大家ping 8.8.8.8和8.8.4.4的延迟是多少.. 我这竟然小于2ms.. 教育网
1,083 views
Skip to first unread message
Sunus Lee
Oct 4, 2013, 1:56:56 AM10/4/13
to tj...@googlegroups.com
如题, 看图... 我干嘛有种很恐怖的感觉?
8.8.8.8的:
sunus@|\/|13p~[~]
[13:45]:mtr -r 8.8.8.8
dyld: DYLD_ environment variables being ignored because main executable (/usr/local/sbin/mtr) is setuid or setgid
HOST: |\/|13p~ Loss% Snt Last Avg Best Wrst StDev
1.|-- route 0.0% 10 0.5 0.6 0.5 0.8 0.1
2.|-- 10.10.149.253 0.0% 10 1.9 2.0 1.7 2.6 0.3
3.|-- 10.0.11.13 0.0% 10 1.7 1.7 1.5 2.0 0.2
4.|-- 10.0.12.6 0.0% 10 1.1 1.2 1.1 1.5 0.1
5.|-- 115.26.4.253 0.0% 10 1.4 4.1 1.1 29.3 8.8
6.|-- 59.67.181.77 20.0% 10 28.8 4.8 1.1 28.8 9.7
7.|-- 202.127.216.98 0.0% 10 3.0 3.1 1.9 6.3 1.6
8.|-- google-public-dns-a.googl 0.0% 10 1.5 1.5 1.4 1.6 0.1
[13:45]:mtr -r 8.8.4.4
dyld: DYLD_ environment variables being ignored because main executable (/usr/local/sbin/mtr) is setuid or setgid
HOST: |\/|13p~ Loss% Snt Last Avg Best Wrst StDev
1.|-- route 0.0% 10 0.6 0.6 0.5 0.8 0.1
2.|-- 10.10.149.253 0.0% 10 1.7 1.9 1.7 2.2 0.1
3.|-- 10.0.11.13 0.0% 10 1.6 1.8 1.5 2.5 0.3
4.|-- 10.0.12.6 0.0% 10 1.1 1.4 1.0 2.4 0.4
5.|-- 115.26.4.253 0.0% 10 1.4 1.6 1.1 4.3 1.0
6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
7.|-- 202.127.216.98 0.0% 10 2.8 2.3 1.9 2.8 0.3
8.|-- 101.4.115.101 0.0% 10 2.3 4.0 2.3 5.3 1.0
9.|-- 101.4.112.69 0.0% 10 3.7 5.7 3.5 16.5 4.6
10.|-- 101.4.116.145 0.0% 10 7.7 8.3 4.2 35.1 9.5
11.|-- 101.4.115.225 0.0% 10 3.5 3.6 3.5 3.7 0.1
12.|-- 202.112.61.14 0.0% 10 4.1 6.2 3.8 25.5 6.8
13.|-- 61.8.59.45 0.0% 10 231.5 206.0 202.9 231.5 9.0
14.|-- gi3-0-0.cr3.hkg3.asianetc 0.0% 10 203.2 203.0 202.8 203.4 0.2
15.|-- po1-0.gw2.hkg3.asianetcom 0.0% 10 202.9 203.0 202.8 203.2 0.1
16.|-- google.gw2.hkg3.asianetco 0.0% 10 49.9 50.0 49.8 50.2 0.1
17.|-- 209.85.248.62 0.0% 10 50.5 50.4 50.2 50.6 0.1
18.|-- 209.85.250.120 0.0% 10 76.2 81.7 75.2 96.1 8.1
19.|-- 209.85.243.23 0.0% 10 75.7 75.8 75.7 76.0 0.1
20.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
21.|-- google-public-dns-b.googl 10.0% 10 75.8 75.7 75.6 75.8 0.1
发生了什么事吗?
"宋为@凉拌茶叶"
Oct 4, 2013, 2:44:43 AM10/4/13
to tj...@googlegroups.com
嗯,我这儿也挺小。
> leo-ThinkPad/home/leo
> leo >>> ping 8.8.8.8 13-10-04 14:43
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> 64 bytes from 8.8.8.8: icmp_req=1 ttl=56 time=4.10 ms
> 64 bytes from 8.8.8.8: icmp_req=2 ttl=56 time=11.2 ms
> 64 bytes from 8.8.8.8: icmp_req=3 ttl=56 time=4.02 ms
> 64 bytes from 8.8.8.8: icmp_req=4 ttl=56 time=4.07 ms
> 64 bytes from 8.8.8.8: icmp_req=5 ttl=56 time=3.98 ms
> 64 bytes from 8.8.8.8: icmp_req=6 ttl=56 time=6.11 ms
> 64 bytes from 8.8.8.8: icmp_req=7 ttl=56 time=4.14 ms
> 64 bytes from 8.8.8.8: icmp_req=8 ttl=56 time=4.67 ms
> ^C
> --- 8.8.8.8 ping statistics ---
> 8 packets transmitted, 8 received, 0% packet loss, time 7008ms
> rtt min/avg/max/mdev = 3.982/5.302/11.288/2.360 ms
> leo-ThinkPad/home/leo
> leo >>> ping 8.8.4.4 13-10-04 14:43
> PING 8.8.4.4 (8.8.4.4) 56(84) bytes of data.
