我想帮助我爸爸调试一个有一点不寻常问题的本地网络。
有无线网络,7 台 PC 连接到一个路由器,还有 3 部智能手机,用于获取基本日志、统计数据等。
当某台电脑根据其 MAC 地址被列入网络黑名单时,它运行正常,但当该电脑被允许连接时,网络就会变得很慢。加载网站需要很长时间,但当浏览器开始显示内容时,速度会变快,或者 YouTube 加载需要 8 秒,但之后就没问题了。
看起来像是 DNS 问题(但我不是专家)。我能想到几个选项:
- 网卡与路由器通信时出现固件问题
- PC 有恶意软件,例如向多个 IP 发送垃圾邮件,堵塞 DNS
- 某PC用户滥用网络,进行大量P2P等活动。
我认为第一种选择最有可能。还有其他想法吗?我该如何实施它们?
编辑:
我使用 wireshark 跟踪 Firefox 获取 yahoo.com 时的数据包。下载该网站需要 18 秒以上
No. Time Source Destination Protocol Length Info
1 0.000000 10.0.0.10 10.0.0.1 TCP 54 58144 > icslap [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 1: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 10.0.0.1 (10.0.0.1)
Transmission Control Protocol, Src Port: 58144 (58144), Dst Port: icslap (2869), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
2 0.062407 10.0.0.10 10.0.0.1 TCP 54 58146 > icslap [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 2: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 10.0.0.1 (10.0.0.1)
Transmission Control Protocol, Src Port: 58146 (58146), Dst Port: icslap (2869), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
3 2.548452 10.0.0.10 myISPDNS DNS 69 Standard query A yahoo.com
Frame 3: 69 bytes on wire (552 bits), 69 bytes captured (552 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
No. Time Source Destination Protocol Length Info
4 2.743118 209.85.148.18 10.0.0.10 TLSv1 106 Application Data
Frame 4: 106 bytes on wire (848 bits), 106 bytes captured (848 bits)
Ethernet II, Src: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3), Dst: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a)
Internet Protocol Version 4, Src: 209.85.148.18 (209.85.148.18), Dst: 10.0.0.10 (10.0.0.10)
Transmission Control Protocol, Src Port: https (443), Dst Port: 58034 (58034), Seq: 1, Ack: 1, Len: 52
Secure Sockets Layer
No. Time Source Destination Protocol Length Info
5 2.824148 fe80::18f6:e2b8:a0d3:16f2 ff02::c SSDP 208 M-SEARCH * HTTP/1.1
Frame 5: 208 bytes on wire (1664 bits), 208 bytes captured (1664 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: IPv6mcast_00:00:00:0c (33:33:00:00:00:0c)
Internet Protocol Version 6, Src: fe80::18f6:e2b8:a0d3:16f2 (fe80::18f6:e2b8:a0d3:16f2), Dst: ff02::c (ff02::c)
User Datagram Protocol, Src Port: 62835 (62835), Dst Port: ssdp (1900)
Hypertext Transfer Protocol
No. Time Source Destination Protocol Length Info
6 2.963981 10.0.0.10 209.85.148.18 TCP 54 58034 > https [ACK] Seq=1 Ack=53 Win=3965 Len=0
Frame 6: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 209.85.148.18 (209.85.148.18)
Transmission Control Protocol, Src Port: 58034 (58034), Dst Port: https (443), Seq: 1, Ack: 53, Len: 0
No. Time Source Destination Protocol Length Info
7 3.556860 10.0.0.10 8.8.8.8 DNS 69 Standard query A yahoo.com
Frame 7: 69 bytes on wire (552 bits), 69 bytes captured (552 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 8.8.8.8 (8.8.8.8)
User Datagram Protocol, Src Port: 53037 (53037), Dst Port: domain (53)
Domain Name System (query)
No. Time Source Destination Protocol Length Info
8 4.071413 10.0.0.10 10.0.0.1 TCP 54 58147 > icslap [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 8: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 10.0.0.1 (10.0.0.1)
Transmission Control Protocol, Src Port: 58147 (58147), Dst Port: icslap (2869), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
9 4.149439 10.0.0.10 10.0.0.1 TCP 54 58149 > icslap [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
Frame 9: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 10.0.0.1 (10.0.0.1)
Transmission Control Protocol, Src Port: 58149 (58149), Dst Port: icslap (2869), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
10 4.570823 10.0.0.10 194.204.159.1 DNS 69 Standard query A yahoo.com
Frame 10: 69 bytes on wire (552 bits), 69 bytes captured (552 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 194.204.159.1 (194.204.159.1)
User Datagram Protocol, Src Port: 53037 (53037), Dst Port: domain (53)
Domain Name System (query)
No. Time Source Destination Protocol Length Info
11 4.600193 194.204.159.1 10.0.0.10 DNS 371 Standard query response A 72.30.2.43 A 98.137.149.56 A 98.139.180.149 A 209.191.122.70
Frame 11: 371 bytes on wire (2968 bits), 371 bytes captured (2968 bits)
Ethernet II, Src: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3), Dst: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a)
