41186, options [nop,nop,TS val 369769268 ecr 93359394], length 48
18:03:26.234022 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285487:1785285535, ack 1950337143, win 40969, options [nop,nop,TS val 93361608 ecr 369769268], length 48
18:03:26.413505 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337143:1950337191, ack 1785285487, win 40992, options [nop,nop,TS val 369770468 ecr 93360408], length 48
18:03:27.434031 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285535:1785285583, ack 1950337191, win 41187, options [nop,nop,TS val 93362808 ecr 369770468], length 48
18:03:27.620649 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337191:1950337239, ack 1785285535, win 41132, options [nop,nop,TS val 369771668 ecr 93361608], length 48
18:03:28.634032 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285583:1785285631, ack 1950337239, win 41049, options [nop,nop,TS val 93364008 ecr 369771668], length 48
18:03:28.815542 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337239:1950337287, ack 1785285583, win 41093, options [nop,nop,TS val 369772868 ecr 93362808], length 48
18:03:29.834030 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285631:1785285679, ack 1950337287, win 41027, options [nop,nop,TS val 93365208 ecr 369772868], length 48
18:03:30.011319 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337287:1950337335, ack 1785285631, win 41041, options [nop,nop,TS val 369774068 ecr 93364008], length 48
18:03:31.034021 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285679:1785285727, ack 1950337335, win 41263, options [nop,nop,TS val 93366408 ecr 369774068], length 48
18:03:31.215264 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337335:1950337383, ack 1785285679, win 41041, options [nop,nop,TS val 369775268 ecr 93365208], length 48
18:03:32.234029 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285727:1785285775, ack 1950337383, win 41021, options [nop,nop,TS val 93367608 ecr 369775268], length 48
18:03:32.409098 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337383:1950337431, ack 1785285727, win 41253, options [nop,nop,TS val 369776468 ecr 93366408], length 48
18:03:33.434033 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285775:1785285823, ack 1950337431, win 41179, options [nop,nop,TS val 93368808 ecr 369776468], length 48
18:03:33.625548 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337431:1950337479, ack 1785285775, win 41113, options [nop,nop,TS val 369777668 ecr 93367608], length 48
18:03:34.634039 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285823:1785285871, ack 1950337479, win 41435, options [nop,nop,TS val 93370008 ecr 369777668], length 48
18:03:34.809006 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337479:1950337527, ack 1785285823, win 41446, options [nop,nop,TS val 369778868 ecr 93368808], length 48
18:03:35.834020 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285871:1785285919, ack 1950337527, win 41240, options [nop,nop,TS val 93371208 ecr 369778868], length 48
18:03:36.018767 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337527:1950337575, ack 1785285871, win 41288, options [nop,nop,TS val 369780068 ecr 93370008], length 48
18:03:37.034035 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285919:1785285967, ack 1950337575, win 41274, options [nop,nop,TS val 93372408 ecr 369780068], length 48
18:03:37.209862 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337575:1950337623, ack 1785285919, win 40997, options [nop,nop,TS val 369781268 ecr 93371208], length 48
18:03:38.234027 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785285967:1785286015, ack 1950337623, win 40972, options [nop,nop,TS val 93373608 ecr 369781268], length 48
18:03:38.415926 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337623:1950337671, ack 1785285967, win 41079, options [nop,nop,TS val 369782468 ecr 93372408], length 48
18:03:39.434041 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286015:1785286063, ack 1950337671, win 41271, options [nop,nop,TS val 93374808 ecr 369782468], length 48
18:03:39.620672 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337671:1950337719, ack 1785286015, win 41188, options [nop,nop,TS val 369783668 ecr 93373608], length 48