> 64 bytes from 8.8.4.4: icmp_req=1 ttl=38 time=69.4 ms
> 64 bytes from 8.8.4.4: icmp_req=2 ttl=38 time=66.3 ms
> 64 bytes from 8.8.4.4: icmp_req=3 ttl=38 time=66.4 ms
> 64 bytes from 8.8.4.4: icmp_req=4 ttl=38 time=66.0 ms
> 64 bytes from 8.8.4.4: icmp_req=5 ttl=38 time=66.1 ms
> 64 bytes from 8.8.4.4: icmp_req=6 ttl=38 time=67.7 ms
> ^C
> --- 8.8.4.4 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 5007ms
> rtt min/avg/max/mdev = 66.018/67.021/69.470/1.247 ms
> leo-ThinkPad/home/leo
> leo >>> ping 8.8.8.8 13-10-04 14:43
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> 64 bytes from 8.8.8.8: icmp_req=1 ttl=56 time=4.10 ms
> 64 bytes from 8.8.8.8: icmp_req=2 ttl=56 time=11.2 ms
> 64 bytes from 8.8.8.8: icmp_req=3 ttl=56 time=4.02 ms
> 64 bytes from 8.8.8.8: icmp_req=4 ttl=56 time=4.07 ms
> 64 bytes from 8.8.8.8: icmp_req=5 ttl=56 time=3.98 ms
> 64 bytes from 8.8.8.8: icmp_req=6 ttl=56 time=6.11 ms
> 64 bytes from 8.8.8.8: icmp_req=7 ttl=56 time=4.14 ms
> 64 bytes from 8.8.8.8: icmp_req=8 ttl=56 time=4.67 ms
> ^C
> --- 8.8.8.8 ping statistics ---
> 8 packets transmitted, 8 received, 0% packet loss, time 7008ms
> rtt min/avg/max/mdev = 3.982/5.302/11.288/2.360 ms
> leo-ThinkPad/home/leo
> leo >>> ping 8.8.4.4 13-10-04 14:43
> PING 8.8.4.4 (8.8.4.4) 56(84) bytes of data.
> 64 bytes from 8.8.4.4: icmp_req=1 ttl=38 time=69.4 ms
> 64 bytes from 8.8.4.4: icmp_req=2 ttl=38 time=66.3 ms
> 64 bytes from 8.8.4.4: icmp_req=3 ttl=38 time=66.4 ms
> 64 bytes from 8.8.4.4: icmp_req=4 ttl=38 time=66.0 ms
> 64 bytes from 8.8.4.4: icmp_req=5 ttl=38 time=66.1 ms
> 64 bytes from 8.8.4.4: icmp_req=6 ttl=38 time=67.7 ms
> ^C
> --- 8.8.4.4 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 5007ms
> rtt min/avg/max/mdev = 66.018/67.021/69.470/1.247 ms
Qian Hong
Oct 4, 2013, 2:46:08 AM10/4/13
to tjlug
建议用 mtr -r -n,不要进行反向解析,节省时间,还可以看到每一跳的ip
2013/10/4 Sunus Lee <sunu...@gmail.com>:
最后的几跳比较可疑,我查看whois的结果没看出什么不正常的,但是ping不通,just-ping.com 也ping不通。
http://cloudmonitor.ca.com/en/ping.php?vtt=1380868989&varghost=209.85.243.23&vhost=_&vaction=ping&ping=start
--
Regards,
Qian Hong
-
http://www.winehq.org
2013/10/4 Sunus Lee <sunu...@gmail.com>:
> 17.|-- 209.85.248.62 0.0% 10 50.5 50.4 50.2 50.6 0.1
> 18.|-- 209.85.250.120 0.0% 10 76.2 81.7 75.2 96.1 8.1
> 19.|-- 209.85.243.23 0.0% 10 75.7 75.8 75.7 76.0 0.1
有个问题:最后这几跳,在你的机器上可以ping通吗?
> 18.|-- 209.85.250.120 0.0% 10 76.2 81.7 75.2 96.1 8.1
> 19.|-- 209.85.243.23 0.0% 10 75.7 75.8 75.7 76.0 0.1
最后的几跳比较可疑,我查看whois的结果没看出什么不正常的,但是ping不通,just-ping.com 也ping不通。
http://cloudmonitor.ca.com/en/ping.php?vtt=1380868989&varghost=209.85.243.23&vhost=_&vaction=ping&ping=start
--
Regards,
Qian Hong
-
http://www.winehq.org
Qian Hong
Oct 4, 2013, 2:50:30 AM10/4/13
to tjlug
2013/10/4 Sunus Lee <sunu...@gmail.com>:
另外,google还有其他ip,你试试 4.2.2.1 / 4.2.2.2 / 74.125.239.51
等,分别把ping的时间和mtr跟踪的记录贴出来看看?
你mtr 8.8.8.8 和 8.8.4.4 的结果,一个是8跳,一个是21跳,两个的ping值都是2ms吗?
2ms,这是大天朝大局域网的节奏啊 233
> 7.|-- 202.127.216.98 0.0% 10 3.0 3.1 1.9 6.3 1.6
> 8.|-- google-public-dns-a.googl 0.0% 10 1.5 1.5 1.4 1.6 0.1
倒数第二跳,通过whois可以看到是教育网的ip,而最后一跳立刻就到google的ip了,这一点也是比较可疑的。
> 8.|-- google-public-dns-a.googl 0.0% 10 1.5 1.5 1.4 1.6 0.1
另外,google还有其他ip,你试试 4.2.2.1 / 4.2.2.2 / 74.125.239.51
等,分别把ping的时间和mtr跟踪的记录贴出来看看?