Internet Protocol Version 4, Src: 194.204.159.1 (194.204.159.1), Dst: 10.0.0.10 (10.0.0.10)
User Datagram Protocol, Src Port: domain (53), Dst Port: 53037 (53037)
Domain Name System (response)
No. Time Source Destination Protocol Length Info
12 4.602029 10.0.0.10 72.30.2.43 TCP 66 58150 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 72.30.2.43 (72.30.2.43)
Transmission Control Protocol, Src Port: 58150 (58150), Dst Port: http (80), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
13 4.602617 10.0.0.10 72.30.2.43 TCP 66 58151 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 13: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 72.30.2.43 (72.30.2.43)
Transmission Control Protocol, Src Port: 58151 (58151), Dst Port: http (80), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
14 5.834617 fe80::18f6:e2b8:a0d3:16f2 ff02::c SSDP 208 M-SEARCH * HTTP/1.1
Frame 14: 208 bytes on wire (1664 bits), 208 bytes captured (1664 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: IPv6mcast_00:00:00:0c (33:33:00:00:00:0c)
Internet Protocol Version 6, Src: fe80::18f6:e2b8:a0d3:16f2 (fe80::18f6:e2b8:a0d3:16f2), Dst: ff02::c (ff02::c)
User Datagram Protocol, Src Port: 62835 (62835), Dst Port: ssdp (1900)
Hypertext Transfer Protocol
No. Time Source Destination Protocol Length Info
15 7.612683 10.0.0.10 72.30.2.43 TCP 66 58150 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 15: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 72.30.2.43 (72.30.2.43)
Transmission Control Protocol, Src Port: 58150 (58150), Dst Port: http (80), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
16 7.612978 10.0.0.10 72.30.2.43 TCP 66 58151 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
Frame 16: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 72.30.2.43 (72.30.2.43)
Transmission Control Protocol, Src Port: 58151 (58151), Dst Port: http (80), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
17 7.817470 72.30.2.43 10.0.0.10 TCP 66 http > 58150 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1440 SACK_PERM=1 WS=256
Frame 17: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3), Dst: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a)
Internet Protocol Version 4, Src: 72.30.2.43 (72.30.2.43), Dst: 10.0.0.10 (10.0.0.10)
Transmission Control Protocol, Src Port: http (80), Dst Port: 58150 (58150), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
18 7.817612 10.0.0.10 72.30.2.43 TCP 54 58150 > http [ACK] Seq=1 Ack=1 Win=17280 Len=0
Frame 18: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 72.30.2.43 (72.30.2.43)
Transmission Control Protocol, Src Port: 58150 (58150), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
19 7.818038 10.0.0.10 72.30.2.43 HTTP 417 GET / HTTP/1.1
Frame 19: 417 bytes on wire (3336 bits), 417 bytes captured (3336 bits)
Ethernet II, Src: IntelCor_1a:d1:9a (74:e5:0b:1a:d1:9a), Dst: Cisco-Li_b1:26:f3 (00:14:bf:b1:26:f3)
Internet Protocol Version 4, Src: 10.0.0.10 (10.0.0.10), Dst: 72.30.2.43 (72.30.2.43)
Transmission Control Protocol, Src Port: 58150 (58150), Dst Port: http (80), Seq: 1, Ack: 1, Len: 363
Hypertext Transfer Protocol
No. Time Source Destination Protocol Length Info
20 7.819959 72.30.2.43 10.0.0.10 TCP 66 http > 58151 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1440 SACK_PERM=1 WS=256
Frame 20: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
我也无法追踪任何东西。
现在我不认为这是 DNS。IP 冲突,一个网络中有 2 个 DHCP?
基础设施如下:
我的电脑 <-- 本地 WIFI G cat。--> 路由器 <-- LAN --> 路由器 <-- WIFI G cat。临时连接(我猜)--> 路由器 <-- LAN --> ISP 路由器
基本上,有 2 个逻辑网络,一个在我家内部,另一个是我通向其他建筑物的软管。
编辑2
我把范围缩小到了这种情况:
当 TP 链路连接到与 ISP 调制解调器相连的 Airlink 时,一切都会变得很慢,它每秒发送数百帧(但不知道里面是什么)。我甚至无法更改 Airlink 中的配置 - 这需要很长时间。这似乎是 2 个固件冲突。
编辑3
我封禁了惹是生非者的 MAC,所以现在我是唯一活跃的 IP。我重启了 AP 和路由器,几分钟后一切正常,但我注意到速度仍然很慢。我做了速度测试,显示下载速度为 4MB(应该是 8MB),最高速度为 900Kb(应该是 2M),ping 速度显示为 -7ms。
当我 ping 我的 AP(WL-5460AP v2)时,一切正常(ping 4ms),但当我 ping 我的路由器时,请求超时。两者都是 Airlink,AP 通过 LAN 电缆直接连接到路由器,路由器连接到 ISP 调制解调器。
AP 日志:
0day 03:15:27 (none) kern.warn klogd: wlan0: A wireless client (troublemaker MAC) was rejected due to access control for 243 times in 5 minutes.
它正在尝试连接,这会降低网络速度吗?
答案1
为了在数据链路层、网络层和传输层进行故障排除,请安装嗅探器,例如wireshark。使用嗅探器,您可以监视流量并检查来自或发送到问题 PC 的所有内容。
嗅探器以混杂模式运行网卡,捕获未发送到运行嗅探器的计算机的数据包,从而可以在网络上的任何计算机上运行嗅探器。有一件事可能会阻止其他计算机读取问题 PC 发送或接收的无线数据包,那就是在 WPA 和 WPA2 下,加密密钥对于无线会话是唯一的;每个客户端都有自己的密钥,并且每次客户端连接到无线网络时密钥都会更改。