tcpdump抓包
我在DNS服务器上抓了一些包,进行分析,但是我看到这样的一些包:
09:04:07.154452 IP 115.239.246.102.60590 > 202.96.107.29.53: 5635+ A? cwizasa.com. (29)
09:04:07.154470 IP 115.239.246.102.60590 > 202.96.107.29.53: 5635+ A? cwizasa.com. (29)
09:04:07.154552 IP 202.96.107.29.53 > 115.239.246.102.60590: 5635 1/0/0 A[|domain]
09:04:07.154570 IP 202.96.107.29.53 > 115.239.246.102.60590: 5635 1/0/0 A[|domain]
09:04:07.154624 IP 220.191.227.160.6755 > 202.96.107.28.53: 28274+ A? ping.tv.sohu.com. (34)
09:04:07.154714 IP 114.215.31.93.53 > 220.187.240.36.34445: 62721*- 1/2/1 A 221.131.216.21 (110)
09:04:07.154732 IP 114.215.31.93.53 > 220.187.240.36.34445: 62721*- 1/2/1 A 221.131.216.21 (110)
09:04:07.154832 IP 202.96.107.28.53 > 122.236.11.217.13816: 32915 1/2/0 A 221.131.216.21 (99)
09:04:07.154926 IP 122.224.12.250.50757 > 202.96.107.28.53: 46076+ A? ping.tv.sohu.com. (34)
09:04:07.154948 IP 60.190.215.118.8625 > 202.96.107.27.53: 62936+ A? h2.qhimg.com. (30)
09:04:07.154951 IP 60.190.215.118.8625 > 202.96.107.27.53: 62936+ A? h2.qhimg.com. (30)
09:04:07.154965 IP 60.190.215.118.8625 > 202.96.107.27.53: 62936+ A? h2.qhimg.com. (30)
09:04:07.155040 IP 202.96.107.28.53 > 122.224.12.250.50757: 46076 1/1/0 CNAME[|domain]
09:04:07.155058 IP 202.96.107.28.53 > 122.224.12.250.50757: 46076 1/1/0 CNAME[|domain]
09:04:07.155098 IP 122.236.193.18.1350 > 202.96.107.29.53: 25741+ A? update.360safe.com. (36)
09:04:07.155116 IP 122.236.193.18.1350 > 202.96.107.29.53: 25741+ A? update.360safe.com. (36)
09:04:07.155158 IP 125.107.11.48.58481 > 202.96.107.29.53: 42146+ A? codecs.microsoft.com. (38)
09:04:07.155230 IP 202.96.107.29.53 > 122.236.193.18.1350: 25741 8/6/0 CNAME[|domain]
有很多的包就是同一个包,但是怎么要请求2次甚至多次呢?请问这样的包是怎么回事?问题出在哪里?
[ 本帖最后由 zhangheizi 于 2011-11-29 15:49 编辑 ]
09:04:07.154452 IP 115.239.246.102.60590 > 202.96.107.29.53: 5635+ A? cwizasa.com. (29)
09:04:07.154470 IP 115.239.246.102.60590 > 202.96.107.29.53: 5635+ A? cwizasa.com. (29)
09:04:07.154552 IP 202.96.107.29.53 > 115.239.246.102.60590: 5635 1/0/0 A[|domain]
09:04:07.154570 IP 202.96.107.29.53 > 115.239.246.102.60590: 5635 1/0/0 A[|domain]
09:04:07.154624 IP 220.191.227.160.6755 > 202.96.107.28.53: 28274+ A? ping.tv.sohu.com. (34)
09:04:07.154714 IP 114.215.31.93.53 > 220.187.240.36.34445: 62721*- 1/2/1 A 221.131.216.21 (110)
09:04:07.154732 IP 114.215.31.93.53 > 220.187.240.36.34445: 62721*- 1/2/1 A 221.131.216.21 (110)
09:04:07.154832 IP 202.96.107.28.53 > 122.236.11.217.13816: 32915 1/2/0 A 221.131.216.21 (99)
09:04:07.154926 IP 122.224.12.250.50757 > 202.96.107.28.53: 46076+ A? ping.tv.sohu.com. (34)
09:04:07.154948 IP 60.190.215.118.8625 > 202.96.107.27.53: 62936+ A? h2.qhimg.com. (30)
09:04:07.154951 IP 60.190.215.118.8625 > 202.96.107.27.53: 62936+ A? h2.qhimg.com. (30)
09:04:07.154965 IP 60.190.215.118.8625 > 202.96.107.27.53: 62936+ A? h2.qhimg.com. (30)
09:04:07.155040 IP 202.96.107.28.53 > 122.224.12.250.50757: 46076 1/1/0 CNAME[|domain]
09:04:07.155058 IP 202.96.107.28.53 > 122.224.12.250.50757: 46076 1/1/0 CNAME[|domain]
09:04:07.155098 IP 122.236.193.18.1350 > 202.96.107.29.53: 25741+ A? update.360safe.com. (36)
09:04:07.155116 IP 122.236.193.18.1350 > 202.96.107.29.53: 25741+ A? update.360safe.com. (36)
09:04:07.155158 IP 125.107.11.48.58481 > 202.96.107.29.53: 42146+ A? codecs.microsoft.com. (38)
09:04:07.155230 IP 202.96.107.29.53 > 122.236.193.18.1350: 25741 8/6/0 CNAME[|domain]
有很多的包就是同一个包,但是怎么要请求2次甚至多次呢?请问这样的包是怎么回事?问题出在哪里?
[ 本帖最后由 zhangheizi 于 2011-11-29 15:49 编辑 ]
作者: zhangheizi 发布时间: 2011-11-29
浙江省绍兴市 电信DNS?
作者: perpyycto 发布时间: 2011-11-29