你mtr 8.8.8.8 和 8.8.4.4 的结果,一个是8跳,一个是21跳,两个的ping值都是2ms吗?
2ms,这是大天朝大局域网的节奏啊 233
sunus
Oct 4, 2013, 2:52:39 AM10/4/13
to tj...@googlegroups.com
没有, 8.8.8.8是大中华局域网的节奏. 8.8.4.4倒正常. 70ms左右…
PS, 是教育网环境下.
在联通3G和电信下, 是正常的50ms左右…
只有在教育网里的8.8.8.8是2ms…
dns也可以伪装吗?
> --
> --
> 这是一封来自TJLUG (Tianjin Linux User Group) 的邮件。
> 您收到此信息是由于您订阅了 Google 论坛“TJLUG”论坛。
> 要在此论坛发帖,请发电子邮件到 tj...@googlegroups.com
> 要退订此论坛,请发邮件至 tjlug+un...@googlegroups.com
> 更多选项,请通过 http://groups.google.com/group/tjlug?hl=zh-CN 访问该论坛
>
> 其他资源
> Google Group:http://groups.google.com/group/tjlug?hl=zh-CN
> Site: www.tjlug.net
> Twitter ID:TianjinLUG
>
> (招募管理者)文件归档:http://code.google.com/p/tjlug/
> (招募管理者)人人公共主页:http://page.renren.com/601037199
> (招募管理者)豆瓣小组:http://www.douban.com/group/tjlug/
>
> 有意向参与管理或者开发请直接将邮件发送至group,注明感兴趣的工作即可。
>
> ---
> 您收到此邮件是因为您订阅了 Google 网上论坛的“TJLUG”论坛。
> 要退订此论坛并停止接收此论坛的电子邮件,请发送电子邮件到 tjlug+un...@googlegroups.com。
> 要查看更多选项,请访问 https://groups.google.com/groups/opt_out。
Sunus Lee
Best Wishes
PS, 是教育网环境下.
在联通3G和电信下, 是正常的50ms左右…
只有在教育网里的8.8.8.8是2ms…
dns也可以伪装吗?
> --
> 这是一封来自TJLUG (Tianjin Linux User Group) 的邮件。
> 您收到此信息是由于您订阅了 Google 论坛“TJLUG”论坛。
> 要在此论坛发帖,请发电子邮件到 tj...@googlegroups.com
> 要退订此论坛,请发邮件至 tjlug+un...@googlegroups.com
> 更多选项,请通过 http://groups.google.com/group/tjlug?hl=zh-CN 访问该论坛
>
> 其他资源
> Google Group:http://groups.google.com/group/tjlug?hl=zh-CN
> Site: www.tjlug.net
> Twitter ID:TianjinLUG
>
> (招募管理者)文件归档:http://code.google.com/p/tjlug/
> (招募管理者)人人公共主页:http://page.renren.com/601037199
> (招募管理者)豆瓣小组:http://www.douban.com/group/tjlug/
>
> 有意向参与管理或者开发请直接将邮件发送至group,注明感兴趣的工作即可。
>
> ---
> 您收到此邮件是因为您订阅了 Google 网上论坛的“TJLUG”论坛。
> 要退订此论坛并停止接收此论坛的电子邮件,请发送电子邮件到 tjlug+un...@googlegroups.com。
> 要查看更多选项,请访问 https://groups.google.com/groups/opt_out。
Sunus Lee
Best Wishes
"宋为@凉拌茶叶"
Oct 4, 2013, 2:54:20 AM10/4/13
to tj...@googlegroups.com
次奥!就是嘎!怎么从北京那里出去过后立马就跳到谷歌了!
sunus
Oct 4, 2013, 2:56:54 AM10/4/13
to tj...@googlegroups.com
> 另外,google还有其他ip,你试试 4.2.2.1 / 4.2.2.2 / 74.125.239.51
> 等,分别把ping的时间和mtr跟踪的记录贴出来看看?
这些也是正常的. 200ms左右..
> 等,分别把ping的时间和mtr跟踪的记录贴出来看看?
