CentOS6下一次网络ping包没回应的故障分析

234123

1）现象描述
  今天有同事访问，他在用vmware workstation做测试的时候，使用nat模式，在家里能够ping通www.baidu.com,但是在公司怎么ping都不通，但是访问内网和网关都正常。并且测试机的selinux和iptables都是已经关闭。

2）处理过程
a、测试到内网其它主机

1 2 3 4 5 6 7 8 9 10 11

[iyunv@mysql-master ~]# ping -c 5 10.10.10.1 PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data. 64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.440 ms 64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.968 ms 64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=3.39 ms 64 bytes from 10.10.10.1: icmp_seq=4 ttl=64 time=4.77 ms 64 bytes from 10.10.10.1: icmp_seq=5 ttl=64 time=1.55 ms --- 10.10.10.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 0.440/2.226/4.777/1.618 ms 说明：到内网其它主机，正常

b、测试到网关

1 2 3 4 5 6 7 8

[iyunv@mysql-master ~]# ping -c 5 10.10.10.2 PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data. 64 bytes from 10.10.10.2: icmp_seq=1 ttl=128 time=1.15 ms 64 bytes from 10.10.10.2: icmp_seq=2 ttl=128 time=2.21 ms 64 bytes from 10.10.10.2: icmp_seq=3 ttl=128 time=0.252 ms 64 bytes from 10.10.10.2: icmp_seq=4 ttl=128 time=0.209 ms 64 bytes from 10.10.10.2: icmp_seq=5 ttl=12 说明：到网关正常

c、测试到baidu.com的连通性

1 2 3 4 5

[iyunv@mysql-master ~]# ping -c 5 www.baidu.com PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. --- www.a.shifen.com ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 13999ms 说明：发现包完全丢失，但是dns能够解析到ip地址，对网络是不是有限制产生了怀疑？

d、检测dns的解析

1 2 3 4 5 6 7 8 9 10

[iyunv@mysql-master ~]# nslookup www.baidu.com Server:10.10.10.2 Address:10.10.10.2#53 Non-authoritative answer: www.baidu.comcanonical name = www.a.shifen.com. Name:www.a.shifen.com Address: 61.135.169.125 Name:www.a.shifen.com Address: 61.135.169.121 说明：DNS解析正常

e、测试网络是否真的连通（wget以及nmap）

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

[iyunv@mysql-master ~]# mkdir -p /packet [iyunv@mysql-master ~]# cd /packet/ [iyunv@mysql-master packet]# wget www.baidu.com --2016-10-19 06:01:48--  http://www.baidu.com/ 正在解析主机 www.baidu.com... 61.135.169.125, 61.135.169.121 正在连接 www.baidu.com|61.135.169.125|:80... 已连接。 已发出 HTTP 请求，正在等待回应... 200 OK 长度：2381 (2.3K) [text/html] 正在保存至: “index.html” 100%[==================================================================================>] 2,381       --.-K/s   in 0s       2016-10-19 06:01:48 (128 MB/s) - 已保存 “index.html” [2381/2381]) [iyunv@mysql-master packet]# echo $? 0 测试表明wget是正常的，能够正常下载 [iyunv@mysql-master packet]# nmap www.baidu.com Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-19 06:02 CST Nmap scan report for www.baidu.com (61.135.169.125) Host is up (0.036s latency). Other addresses for www.baidu.com (not scanned): 61.135.169.121 Not shown: 998 filtered ports PORT    STATE SERVICE 80/tcp  open  http 443/tcp open  https Nmap done: 1 IP address (1 host up) scanned in 56.33 seconds 说明：能够使用nmap检测到端口开放的情况