18:03:40.634043 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286063:1785286111, ack 1950337719, win 41170, options [nop,nop,TS val 93376008 ecr 369783668], length 48
18:03:40.815777 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337719:1950337767, ack 1785286063, win 41280, options [nop,nop,TS val 369784868 ecr 93374808], length 48
18:03:41.834130 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286111:1785286159, ack 1950337767, win 41184, options [nop,nop,TS val 93377208 ecr 369784868], length 48
18:03:42.026849 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337767:1950337815, ack 1785286111, win 41227, options [nop,nop,TS val 369786068 ecr 93376008], length 48
18:03:43.034038 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286159:1785286207, ack 1950337815, win 41255, options [nop,nop,TS val 93378408 ecr 369786068], length 48
18:03:43.230053 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337815:1950337863, ack 1785286159, win 40978, options [nop,nop,TS val 369787268 ecr 93377208], length 48
18:03:44.234045 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286207:1785286255, ack 1950337863, win 41185, options [nop,nop,TS val 93379608 ecr 369787268], length 48
18:03:44.422795 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337863:1950337911, ack 1785286207, win 41466, options [nop,nop,TS val 369788468 ecr 93378408], length 48
18:03:45.434028 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286255:1785286303, ack 1950337911, win 41197, options [nop,nop,TS val 93380808 ecr 369788468], length 48
18:03:45.605043 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337911:1950337959, ack 1785286255, win 40995, options [nop,nop,TS val 369789668 ecr 93379608], length 48
18:03:46.634043 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286303:1785286351, ack 1950337959, win 41239, options [nop,nop,TS val 93382008 ecr 369789668], length 48
18:03:46.820978 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950337959:1950338007, ack 1785286303, win 41321, options [nop,nop,TS val 369790868 ecr 93380808], length 48
18:03:47.834037 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286351:1785286399, ack 1950338007, win 41393, options [nop,nop,TS val 93383208 ecr 369790868], length 48
18:03:48.027349 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950338007:1950338055, ack 1785286351, win 41313, options [nop,nop,TS val 369792068 ecr 93382008], length 48
18:03:49.034059 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286399:1785286447, ack 1950338055, win 41186, options [nop,nop,TS val 93384408 ecr 369792068], length 48
18:03:49.222744 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950338055:1950338103, ack 1785286399, win 41345, options [nop,nop,TS val 369793268 ecr 93383208], length 48
18:03:50.234065 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286447:1785286495, ack 1950338103, win 41398, options [nop,nop,TS val 93385608 ecr 369793268], length 48
18:03:50.418490 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950338103:1950338151, ack 1785286447, win 41445, options [nop,nop,TS val 369794468 ecr 93384408], length 48
18:03:51.434055 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286495:1785286543, ack 1950338151, win 41336, options [nop,nop,TS val 93386808 ecr 369794468], length 48
18:03:51.610308 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950338151:1950338199, ack 1785286495, win 41098, options [nop,nop,TS val 369795668 ecr 93385608], length 48
18:03:52.634064 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286543:1785286591, ack 1950338199, win 41251, options [nop,nop,TS val 93388008 ecr 369795668], length 48
18:03:52.810552 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950338199:1950338247, ack 1785286543, win 41307, options [nop,nop,TS val 369796868 ecr 93386808], length 48
18:03:53.834066 IP 192.168.200.205.48891 > 44.55.66.77.9966: Flags [.], seq 1785286591:1785286639, ack 1950338247, win 41331, options [nop,nop,TS val 93389208 ecr 369796868], length 48
18:03:54.015809 IP 44.55.66.77.9966 > 192.168.200.205.48891: Flags [.], seq 1950338247:1950338295, ack 1785286591, win 41307, options [nop,nop,TS val 369798068 ecr 93388008], length 48