root@DreamBox:~# traceroute 4.2.2.1
traceroute to 4.2.2.1 (4.2.2.1), 30 hops max, 38 byte packets
1 10.10.149.253 (10.10.149.253) 1.880 ms 1.781 ms 1.569 ms
2 10.0.11.13 (10.0.11.13) 1.365 ms 1.615 ms 1.344 ms
3 10.0.12.6 (10.0.12.6) 0.918 ms 0.833 ms 0.792 ms
4 115.26.4.253 (115.26.4.253) 1.026 ms 1.160 ms 0.970 ms
5 59.67.181.77 (59.67.181.77) 1.254 ms 2.995 ms 1.078 ms
6 202.127.216.98 (202.127.216.98) 2.105 ms 1.523 ms 1.987 ms
7 101.4.115.101 (101.4.115.101) 1.935 ms 3.596 ms 4.160 ms
8 101.4.112.69 (101.4.112.69) 3.313 ms 3.938 ms 3.581 ms
9 101.4.116.145 (101.4.116.145) 6.222 ms 101.4.116.134 (101.4.116.134) 6.324 ms 7.300 ms
10 101.4.115.225 (101.4.115.225) 3.339 ms 3.376 ms 3.321 ms
11 202.112.61.14 (202.112.61.14) 3.756 ms 3.790 ms 3.868 ms
12 80.150.170.165 (80.150.170.165) 50.304 ms 52.941 ms 52.424 ms
13 lax-sb2-i.LAX.US.NET.DTAG.DE (62.154.14.106) 207.800 ms 208.966 ms 208.214 ms
14 217.6.51.246 (217.6.51.246) 207.256 ms 207.536 ms 218.234 ms
15 ae-1-60.edge3.LosAngeles1.Level3.net (4.69.144.9) 207.439 ms ae-2-70.edge3.LosAngeles1.Level3.net (4.69.144.73) 207.445 ms 207.341 ms
16 a.resolvers.level3.net (4.2.2.1) 207.400 ms 207.808 ms 207.570 ms
root@DreamBox:~# traceroute 4.2.2.2
traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 38 byte packets
1 10.10.149.253 (10.10.149.253) 1.860 ms 1.508 ms 1.486 ms
2 10.0.11.13 (10.0.11.13) 2.210 ms 1.461 ms 1.763 ms
3 10.0.12.6 (10.0.12.6) 1.167 ms 1.131 ms 0.944 ms
4 115.26.4.253 (115.26.4.253) 1.408 ms 0.991 ms 1.139 ms
5 59.67.181.77 (59.67.181.77) 1.013 ms 1.046 ms 1.035 ms
6 202.127.216.98 (202.127.216.98) 2.184 ms 2.174 ms 1.826 ms
7 101.4.115.101 (101.4.115.101) 5.320 ms 8.831 ms 3.600 ms
8 101.4.112.69 (101.4.112.69) 4.960 ms 4.521 ms 3.376 ms
9 101.4.116.134 (101.4.116.134) 6.369 ms 101.4.116.145 (101.4.116.145) 6.283 ms 5.253 ms
10 101.4.115.225 (101.4.115.225) 3.748 ms 3.734 ms 3.569 ms
11 202.112.61.14 (202.112.61.14) 4.012 ms 3.706 ms 3.933 ms
12 80.150.170.165 (80.150.170.165) 53.795 ms 53.911 ms 53.570 ms
13 lax-sb2-i.LAX.US.NET.DTAG.DE (62.154.14.106) 208.693 ms 207.736 ms 212.236 ms
14 217.6.51.246 (217.6.51.246) 207.521 ms 251.599 ms 207.268 ms
15 ae-4-90.edge3.LosAngeles1.Level3.net (4.69.144.201) 207.754 ms ae-1-60.edge3.LosAngeles1.Level3.net (4.69.144.9) 207.471 ms 207.333 ms
16 b.resolvers.Level3.net (4.2.2.2) 207.521 ms 207.636 ms 207.655 ms
Sunus Lee
Best Wishes
sunus
Oct 4, 2013, 2:57:46 AM10/4/13
to tj...@googlegroups.com
我也奇怪 一跳就从社会主义到资本主义了. ..
sunus
Oct 4, 2013, 3:00:01 AM10/4/13
to tj...@googlegroups.com
这个IP, 202.127.216.98
WHOIS可以查到, 是教育网的.
% Information related to '202.127.216.0 - 202.127.223.255'
inetnum: 202.127.216.0 - 202.127.223.255
netname: BJR-CERNET
descr: China Education and Research Network
descr: Beijing Regional Network
country: CN
admin-c: CER-AP
tech-c: CER-AP
status: ALLOCATED PORTABLE
remarks: origin AS4538
remarks: old NJTU-CN returned on 19951109
mnt-by: APNIC-HM
mnt-lower: MAINT-CERNET-AP
mnt-routes: MAINT-CERNET-AP
mnt-irt: IRT-CERNET-AP
changed: hostm...@apnic.net 19941216
changed: sz...@ocean.net.edu.cn 19951109
changed: hm-ch...@apnic.net 20040602
source: APNIC
irt: IRT-CERNET-AP
address: Network Research Center,
address: Main Bldg, Tsinghua Univ
address: Beijing 100084, China
phone: +86-10-62784301
fax-no: +86-10-62785933
e-mail: ab...@net.edu.cn
abuse-mailbox: ab...@net.edu.cn
admin-c: CER-AP
tech-c: CER-AP
auth: # Filtered
remarks: timezone GMT+8
remarks: http://www.ccert.edu.cn
mnt-by: MAINT-CERNET-AP
changed: hm-ch...@net.edu.cn 20101126
source: APNIC
role: CERNET Helpdesk
address: Room 224, Main Building
address: Tsinghua University
address: Beijing 100084, China
country: CN
phone: +86-10-6278-4049
fax-no: +86-10-6278-5933
e-mail: cernet-he...@net.edu.cn
remarks: ab...@net.edu.cn
admin-c: XL1-CN
tech-c: SZ2-AP
nic-hdl: CER-AP
remarks: Point of Contact for admin-c
mnt-by: MAINT-CERNET-AP
changed: cernet-he...@net.edu.cn 20010903
source: APNIC
changed: hm-ch...@apnic.net 20111114
% This query was served by the APNIC Whois Service version 1.68.5 (WHOIS2)
Sunus Lee
Best Wishes
WHOIS可以查到, 是教育网的.
