Fedora 在这个 TCPdump 中做了什么?

Fedora 在这个 TCPdump 中做了什么?

所以我决定让 tcpdump 监听端口 80,因为我尽可能使用 HTTPS,并且认为那里不应该有任何东西。嗯,有。我可以看到这些连接之一是 OCSP,所以我猜除了它使用 HTTP 之外没有什么可疑之处。但是 Fedora 给这个 Fedora 服务器(代理)打电话的目的是什么呢?我不使用任何代理。第三个连接到 Google IP 地址,我不知道那是什么。我通过官方存储库安装了 Google Chrome,但我几乎从不使用它。

$ sudo tcpdump -vvvnn 'port 80'
dropped privs to tcpdump
tcpdump: listening on enp0s25, link-type EN10MB (Ethernet), snapshot length 262144 bytes
00:23:37.752080 IP (tos 0x0, ttl 64, id 19436, offset 0, flags [DF], proto TCP (6), length 52)
    xxx.xxx.xxx.xxx.59872 > 117.18.237.29.80: Flags [.], cksum 0xf309 (incorrect -> 0x12c9), seq 1284819876, ack 3901196772, win 501, options [nop,nop,TS val 2224927611 ecr 3251634268], length 0
00:23:37.798367 IP (tos 0x0, ttl 57, id 48346, offset 0, flags [none], proto TCP (6), length 52)
    117.18.237.29.80 > xxx.xxx.xxx.xxx.59872: Flags [.], cksum 0xb1e8 (correct), seq 1, ack 1, win 131, options [nop,nop,TS val 3251644514 ecr 2224876999], length 0
00:23:40.526300 IP (tos 0x0, ttl 64, id 19437, offset 0, flags [DF], proto TCP (6), length 52)
    xxx.xxx.xxx.xxx.59872 > 117.18.237.29.80: Flags [F.], cksum 0xf309 (incorrect -> 0xdfe9), seq 1, ack 1, win 501, options [nop,nop,TS val 2224930386 ecr 3251644514], length 0
00:23:40.566806 IP (tos 0x0, ttl 57, id 48909, offset 0, flags [none], proto TCP (6), length 52)
    117.18.237.29.80 > xxx.xxx.xxx.xxx.59872: Flags [F.], cksum 0xd689 (correct), seq 1, ack 2, win 131, options [nop,nop,TS val 3251647283 ecr 2224930386], length 0
00:23:40.566856 IP (tos 0x0, ttl 64, id 19438, offset 0, flags [DF], proto TCP (6), length 52)
    xxx.xxx.xxx.xxx.59872 > 117.18.237.29.80: Flags [.], cksum 0xf309 (incorrect -> 0xd4ef), seq 2, ack 2, win 501, options [nop,nop,TS val 2224930426 ecr 3251647283], length 0
00:24:24.052529 IP6 (flowlabel 0xd3fb6, hlim 64, next-header TCP (6) payload length: 40) xxxx:xxxx:xxxx:xxxx::x.38602 > 2604:1580:fe00:0:dead:beef:cafe:fed1.80: Flags [S], cksum 0x9ea9 (incorrect -> 0x09df), seq 837969268, win 64800, options [mss 1440,sackOK,TS val 3613564085 ecr 0,nop,wscale 7], length 0
00:24:24.281018 IP6 (flowlabel 0x01ae1, hlim 51, next-header TCP (6) payload length: 40) 2604:1580:fe00:0:dead:beef:cafe:fed1.80 > xxxx:xxxx:xxxx:xxxx::x.38602: Flags [S.], cksum 0xc901 (correct), seq 3862673729, ack 837969269, win 64260, options [mss 1440,sackOK,TS val 3651717569 ecr 3613564085,nop,wscale 7], length 0
00:24:24.281114 IP6 (flowlabel 0xd3fb6, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.38602 > 2604:1580:fe00:0:dead:beef:cafe:fed1.80: Flags [.], cksum 0x9ea1 (incorrect -> 0xefde), seq 1, ack 1, win 507, options [nop,nop,TS val 3613564314 ecr 3651717569], length 0
00:24:24.281266 IP6 (flowlabel 0xd3fb6, hlim 64, next-header TCP (6) payload length: 125) xxxx:xxxx:xxxx:xxxx::x.38602 > 2604:1580:fe00:0:dead:beef:cafe:fed1.80: Flags [P.], cksum 0x9efe (incorrect -> 0x3f72), seq 1:94, ack 1, win 507, options [nop,nop,TS val 3613564314 ecr 3651717569], length 93: HTTP, length: 93
        GET /static/hotspot.txt HTTP/1.1
        Host: fedoraproject.org
        Accept: */*
        Connection: close