server:

[[email protected]:~]
$ tcpdump -i eth0 port 9966 -S
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:03:23.499456 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [S], seq 1785285294, win 41085, options [mss 1452,sackOK,TS val 93358809 ecr 0,nop,wscale 5], length 0
18:03:23.499718 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [S.], seq 1950336998, ack 1785285295, win 28960, options [mss 1460,sackOK,TS val 586999818 ecr 93358809,nop,wscale 6], length 0
18:03:23.501235 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [S.], seq 804005325, ack 1785285295, win 40982, options [mss 1460,sackOK,TS val 369767679 ecr 93358809,nop,wscale 5], length 0
18:03:23.696734 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], ack 1950336999, win 41260, options [nop,nop,TS val 93359006 ecr 586999818], length 0
18:03:23.696855 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285295:1785285343, ack 1950336999, win 41356, options [nop,nop,TS val 93359006 ecr 586999818], length 48
18:03:23.696890 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], ack 1785285343, win 453, options [nop,nop,TS val 586999867 ecr 93359006], length 0
18:03:23.697297 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950336999:1950337047, ack 1785285343, win 41230, options [nop,nop,TS val 369767875 ecr 93359006], length 48
18:03:25.090023 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337095:1950337143, ack 1785285439, win 41186, options [nop,nop,TS val 369769268 ecr 93359394], length 48
18:03:25.098845 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285439:1785285487, ack 1950337095, win 41350, options [nop,nop,TS val 93360408 ecr 369768068], length 48
18:03:26.290030 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337143:1950337191, ack 1785285487, win 40992, options [nop,nop,TS val 369770468 ecr 93360408], length 48
18:03:26.298910 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285487:1785285535, ack 1950337143, win 40969, options [nop,nop,TS val 93361608 ecr 369769268], length 48
18:03:27.489944 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337191:1950337239, ack 1785285535, win 41132, options [nop,nop,TS val 369771668 ecr 93361608], length 48
18:03:27.498925 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285535:1785285583, ack 1950337191, win 41187, options [nop,nop,TS val 93362808 ecr 369770468], length 48
18:03:28.690021 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337239:1950337287, ack 1785285583, win 41093, options [nop,nop,TS val 369772868 ecr 93362808], length 48
18:03:28.699041 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285583:1785285631, ack 1950337239, win 41049, options [nop,nop,TS val 93364008 ecr 369771668], length 48
18:03:29.890065 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337287:1950337335, ack 1785285631, win 41041, options [nop,nop,TS val 369774068 ecr 93364008], length 48
18:03:29.898973 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285631:1785285679, ack 1950337287, win 41027, options [nop,nop,TS val 93365208 ecr 369772868], length 48
18:03:31.090033 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337335:1950337383, ack 1785285679, win 41041, options [nop,nop,TS val 369775268 ecr 93365208], length 48
18:03:31.098935 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285679:1785285727, ack 1950337335, win 41263, options [nop,nop,TS val 93366408 ecr 369774068], length 48
18:03:32.290012 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337383:1950337431, ack 1785285727, win 41253, options [nop,nop,TS val 369776468 ecr 93366408], length 48
18:03:32.299214 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285727:1785285775, ack 1950337383, win 41021, options [nop,nop,TS val 93367608 ecr 369775268], length 48
18:03:33.490220 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337431:1950337479, ack 1785285775, win 41113, options [nop,nop,TS val 369777668 ecr 93367608], length 48
18:03:33.498950 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285775:1785285823, ack 1950337431, win 41179, options [nop,nop,TS val 93368808 ecr 369776468], length 48
18:03:34.690041 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337479:1950337527, ack 1785285823, win 41446, options [nop,nop,TS val 369778868 ecr 93368808], length 48
18:03:34.699004 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285823:1785285871, ack 1950337479, win 41435, options [nop,nop,TS val 93370008 ecr 369777668], length 48
18:03:35.890007 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337527:1950337575, ack 1785285871, win 41288, options [nop,nop,TS val 369780068 ecr 93370008], length 48
18:03:35.898997 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285871:1785285919, ack 1950337527, win 41240, options [nop,nop,TS val 93371208 ecr 369778868], length 48
18:03:37.090021 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337575:1950337623, ack 1785285919, win 40997, options [nop,nop,TS val 369781268 ecr 93371208], length 48
18:03:37.098951 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285919:1785285967, ack 1950337575, win 41274, options [nop,nop,TS val 93372408 ecr 369780068], length 48
18:03:38.290024 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337623:1950337671, ack 1785285967, win 41079, options [nop,nop,TS val 369782468 ecr 93372408], length 48
18:03:38.299538 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785285967:1785286015, ack 1950337623, win 40972, options [nop,nop,TS val 93373608 ecr 369781268], length 48