% Information related to '202.127.216.0 - 202.127.223.255'
inetnum: 202.127.216.0 - 202.127.223.255
netname: BJR-CERNET
descr: China Education and Research Network
descr: Beijing Regional Network
country: CN
admin-c: CER-AP
tech-c: CER-AP
status: ALLOCATED PORTABLE
remarks: origin AS4538
remarks: old NJTU-CN returned on 19951109
mnt-by: APNIC-HM
mnt-lower: MAINT-CERNET-AP
mnt-routes: MAINT-CERNET-AP
mnt-irt: IRT-CERNET-AP
changed: hostm...@apnic.net 19941216
changed: sz...@ocean.net.edu.cn 19951109
changed: hm-ch...@apnic.net 20040602
source: APNIC
irt: IRT-CERNET-AP
address: Network Research Center,
address: Main Bldg, Tsinghua Univ
address: Beijing 100084, China
phone: +86-10-62784301
fax-no: +86-10-62785933
e-mail: ab...@net.edu.cn
abuse-mailbox: ab...@net.edu.cn
admin-c: CER-AP
tech-c: CER-AP
auth: # Filtered
remarks: timezone GMT+8
remarks: http://www.ccert.edu.cn
mnt-by: MAINT-CERNET-AP
changed: hm-ch...@net.edu.cn 20101126
source: APNIC
role: CERNET Helpdesk
address: Room 224, Main Building
address: Tsinghua University
address: Beijing 100084, China
country: CN
phone: +86-10-6278-4049
fax-no: +86-10-6278-5933
e-mail: cernet-he...@net.edu.cn
remarks: ab...@net.edu.cn
admin-c: XL1-CN
tech-c: SZ2-AP
nic-hdl: CER-AP
remarks: Point of Contact for admin-c
mnt-by: MAINT-CERNET-AP
changed: cernet-he...@net.edu.cn 20010903
source: APNIC
changed: hm-ch...@apnic.net 20111114
% This query was served by the APNIC Whois Service version 1.68.5 (WHOIS2)
Best Wishes
Qian Hong
Oct 4, 2013, 3:00:03 AM10/4/13
to tjlug
2013/10/4 sunus <sunu...@gmail.com>:
-n的结果,收集越多的ip和越多的网络条件的组合越好。70ms和50ms都不能说一定正常,具体看看每一跳的路径可以得到更多正常或异常的证据。
8.8.8.8就是个ip地址,你也可以把你室友的电脑设置为8.8.8.8,但是这对一般人来说没有影响,可是如果有人能控制关键的路由,就可以做手脚了。
> 没有, 8.8.8.8是大中华局域网的节奏. 8.8.4.4倒正常. 70ms左右…
> PS, 是教育网环境下.
>
> 在联通3G和电信下, 是正常的50ms左右…
>
> 只有在教育网里的8.8.8.8是2ms…
> dns也可以伪装吗?
如果有条件,请分别贴一下mtr -r
> PS, 是教育网环境下.
>
> 在联通3G和电信下, 是正常的50ms左右…
>
> 只有在教育网里的8.8.8.8是2ms…
> dns也可以伪装吗?
-n的结果,收集越多的ip和越多的网络条件的组合越好。70ms和50ms都不能说一定正常,具体看看每一跳的路径可以得到更多正常或异常的证据。
8.8.8.8就是个ip地址,你也可以把你室友的电脑设置为8.8.8.8,但是这对一般人来说没有影响,可是如果有人能控制关键的路由,就可以做手脚了。
"宋为@凉拌茶叶"
Oct 4, 2013, 3:04:55 AM10/4/13
to tj...@googlegroups.com
我这里也一样
> leo-ThinkPad/home/leo
> leo >>> mtr -r -n 8.8.8.8 13-10-04 15:04
> HOST: leo-ThinkPad Loss% Snt Last Avg Best Wrst StDev
> 1.|-- 192.168.0.1 0.0% 10 3.4 3.2 2.6 4.1 0.5
> 2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
> 3.|-- 10.1.1.230 0.0% 10 3.3 5.2 3.2 14.0 3.4
> 4.|-- 10.1.1.1 0.0% 10 3.2 3.7 3.2 4.3 0.3
> 5.|-- 202.113.208.254 0.0% 10 4.1 3.7 3.0 4.7 0.5
> 6.|-- 59.67.181.21 0.0% 10 4.9 6.8 3.6 27.8 7.4
> 7.|-- 59.67.181.77 10.0% 10 6.5 4.2 3.6 6.5 0.9
> 8.|-- 202.127.216.98 0.0% 10 5.8 8.8 4.5 25.9 8.2
> 9.|-- 8.8.8.8 0.0% 10 5.9 4.4 3.7 5.9 0.8
> leo-ThinkPad/home/leo
> leo >>> mtr -r -n 8.8.8.8 13-10-04 15:04
> HOST: leo-ThinkPad Loss% Snt Last Avg Best Wrst StDev
> 1.|-- 192.168.0.1 0.0% 10 3.4 3.2 2.6 4.1 0.5
> 2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
> 3.|-- 10.1.1.230 0.0% 10 3.3 5.2 3.2 14.0 3.4
> 4.|-- 10.1.1.1 0.0% 10 3.2 3.7 3.2 4.3 0.3
> 5.|-- 202.113.208.254 0.0% 10 4.1 3.7 3.0 4.7 0.5
> 6.|-- 59.67.181.21 0.0% 10 4.9 6.8 3.6 27.8 7.4
> 7.|-- 59.67.181.77 10.0% 10 6.5 4.2 3.6 6.5 0.9
> 8.|-- 202.127.216.98 0.0% 10 5.8 8.8 4.5 25.9 8.2
> 9.|-- 8.8.8.8 0.0% 10 5.9 4.4 3.7 5.9 0.8
Qian Hong
Oct 4, 2013, 3:22:39 AM10/4/13
to tjlug
2013/10/4 "宋为@凉拌茶叶" <leo_s...@126.com>:
> 我这里也一样
建议做两个实验:
1.
