识别切断特定端口的路由器

Question 1

您可能可以用它tcptraceroute来查看它被阻止的地方：

$ sudo tcptraceroute ruminant.bitfolk.com 22
Selected device eth0, address 192.168.0.8, port 49071 for outgoing packets
Tracing the path to ruminant.bitfolk.com (85.119.82.121) on TCP port 22 (ssh), 30 hops max
 1  192.168.0.7  0.978 ms  0.556 ms  0.697 ms
 2  192.168.1.1  1.587 ms  1.667 ms  1.681 ms
 3  no-dns-yet-62-3-84-19.zen.co.uk (62.3.84.19)  27.635 ms  26.925 ms  27.658 ms
 4  ge-2-1-0-121.cr2.th-lon.zen.net.uk (62.3.84.213)  28.592 ms  27.971 ms  27.649 ms
 5  linx-gw-a.jump.net.uk (195.66.224.34)  28.614 ms  29.028 ms  63.603 ms
 6  president.bitfolk.com (85.119.80.16)  28.606 ms  28.039 ms  28.657 ms
 7  ruminant.bitfolk.com (85.119.82.121) [open]  28.594 ms  29.030 ms  28.671 ms

Answer

您可能可以用它tcptraceroute来查看它被阻止的地方：

$ sudo tcptraceroute ruminant.bitfolk.com 22
Selected device eth0, address 192.168.0.8, port 49071 for outgoing packets
Tracing the path to ruminant.bitfolk.com (85.119.82.121) on TCP port 22 (ssh), 30 hops max
 1  192.168.0.7  0.978 ms  0.556 ms  0.697 ms
 2  192.168.1.1  1.587 ms  1.667 ms  1.681 ms
 3  no-dns-yet-62-3-84-19.zen.co.uk (62.3.84.19)  27.635 ms  26.925 ms  27.658 ms
 4  ge-2-1-0-121.cr2.th-lon.zen.net.uk (62.3.84.213)  28.592 ms  27.971 ms  27.649 ms
 5  linx-gw-a.jump.net.uk (195.66.224.34)  28.614 ms  29.028 ms  63.603 ms
 6  president.bitfolk.com (85.119.80.16)  28.606 ms  28.039 ms  28.657 ms
 7  ruminant.bitfolk.com (85.119.82.121) [open]  28.594 ms  29.030 ms  28.671 ms

Question 2

除了现有的答案之外，您还可以使用traceroute带有-P和-p标志的标准命令。此选项需要 root 权限。

实际上，在使用tcpdump来确认这一点时，似乎您实际上必须使用-T而不是-P tcp。我-P 6也尝试了但这并没有导致traceroute使用 TCP。 -M tcp确实有效。

$ sudo traceroute -T -p 22 79.125.0.4
traceroute to 79.125.0.4 (79.125.0.4), 30 hops max, 60 byte packets
 1  rbx-5-m1.fr.eu (91.121.21.253)  0.708 ms  0.690 ms  0.583 ms
 2  rbx-1-6k.fr.eu (213.251.191.1)  0.951 ms *  0.765 ms
 3  rbx-g1-a9.fr.eu (94.23.122.106)  1.325 ms  1.485 ms  1.047 ms
 4  * * *
 5  195.66.237.175 (195.66.237.175)  5.894 ms  6.812 ms  4.083 ms
 6  178.236.3.57 (178.236.3.57)  16.493 ms  16.813 ms  16.393 ms
 7  178.236.3.155 (178.236.3.155)  16.600 ms  16.479 ms  16.422 ms
 8  178.236.0.75 (178.236.0.75)  16.337 ms  16.384 ms  16.333 ms
 9  178.236.0.58 (178.236.0.58)  17.786 ms  16.171 ms  16.957 ms
10  ec2-79-125-0-4.eu-west-1.compute.amazonaws.com (79.125.0.4)  18.493 ms  18.672 ms  18.244 ms
11  * * *
12  * * *
13  * * *