18:03:39.490011 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337671:1950337719, ack 1785286015, win 41188, options [nop,nop,TS val 369783668 ecr 93373608], length 48
18:03:39.499130 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286015:1785286063, ack 1950337671, win 41271, options [nop,nop,TS val 93374808 ecr 369782468], length 48
18:03:40.690099 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337719:1950337767, ack 1785286063, win 41280, options [nop,nop,TS val 369784868 ecr 93374808], length 48
18:03:40.699074 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286063:1785286111, ack 1950337719, win 41170, options [nop,nop,TS val 93376008 ecr 369783668], length 48
18:03:41.890033 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337767:1950337815, ack 1785286111, win 41227, options [nop,nop,TS val 369786068 ecr 93376008], length 48
18:03:41.899083 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286111:1785286159, ack 1950337767, win 41184, options [nop,nop,TS val 93377208 ecr 369784868], length 48
18:03:43.090016 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337815:1950337863, ack 1785286159, win 40978, options [nop,nop,TS val 369787268 ecr 93377208], length 48
18:03:43.099062 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286159:1785286207, ack 1950337815, win 41255, options [nop,nop,TS val 93378408 ecr 369786068], length 48
18:03:44.290040 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337863:1950337911, ack 1785286207, win 41466, options [nop,nop,TS val 369788468 ecr 93378408], length 48
18:03:44.299532 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286207:1785286255, ack 1950337863, win 41185, options [nop,nop,TS val 93379608 ecr 369787268], length 48
18:03:45.490040 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337911:1950337959, ack 1785286255, win 40995, options [nop,nop,TS val 369789668 ecr 93379608], length 48
18:03:45.499240 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286255:1785286303, ack 1950337911, win 41197, options [nop,nop,TS val 93380808 ecr 369788468], length 48
18:03:46.690018 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950337959:1950338007, ack 1785286303, win 41321, options [nop,nop,TS val 369790868 ecr 93380808], length 48
18:03:46.699102 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286303:1785286351, ack 1950337959, win 41239, options [nop,nop,TS val 93382008 ecr 369789668], length 48
18:03:47.889958 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338007:1950338055, ack 1785286351, win 41313, options [nop,nop,TS val 369792068 ecr 93382008], length 48
18:03:47.899507 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286351:1785286399, ack 1950338007, win 41393, options [nop,nop,TS val 93383208 ecr 369790868], length 48
18:03:49.089990 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338055:1950338103, ack 1785286399, win 41345, options [nop,nop,TS val 369793268 ecr 93383208], length 48
18:03:49.099360 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286399:1785286447, ack 1950338055, win 41186, options [nop,nop,TS val 93384408 ecr 369792068], length 48
18:03:50.289958 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338103:1950338151, ack 1785286447, win 41445, options [nop,nop,TS val 369794468 ecr 93384408], length 48
18:03:50.299086 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286447:1785286495, ack 1950338103, win 41398, options [nop,nop,TS val 93385608 ecr 369793268], length 48
18:03:51.490008 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338151:1950338199, ack 1785286495, win 41098, options [nop,nop,TS val 369795668 ecr 93385608], length 48
18:03:51.499047 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286495:1785286543, ack 1950338151, win 41336, options [nop,nop,TS val 93386808 ecr 369794468], length 48
18:03:52.690011 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338199:1950338247, ack 1785286543, win 41307, options [nop,nop,TS val 369796868 ecr 93386808], length 48
18:03:52.699250 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286543:1785286591, ack 1950338199, win 41251, options [nop,nop,TS val 93388008 ecr 369795668], length 48
18:03:53.890039 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338247:1950338295, ack 1785286591, win 41307, options [nop,nop,TS val 369798068 ecr 93388008], length 48
18:03:53.899275 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286591:1785286639, ack 1950338247, win 41331, options [nop,nop,TS val 93389208 ecr 369796868], length 48
18:03:55.089982 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338295:1950338343, ack 1785286639, win 41420, options [nop,nop,TS val 369799268 ecr 93389208], length 48
18:03:55.098556 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286639:1785286687, ack 1950338295, win 41136, options [nop,nop,TS val 93390408 ecr 369798068], length 48
18:03:56.289989 IP 44.55.66.77.vultr.com.9966 > 111.222.11.22.54736: Flags [.], seq 1950338343:1950338391, ack 1785286687, win 41259, options [nop,nop,TS val 369800468 ecr 93390408], length 48
18:03:56.298913 IP 111.222.11.22.54736 > 44.55.66.77.vultr.com.9966: Flags [.], seq 1785286687:1785286735, ack 1950338343, win 41376, options [nop,nop,TS val 93391608 ecr 369799268], length 48

server这边,产生了2个syn ack回复,但是后来就只有faketcp在发数据了,dummy socket不动了。

dummy socket刚开始打了一下酱油,回了一个包(长度是0的那个),但是因为faketcp发送数据而dummy socket不发数据的原因,后续client 发来的ack_seq在dummy socket看来是非法的,所以它就不回复了。

不过序号回绕以后,dummy socket可能会再次打一下酱油,然后继续不动。

另外我下载了近5个G的数据测试了一下回绕,回绕不会产生RST。

@wangyu- wangyu- mentioned this issue Jan 31, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wangyu- @mclovin-2k @linhua55 @i258559