如果Tcp的连接目标不存在

words: 941    views:    time: 5min
网络协议
tcp

家用路由器

现在的家用路由器一般都已经集成了NAT路由、交换机和WFI接入等功能,可简单如图所示

一般可以直接登录网关http://192.168.1 进行配置查询和修改

IP在局域网内

如果IP属于当前子网,但是不存在,那么连接会卡在ARP流程,找不到目标主机,无法拼凑MAC报头,也就发不出SYN数据包。至于一直重试ARP,是由于TCP本身的可靠性机制

sudo tcpdump host 192.168.1.128
1
2
3
4
5
6
7
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
07:58:54.830853 ARP, Request who-has 192.168.1.128 tell 192.168.1.16, length 28
07:58:55.831918 ARP, Request who-has 192.168.1.128 tell 192.168.1.16, length 28
07:58:56.832754 ARP, Request who-has 192.168.1.128 tell 192.168.1.16, length 28
07:58:57.833841 ARP, Request who-has 192.168.1.128 tell 192.168.1.16, length 28

IP在局域网外

如果IP不属于当前子网,那么能发出第一次SYN,从网关出去,但是会一直失败,直到放弃

sudo tcpdump host 100.108.149.128
1
2
3
4
5
6
7
8
9
10
11
12
13
14
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
08:13:28.660606 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553345619 ecr 0,sackOK,eol], length 0
08:13:29.660444 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553346619 ecr 0,sackOK,eol], length 0
08:13:30.660923 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553347620 ecr 0,sackOK,eol], length 0
08:13:31.660896 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553348620 ecr 0,sackOK,eol], length 0
08:13:32.661747 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553349621 ecr 0,sackOK,eol], length 0
08:13:33.662785 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553350622 ecr 0,sackOK,eol], length 0
08:13:35.664588 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553352623 ecr 0,sackOK,eol], length 0
08:13:39.665025 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553356624 ecr 0,sackOK,eol], length 0
08:13:47.666382 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553364625 ecr 0,sackOK,eol], length 0
08:14:03.666994 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2553380626 ecr 0,sackOK,eol], length 0
08:14:35.666851 IP 192.168.1.16.53461 > 100.108.149.128.yo-main: Flags [S], seq 2297239020, win 65535, options [mss 1460,sackOK,eol], length 0

端口不存在

如果端口不存在,对方收到连接数据包会返回RST,强制关闭连接,提示Connection refused

tcpdump host 192.168.1.12
1
2
3
4
5
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
08:35:59.693090 IP 192.168.1.16.53843 > 192.168.1.12.http-alt: Flags [S], seq 1159496581, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 925681565 ecr 0,sackOK,eol], length 0
08:35:59.739797 IP 192.168.1.12.http-alt > 192.168.1.16.53843: Flags [R.], seq 0, ack 1159496582, win 0, length 0

不一定总会收到RST回应,对于线上生产环境的服务器,一般都会设置防火墙,只开放指定的端口,如果访问未开放的端口,消息会直接被拒绝,根本到不了目标机器的协议栈,也就不会回复RST了


参考: