tcpdump 连接重试分析

tcpdump 连接重试分析

有人能看一下这个 tcpdump 并告诉我问题出在我的客户端、服务器还是连接上吗?6服务器未响应的连接尝试:

07:17:01.493983 IP clientIP.20482 > serverIP: Flags [S], seq 221084411, win 5840, options [mss 1460,sackOK,TS val 193965 ecr 0,nop,wscale 1], length 0
07:17:04.491104 IP clientIP.20482 > serverIP: Flags [S], seq 221084411, win 5840, options [mss 1460,sackOK,TS val 194265 ecr 0,nop,wscale 1], length 0
07:17:10.490685 IP clientIP.20482 > serverIP: Flags [S], seq 221084411, win 5840, options [mss 1460,sackOK,TS val 194865 ecr 0,nop,wscale 1], length 0
07:17:21.691846 IP clientIP.46417 > serverIP: Flags [S], seq 546275412, win 5840, options [mss 1460,sackOK,TS val 195985 ecr 0,nop,wscale 1], length 0
07:17:24.692264 IP clientIP.46417 > serverIP: Flags [S], seq 546275412, win 5840, options [mss 1460,sackOK,TS val 196285 ecr 0,nop,wscale 1], length 0
07:17:30.691750 IP clientIP.46417 > serverIP: Flags [S], seq 546275412, win 5840, options [mss 1460,sackOK,TS val 196885 ecr 0,nop,wscale 1], length 0
07:17:42.023667 IP clientIP.43470 > serverIP: Flags [S], seq 856560235, win 5840, options [mss 1460,sackOK,TS val 198018 ecr 0,nop,wscale 1], length 0
07:17:42.023714 IP serverIP > clientIP.43470: Flags [S.], seq 1105326492, ack 856560236, win 14480, options [mss 1460,sackOK,TS val 1184649594 ecr 198018,nop,wscale 7], length 0
07:17:42.199740 IP clientIP.43470 > serverIP: Flags [.], ack 1, win 2920, options [nop,nop,TS val 198036 ecr 1184649594], length 0
07:17:42.458127 IP clientIP.43470 > serverIP: Flags [P.], seq 1:171, ack 1, win 2920, options [nop,nop,TS val 198061 ecr 1184649594], length 170
07:17:42.458156 IP serverIP > clientIP.43470: Flags [.], ack 171, win 122, options [nop,nop,TS val 1184650028 ecr 198061], length 0
07:17:42.468977 IP serverIP > clientIP.43470: Flags [P.], seq 1:365, ack 171, win 122, options [nop,nop,TS val 1184650039 ecr 198061], length 364
07:17:42.470211 IP serverIP > clientIP.43470: Flags [F.], seq 365, ack 171, win 122, options [nop,nop,TS val 1184650040 ecr 198061], length 0
07:17:42.649652 IP clientIP.43470 > serverIP: Flags [.], ack 365, win 3456, options [nop,nop,TS val 198081 ecr 1184650039], length 0
07:17:42.689039 IP clientIP.43470 > serverIP: Flags [.], ack 366, win 3456, options [nop,nop,TS val 198085 ecr 1184650040], length 0
07:17:42.813097 IP clientIP.43470 > serverIP: Flags [F.], seq 171, ack 366, win 3456, options [nop,nop,TS val 198097 ecr 1184650040], length 0
07:17:42.813114 IP serverIP > clientIP.43470: Flags [.], ack 172, win 122, options [nop,nop,TS val 1184650383 ecr 198097], length 0

答案1

在不知道您服务器上 TCP 套接字状态的任何信息的情况下,我只能说这看起来像是服务器端问题。客户端尝试使用两个单独的套接字连接到您的服务器,并且只有在第三次连接尝试时,服务器才正确响应 SYN/ACK。

现在完全有可能,两次初始连接尝试在某种程度上是无效的,而 TCP 堆栈正确地忽略了它们。也有可能服务器只是无法接受新的连接尝试 - 可能与负载有关、iptables 规则、sysctl 变量或其他速率限制功能。

因此,虽然我可以说这是服务器的错,因为没有完成 TCP 握手,但是,除非您提供更多有关所涉及系统状态的信息,否则我无法判断这是一个实际问题还是其他配置或系统条件的特征。

相关内容