00:24:24.503175 IP6 (flowlabel 0x01ae1, hlim 51, next-header TCP (6) payload length: 32) 2604:1580:fe00:0:dead:beef:cafe:fed1.80 > xxxx:xxxx:xxxx:xxxx::x.38602: Flags [.], cksum 0xeea8 (correct), seq 1, ack 94, win 502, options [nop,nop,TS val 3651717791 ecr 3613564314], length 0
00:24:24.503971 IP6 (flowlabel 0x01ae1, hlim 51, next-header TCP (6) payload length: 446) 2604:1580:fe00:0:dead:beef:cafe:fed1.80 > xxxx:xxxx:xxxx:xxxx::x.38602: Flags [P.], cksum 0x2960 (correct), seq 1:415, ack 94, win 502, options [nop,nop,TS val 3651717792 ecr 3613564314], length 414: HTTP, length: 414
        HTTP/1.1 200 OK
        Date: Thu, 18 Feb 2021 16:24:24 GMT
        Server: Apache
        Upgrade: h2
        Connection: Upgrade, close
        Last-Modified: Wed, 08 Jan 2020 00:05:02 GMT
        Accept-Ranges: bytes
        Content-Length: 2
        Cache-Control: must-revalidate
        Expires: Thu, 18 Feb 2021 16:24:24 GMT
        AppTime: D=283
        X-Fedora-ProxyServer: proxy11.fedoraproject.org
        X-Fedora-RequestID: YC6UuEDJFAFz3TTTp0GrxQAAAI0
        Content-Type: text/plain

        OK [|http]
00:24:24.504065 IP6 (flowlabel 0xd3fb6, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.38602 > 2604:1580:fe00:0:dead:beef:cafe:fed1.80: Flags [.], cksum 0x9ea1 (incorrect -> 0xec29), seq 94, ack 415, win 504, options [nop,nop,TS val 3613564536 ecr 3651717792], length 0
00:24:24.504110 IP6 (flowlabel 0x01ae1, hlim 51, next-header TCP (6) payload length: 32) 2604:1580:fe00:0:dead:beef:cafe:fed1.80 > xxxx:xxxx:xxxx:xxxx::x.38602: Flags [F.], cksum 0xed08 (correct), seq 415, ack 94, win 502, options [nop,nop,TS val 3651717792 ecr 3613564314], length 0
00:24:24.504326 IP6 (flowlabel 0xd3fb6, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.38602 > 2604:1580:fe00:0:dead:beef:cafe:fed1.80: Flags [F.], cksum 0x9ea1 (incorrect -> 0xec26), seq 94, ack 416, win 504, options [nop,nop,TS val 3613564537 ecr 3651717792], length 0
00:24:24.726701 IP6 (flowlabel 0x01ae1, hlim 51, next-header TCP (6) payload length: 32) 2604:1580:fe00:0:dead:beef:cafe:fed1.80 > xxxx:xxxx:xxxx:xxxx::x.38602: Flags [.], cksum 0xeb4a (correct), seq 416, ack 95, win 502, options [nop,nop,TS val 3651718014 ecr 3613564537], length 0

...