Answer

除了现有的答案之外，您还可以使用traceroute带有-P和-p标志的标准命令。此选项需要 root 权限。

实际上，在使用tcpdump来确认这一点时，似乎您实际上必须使用-T而不是-P tcp。我-P 6也尝试了但这并没有导致traceroute使用 TCP。 -M tcp确实有效。

$ sudo traceroute -T -p 22 79.125.0.4
traceroute to 79.125.0.4 (79.125.0.4), 30 hops max, 60 byte packets
 1  rbx-5-m1.fr.eu (91.121.21.253)  0.708 ms  0.690 ms  0.583 ms
 2  rbx-1-6k.fr.eu (213.251.191.1)  0.951 ms *  0.765 ms
 3  rbx-g1-a9.fr.eu (94.23.122.106)  1.325 ms  1.485 ms  1.047 ms
 4  * * *
 5  195.66.237.175 (195.66.237.175)  5.894 ms  6.812 ms  4.083 ms
 6  178.236.3.57 (178.236.3.57)  16.493 ms  16.813 ms  16.393 ms
 7  178.236.3.155 (178.236.3.155)  16.600 ms  16.479 ms  16.422 ms
 8  178.236.0.75 (178.236.0.75)  16.337 ms  16.384 ms  16.333 ms
 9  178.236.0.58 (178.236.0.58)  17.786 ms  16.171 ms  16.957 ms
10  ec2-79-125-0-4.eu-west-1.compute.amazonaws.com (79.125.0.4)  18.493 ms  18.672 ms  18.244 ms
11  * * *
12  * * *
13  * * *

Question 3

您应该lft在 linux 或 cygwin 中使用。 lft将在特定的 TCP 或 UDP 端口上进行跟踪路由

tee@tee:~$ sudo lft -T 4.2.2.2:22

Tracing _______________________________________________

LFT can't seem to round-trip.  Local packet filter in the way?

TTL  LFT trace to vnsc-bak.sys.gtei.net (4.2.2.2):22/tcp
 1   49.109.61.1 0.4ms
 2   49.109.62.109 0.3ms
**   [neglected] no reply packets received from TTL 3
 4   te0-1-0-7.ccr22.dfw01.atlas.cogentco.com (154.54.0.121) 0.7ms
 5   te0-0-0-0.ccr21.dfw01.atlas.cogentco.com (154.54.46.165) 0.7ms
**   [neglected] no reply packets received from TTL 6
 7   te-3-2.car3.Dallas1.Level3.net (4.68.110.109) 0.9ms
 8   ae-41-90.car1.Dallas1.Level3.net (4.69.145.195) 1.0ms
**   [22/tcp failed]  Try alternate options or use -V to see packets.

LFT's trace took 6.33 seconds.  Resolution required 0.05 seconds.

tee@tee:~$

Answer

您应该lft在 linux 或 cygwin 中使用。 lft将在特定的 TCP 或 UDP 端口上进行跟踪路由

tee@tee:~$ sudo lft -T 4.2.2.2:22

Tracing _______________________________________________

LFT can't seem to round-trip.  Local packet filter in the way?

TTL  LFT trace to vnsc-bak.sys.gtei.net (4.2.2.2):22/tcp
 1   49.109.61.1 0.4ms
 2   49.109.62.109 0.3ms
**   [neglected] no reply packets received from TTL 3
 4   te0-1-0-7.ccr22.dfw01.atlas.cogentco.com (154.54.0.121) 0.7ms
 5   te0-0-0-0.ccr21.dfw01.atlas.cogentco.com (154.54.46.165) 0.7ms
**   [neglected] no reply packets received from TTL 6
 7   te-3-2.car3.Dallas1.Level3.net (4.68.110.109) 0.9ms
 8   ae-41-90.car1.Dallas1.Level3.net (4.69.145.195) 1.0ms
**   [22/tcp failed]  Try alternate options or use -V to see packets.

LFT's trace took 6.33 seconds.  Resolution required 0.05 seconds.

tee@tee:~$

识别切断特定端口的路由器

答案1

答案2

答案3

相关内容