在教育网内,用nmap扫描8.8.8.8,获得指纹,参见 [1]
2.
挂上海外vpn,保证不会连接到可疑的目标,重新用nmap扫描8.8.8.8
对比1和2的结果,看看指纹是不是完全一样。如果结果不同,那么可疑的程度就更大了。如果结果相同,那么还不能完全排除可疑,因为指纹也是可以伪造的,况且Google的dns服务器没有什么指纹,我这里用nmap基本什么都扫不出来。这时候就需要继续想其他求证的方法了。
# nmap -O -v 8.8.8.8
Starting Nmap 5.21 ( http://nmap.org ) at 2013-10-04 15:21 CST
Initiating Ping Scan at 15:21
Scanning 8.8.8.8 [4 ports]
Completed Ping Scan at 15:21, 0.28s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:21
Completed Parallel DNS resolution of 1 host. at 15:21, 0.00s elapsed
Initiating SYN Stealth Scan at 15:21
Scanning google-public-dns-a.google.com (8.8.8.8) [1000 ports]
Discovered open port 53/tcp on 8.8.8.8
Completed SYN Stealth Scan at 15:21, 19.19s elapsed (1000 total ports)
Initiating OS detection (try #1) against
google-public-dns-a.google.com (8.8.8.8)
Retrying OS detection (try #2) against google-public-dns-a.google.com (8.8.8.8)
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.26s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
53/tcp open domain
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results
incomplete
No OS matches for host
Uptime guess: 0.000 days (since Fri Oct 4 15:21:58 2013)
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IP ID Sequence Generation: Randomized
Read data files from: /usr/share/nmap
OS detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.26 seconds
Raw packets sent: 2086 (95.996KB) | Rcvd: 31 (1676B)
http://nmap.org/book/osdetect-usage.html
> 我这里也一样
建议做两个实验:
1.
在教育网内,用nmap扫描8.8.8.8,获得指纹,参见 [1]
2.
挂上海外vpn,保证不会连接到可疑的目标,重新用nmap扫描8.8.8.8
对比1和2的结果,看看指纹是不是完全一样。如果结果不同,那么可疑的程度就更大了。如果结果相同,那么还不能完全排除可疑,因为指纹也是可以伪造的,况且Google的dns服务器没有什么指纹,我这里用nmap基本什么都扫不出来。这时候就需要继续想其他求证的方法了。
# nmap -O -v 8.8.8.8
Starting Nmap 5.21 ( http://nmap.org ) at 2013-10-04 15:21 CST
Initiating Ping Scan at 15:21
Scanning 8.8.8.8 [4 ports]
Completed Ping Scan at 15:21, 0.28s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:21
Completed Parallel DNS resolution of 1 host. at 15:21, 0.00s elapsed
Initiating SYN Stealth Scan at 15:21
Scanning google-public-dns-a.google.com (8.8.8.8) [1000 ports]
Discovered open port 53/tcp on 8.8.8.8
Completed SYN Stealth Scan at 15:21, 19.19s elapsed (1000 total ports)
Initiating OS detection (try #1) against
google-public-dns-a.google.com (8.8.8.8)
Retrying OS detection (try #2) against google-public-dns-a.google.com (8.8.8.8)
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.26s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
53/tcp open domain
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results
incomplete
No OS matches for host
Uptime guess: 0.000 days (since Fri Oct 4 15:21:58 2013)
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IP ID Sequence Generation: Randomized
Read data files from: /usr/share/nmap
OS detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.26 seconds
Raw packets sent: 2086 (95.996KB) | Rcvd: 31 (1676B)
http://nmap.org/book/osdetect-usage.html
sunus
Oct 4, 2013, 3:31:05 AM10/4/13
to tj...@googlegroups.com
On 2013-10-4, at 下午3:22, Qian Hong <frac...@gmail.com> wrote:
> 建议做两个实验:
> 1.
> 在教育网内,用nmap扫描8.8.8.8,获得指纹,参见 [1]
>
> 2.
> 挂上海外vpn,保证不会连接到可疑的目标,重新用nmap扫描8.8.8.8
>
> 对比1和2的结果,看看指纹是不是完全一样。如果结果不同,那么可疑的程度就更大了。如果结果相同,那么还不能完全排除可疑,因为指纹也是可以伪造的,况且Google的dns服务器没有什么指纹,我这里用nmap基本什么都扫不出来。这时候就需要继续想其他求证的方法了。
米国VPN:
sunus@li576-203:~$ sudo nmap -O -Pn -v 8.8.8.8
Starting Nmap 5.21 ( http://nmap.org ) at 2013-10-04 07:28 UTC
Initiating Parallel DNS resolution of 1 host. at 07:28
Completed Parallel DNS resolution of 1 host. at 07:28, 0.09s elapsed
Initiating SYN Stealth Scan at 07:28
Scanning google-public-dns-a.google.com (8.8.8.8) [1000 ports]
Discovered open port 53/tcp on 8.8.8.8
Completed SYN Stealth Scan at 07:28, 4.34s elapsed (1000 total ports)
Discovered open port 53/tcp on 8.8.8.8
Initiating OS detection (try #1) against google-public-dns-a.google.com (8.8.8.8)
Retrying OS detection (try #2) against google-public-dns-a.google.com (8.8.8.8)
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.024s latency).