00:50:25.432190 IP6 (flowlabel 0x7719f, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60920 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0xa666), seq 384, ack 703, win 502, options [nop,nop,TS val 1999913169 ecr 483576757], length 0
00:50:25.470489 IP6 (flowlabel 0x8ae63, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60920: Flags [.], cksum 0x371f (correct), seq 703, ack 385, win 261, options [nop,nop,TS val 483586996 ecr 1999800587], length 0
00:50:25.944081 IP6 (flowlabel 0xaf031, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60930 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0x67a2), seq 383, ack 702, win 502, options [nop,nop,TS val 1999913680 ecr 1874946443], length 0
00:50:25.944100 IP6 (flowlabel 0xfdee8, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60932 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0x3f2f), seq 383, ack 702, win 502, options [nop,nop,TS val 1999913681 ecr 3369118020], length 0
00:50:25.944111 IP6 (flowlabel 0x34f7c, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60934 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0x16f5), seq 383, ack 702, win 502, options [nop,nop,TS val 1999913681 ecr 1571835192], length 0
00:50:25.981152 IP6 (flowlabel 0xa9a77, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60932: Flags [.], cksum 0xd071 (correct), seq 702, ack 384, win 261, options [nop,nop,TS val 3369128259 ecr 1999800961], length 0
00:50:25.981153 IP6 (flowlabel 0xb79e6, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60930: Flags [.], cksum 0xf8e3 (correct), seq 702, ack 384, win 261, options [nop,nop,TS val 1874956682 ecr 1999800961], length 0
00:50:25.983644 IP6 (flowlabel 0xe9721, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60934: Flags [.], cksum 0xa83b (correct), seq 702, ack 384, win 261, options [nop,nop,TS val 1571845433 ecr 1999800955], length 0
00:50:27.852620 IP6 (flowlabel 0x7719f, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60920 > 2404:6800:4005:811::2003.80: Flags [F.], cksum 0xf1cb (incorrect -> 0x74f1), seq 385, ack 703, win 502, options [nop,nop,TS val 1999915589 ecr 483586996], length 0
00:50:27.896715 IP6 (flowlabel 0x8ae63, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60920: Flags [F.], cksum 0x6c67 (correct), seq 703, ack 386, win 261, options [nop,nop,TS val 483589422 ecr 1999915589], length 0
00:50:27.896846 IP6 (flowlabel 0x7719f, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60920 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0x6b4a), seq 386, ack 704, win 502, options [nop,nop,TS val 1999915633 ecr 483589422], length 0
00:50:28.853363 IP6 (flowlabel 0x34f7c, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60934 > 2404:6800:4005:811::2003.80: Flags [F.], cksum 0xf1cb (incorrect -> 0xe394), seq 384, ack 702, win 502, options [nop,nop,TS val 1999916590 ecr 1571845433], length 0
00:50:28.853424 IP6 (flowlabel 0xfdee8, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60932 > 2404:6800:4005:811::2003.80: Flags [F.], cksum 0xf1cb (incorrect -> 0x0bd1), seq 384, ack 702, win 502, options [nop,nop,TS val 1999916590 ecr 3369128259], length 0
00:50:28.853447 IP6 (flowlabel 0xaf031, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60930 > 2404:6800:4005:811::2003.80: Flags [F.], cksum 0xf1cb (incorrect -> 0x3443), seq 384, ack 702, win 502, options [nop,nop,TS val 1999916590 ecr 1874956682], length 0
00:50:28.904019 IP6 (flowlabel 0xe9721, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60934: Flags [F.], cksum 0xd91c (correct), seq 702, ack 385, win 261, options [nop,nop,TS val 1571848353 ecr 1999916590], length 0
00:50:28.904021 IP6 (flowlabel 0xa9a77, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60932: Flags [F.], cksum 0x0157 (correct), seq 702, ack 385, win 261, options [nop,nop,TS val 3369131181 ecr 1999916590], length 0
00:50:28.904133 IP6 (flowlabel 0x34f7c, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60934 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0xd7f8), seq 385, ack 703, win 502, options [nop,nop,TS val 1999916641 ecr 1571848353], length 0
00:50:28.904170 IP6 (flowlabel 0xfdee8, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60932 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0x0033), seq 385, ack 703, win 502, options [nop,nop,TS val 1999916641 ecr 3369131181], length 0
00:50:28.904201 IP6 (flowlabel 0xb79e6, hlim 58, next-header TCP (6) payload length: 32) 2404:6800:4005:811::2003.80 > xxxx:xxxx:xxxx:xxxx::x.60930: Flags [F.], cksum 0x29c9 (correct), seq 702, ack 385, win 261, options [nop,nop,TS val 1874959604 ecr 1999916590], length 0
00:50:28.904230 IP6 (flowlabel 0xaf031, hlim 64, next-header TCP (6) payload length: 32) xxxx:xxxx:xxxx:xxxx::x.60930 > 2404:6800:4005:811::2003.80: Flags [.], cksum 0xf1cb (incorrect -> 0x28a5), seq 385, ack 703, win 502, options [nop,nop,TS val 1999916641 ecr 1874959604], length 0

答案1

https://lwn.net/Articles/776809/

NM 使用它来检查网络连接。

几乎所有现代操作系统都以这种或另一种方式做到这一点。

相关内容