f、利用tcpdump进行抓包分析

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

[iyunv@mysql-master ~]# ping -c 5 10.10.10.2 PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data. 64 bytes from 10.10.10.2: icmp_seq=1 ttl=128 time=0.287 ms 64 bytes from 10.10.10.2: icmp_seq=2 ttl=128 time=0.626 ms 64 bytes from 10.10.10.2: icmp_seq=3 ttl=128 time=0.370 ms 64 bytes from 10.10.10.2: icmp_seq=4 ttl=128 time=0.412 ms 64 bytes from 10.10.10.2: icmp_seq=5 ttl=128 time=0.248 ms --- 10.10.10.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.248/0.388/0.626/0.133 ms [iyunv@mysql-master ~]# tcpdump -i eth0 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 05:48:57.350869 IP mysql-master > localhost: ICMP echo request, id 10786, seq 1, length 64 05:48:57.351123 IP localhost > mysql-master: ICMP echo reply, id 10786, seq 1, length 64 05:48:58.352296 IP mysql-master > localhost: ICMP echo request, id 10786, seq 2, length 64 05:48:58.352889 IP localhost > mysql-master: ICMP echo reply, id 10786, seq 2, length 64 05:48:59.352281 IP mysql-master > localhost: ICMP echo request, id 10786, seq 3, length 64 05:48:59.352590 IP localhost > mysql-master: ICMP echo reply, id 10786, seq 3, length 64 05:49:00.353060 IP mysql-master > localhost: ICMP echo request, id 10786, seq 4, length 64 05:49:00.353433 IP localhost > mysql-master: ICMP echo reply, id 10786, seq 4, length 64 05:49:01.353288 IP mysql-master > localhost: ICMP echo request, id 10786, seq 5, length 64 05:49:01.353503 IP localhost > mysql-master: ICMP echo reply, id 10786, seq 5, length 64

说明：有正常的request包和reply，说明本机到10.10.10.2正常（request包），并且10.10.10.2到本机有回应（reply包）

1 2 3 4 5 6 7 8 9 10 11 12 13

[iyunv@mysql-master ~]# ping -c 5 www.baidu.com PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data. --- www.a.shifen.com ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 14003ms [iyunv@mysql-master ~]# tcpdump -i eth0 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 05:53:27.820920 IP mysql-master > 61.135.169.125: ICMP echo request, id 14370, seq 1, length 64 05:53:28.822483 IP mysql-master > 61.135.169.125: ICMP echo request, id 14370, seq 2, length 64 05:53:29.823843 IP mysql-master > 61.135.169.125: ICMP echo request, id 14370, seq 3, length 64 05:53:30.823290 IP mysql-master > 61.135.169.125: ICMP echo request, id 14370, seq 4, length 64 05:53:31.823680 IP mysql-master > 61.135.169.125: ICMP echo request, id 14370, seq 5, length 64 说明：发现有request包，表明本机到baidu的包，baidu是接收到的，可能是百度没响应（可能性不大）或者被公司防火墙阻断了

使用手机热点，共享给测试机使用

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

[iyunv@mysql-master ~]# ping -c 5 www.baidu.com PING www.a.shifen.com (183.232.231.173) 56(84) bytes of data. 64 bytes from 183.232.231.173: icmp_seq=1 ttl=128 time=74.4 ms 64 bytes from 183.232.231.173: icmp_seq=2 ttl=128 time=74.7 ms 64 bytes from 183.232.231.173: icmp_seq=3 ttl=128 time=64.4 ms 64 bytes from 183.232.231.173: icmp_seq=4 ttl=128 time=57.0 ms 64 bytes from 183.232.231.173: icmp_seq=5 ttl=128 time=60.5 ms --- www.a.shifen.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4065ms rtt min/avg/max/mdev = 57.081/66.263/74.772/7.216 ms [iyunv@mysql-master ~]# tcpdump -i eth0 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 05:58:31.031646 IP mysql-master > 183.232.231.173: ICMP echo request, id 40226, seq 1, length 64 05:58:31.106104 IP 183.232.231.173 > mysql-master: ICMP echo reply, id 40226, seq 1, length 64 05:58:32.032448 IP mysql-master > 183.232.231.173: ICMP echo request, id 40226, seq 2, length 64 05:58:32.107194 IP 183.232.231.173 > mysql-master: ICMP echo reply, id 40226, seq 2, length 64 05:58:33.034464 IP mysql-master > 183.232.231.173: ICMP echo request, id 40226, seq 3, length 64 05:58:33.098846 IP 183.232.231.173 > mysql-master: ICMP echo reply, id 40226, seq 3, length 64 05:58:34.035272 IP mysql-master > 183.232.231.173: ICMP echo request, id 40226, seq 4, length 64 05:58:34.092322 IP 183.232.231.173 > mysql-master: ICMP echo reply, id 40226, seq 4, length 64 05:58:35.036289 IP mysql-master > 183.232.231.173: ICMP echo request, id 40226, seq 5, length 64 05:58:35.096837 IP 183.232.231.173 > mysql-master: ICMP echo reply, id 40226, seq 5, length 64 说明：到baidu是有request和reply包，进出的包都是正常的

综合分析：应该是公司内部网络时对回来的网络包做了些限制，随后与网络工程师核对了下，的确在防火墙上做了些限制。