Retrying OS detection (try #2) against google-public-dns-a.google.com (8.8.8.8)
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Not shown: 999 filtered ports
PORT STATE SERVICE
53/tcp open domain
// 看这里
PORT STATE SERVICE
53/tcp open domain
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Uptime guess: 0.000 days (since Fri Oct 4 07:28:09 2013)
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
TCP Sequence Prediction: Difficulty=242 (Good luck!)
IP ID Sequence Generation: Randomized
Read data files from: /usr/share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.53 seconds
Read data files from: /usr/share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Raw packets sent: 2064 (94.332KB) | Rcvd: 26 (1560B)
------------------------------------------------------------------------------------------------------------------------------------------------------
教育网:
[15:26]:sudo nmap -Pn -O -v 8.8.8.8
dyld: DYLD_ environment variables being ignored because main executable (/usr/bin/sudo) is setuid or setgid
Starting Nmap 6.25 ( http://nmap.org ) at 2013-10-04 15:29 CST
Initiating Parallel DNS resolution of 1 host. at 15:29
Completed Parallel DNS resolution of 1 host. at 15:29, 0.00s elapsed
Initiating SYN Stealth Scan at 15:29
Scanning google-public-dns-a.google.com (8.8.8.8) [1000 ports]
Completed SYN Stealth Scan at 15:29, 6.03s elapsed (1000 total ports)
Initiating OS detection (try #1) against google-public-dns-a.google.com (8.8.8.8)
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.0024s latency).
All 1000 scanned ports on google-public-dns-a.google.com (8.8.8.8) are filtered
//看这里 卧槽卧槽!!
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: firewall|switch|general purpose|storage-misc
Running: Cisco embedded, Cisco NX-OS 4.X, Foundry IronWare 7.X, Linux 2.6.X, Netgear Linux 2.6.X
OS CPE: cpe:/h:cisco:ips_4270 cpe:/o:cisco:mds_9509 cpe:/o:cisco:nx_os:4 cpe:/o:foundrynet:ironware:7 cpe:/o:linux:linux_kernel:2.6 cpe:/o:netgear:linux:2.6
OS details: Cisco IPS 4270 intrusion prevention system, Cisco MDS 9509 switch (NX-OS 4.2), Foundry Networks BigIron 8000 switch (IronWare 07.8.02eT53), Linux 2.6.11 - 2.6.18, Linux 2.6.32, Netgear ReadyNAS 3200 NAS device (Linux 2.6)
Read data files from: /usr/local/bin/../share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.17 seconds
Raw packets sent: 1996 (89.342KB) | Rcvd: 26 (2.306KB)
好多思科的设备啊… 嗯…8.8.8.8 是要被查水表了的.
Sunus Lee
Best Wishes
sunus
Oct 4, 2013, 3:32:23 AM10/4/13
to tj...@googlegroups.com
结果是, 山寨的8.8.8.8能查到指纹……
资本主义的8.8.8.8查不到..
哈哈哈哈
Sunus Lee
Best Wishes
资本主义的8.8.8.8查不到..
哈哈哈哈
Best Wishes
"宋为@凉拌茶叶"
Oct 4, 2013, 3:38:25 AM10/4/13
to tj...@googlegroups.com
哎……好吧,其实社会主义的8.8.8.8还挺好用的
Qian Hong
Oct 4, 2013, 3:39:54 AM10/4/13
to tjlug
On Fri, Oct 4, 2013 at 3:38 PM, "宋为@凉拌茶叶" <leo_s...@126.com> wrote:
> 哎……好吧,其实社会主义的8.8.8.8还挺好用的
你们用这个假的8.8.8.8,去解析youtube/twitter/facebook等,可以得到正确的ip吗?
> 哎……好吧,其实社会主义的8.8.8.8还挺好用的
你们用这个假的8.8.8.8,去解析youtube/twitter/facebook等,可以得到正确的ip吗?
sunus
Oct 4, 2013, 3:44:39 AM10/4/13
to tj...@googlegroups.com
之前有试过 不确定是不是「正确」的
IP太多了. 需要每次解析的结果全部做个记录大概得一个集合之后再比较
IP太多了. 需要每次解析的结果全部做个记录大概得一个集合之后再比较
钱仲超
Oct 4, 2013, 3:46:05 AM10/4/13
to tj...@googlegroups.com
话说。。。学校里的破网络,自己服务器的VPN都没法连接。怀疑是它NAT做的有问题。
在家用联通,VPN总是掉线 - -,SSH没问题。。。。。
学校IPv6的话,2001:4860:4860::8888和8844的ping大概要200ms左右(mlgbd网速),所以应该是真的。。
家里的话8.8.8.8 8.8.4.4 60/140ms
在家用联通,VPN总是掉线 - -,SSH没问题。。。。。
学校IPv6的话,2001:4860:4860::8888和8844的ping大概要200ms左右(mlgbd网速),所以应该是真的。。
家里的话8.8.8.8 8.8.4.4 60/140ms
sunus
Oct 4, 2013, 3:47:57 AM10/4/13
to tj...@googlegroups.com
哈哈 得不到. 得到的根本ping不通.
37.61.54.158
这个是 社会主义 8888给我的facebook的ip.
173.252.110.27 这个是资本主义给的.
37.61.54.158
这个是 社会主义 8888给我的facebook的ip.
173.252.110.27 这个是资本主义给的.
Chopin Wong
Oct 4, 2013, 4:58:13 AM10/4/13
to tj...@googlegroups.com
上结果。
我这个
ping 8.8.8.8 ,min/avg/max/mdev = 41.290/41.359/41.429/0.214 ms
ping 8.8.4.4 ,min/avg/max/mdev = 68.577/68.764/69.016/0.307 ms
ps.那个,不是好多cisco设备,是nmap列举了它的猜测。。。附,扫描结果。
8.8.8.8 :
Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-04 16:30 CST
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Parallel DNS resolution of 1 host. at 16:31
Completed Parallel DNS resolution of 1 host. at 16:31, 0.10s elapsed
Initiating SYN Stealth Scan at 16:31
Scanning google-public-dns-a.google.com (8.8.8.8) [1000 ports]
Discovered open port 53/tcp on 8.8.8.8
Completed SYN Stealth Scan at 16:31, 7.83s elapsed (1000 total ports)
Initiating Service scan at 16:31
Scanning 1 service on google-public-dns-a.google.com (8.8.8.8)
Completed Service scan at 16:31, 1.09s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against google-public-dns-a.google.com (8.8.8.8)
Retrying OS detection (try #2) against google-public-dns-a.google.com (8.8.8.8)
Initiating Traceroute at 16:31
Completed Traceroute at 16:31, 3.04s elapsed
Initiating Parallel DNS resolution of 11 hosts. at 16:31
Completed Parallel DNS resolution of 11 hosts. at 16:31, 0.16s elapsed
NSE: Script scanning 8.8.8.8.
Initiating NSE at 16:31
Completed NSE at 16:31, 5.09s elapsed
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.041s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
53/tcp open tcpwrapped
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Uptime guess: 0.000 days (since Fri Oct 4 16:31:23 2013)
Network Distance: 12 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: Randomized
TRACEROUTE (using port 53/tcp)
HOP RTT ADDRESS
1 3.70 ms 123.150.134.1
2 2.79 ms 219.150.51.49
3 5.06 ms 219.150.52.193
4 7.21 ms 202.97.79.249
5 5.18 ms 202.97.53.86
6 7.14 ms 202.97.58.98
7 43.90 ms 202.97.61.98
8 40.70 ms 202.97.62.214
9 46.62 ms 209.85.241.58
10 41.58 ms 209.85.253.71
11 ...
12 41.94 ms google-public-dns-a.google.com (8.8.8.8)
NSE: Script Post-scanning.
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 39.45 seconds
Raw packets sent: 2087 (95.448KB) | Rcvd: 47 (2.800KB)
8.8.4.4:
Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-04 16:33 CST
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Parallel DNS resolution of 1 host. at 16:33
Completed Parallel DNS resolution of 1 host. at 16:33, 0.16s elapsed
Initiating SYN Stealth Scan at 16:33
Scanning google-public-dns-b.google.com (8.8.4.4) [1000 ports]
Discovered open port 53/tcp on 8.8.4.4
Completed SYN Stealth Scan at 16:34, 11.86s elapsed (1000 total ports)
Initiating Service scan at 16:34
Scanning 1 service on google-public-dns-b.google.com (8.8.4.4)
Completed Service scan at 16:34, 1.15s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against google-public-dns-b.google.com (8.8.4.4)
Retrying OS detection (try #2) against google-public-dns-b.google.com (8.8.4.4)
Initiating Traceroute at 16:34
Completed Traceroute at 16:34, 3.04s elapsed
Initiating Parallel DNS resolution of 12 hosts. at 16:34
Completed Parallel DNS resolution of 12 hosts. at 16:34, 13.00s elapsed
NSE: Script scanning 8.8.4.4.
Initiating NSE at 16:34
Completed NSE at 16:34, 5.15s elapsed
Nmap scan report for google-public-dns-b.google.com (8.8.4.4)
Host is up (0.070s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
53/tcp open tcpwrapped
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Uptime guess: 0.000 days (since Fri Oct 4 16:34:06 2013)
Network Distance: 13 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: Randomized
TRACEROUTE (using port 53/tcp)
HOP RTT ADDRESS
1 3.70 ms 123.150.134.1
2 2.44 ms 219.150.51.53
3 27.02 ms 219.150.52.97
4 38.44 ms 202.97.34.1
5 5.38 ms 202.97.53.42
6 5.24 ms 202.97.58.86
7 44.42 ms 202.97.61.50
8 43.33 ms 202.97.62.214
9 42.39 ms 209.85.241.58
10 92.97 ms 209.85.250.120
11 68.70 ms 209.85.250.101
12 ...
13 69.11 ms google-public-dns-b.google.com (8.8.4.4)
NSE: Script Post-scanning.
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 55.53 seconds
Raw packets sent: 2094 (95.852KB) | Rcvd: 56 (3.312KB)
Chopin Wong
Oct 4, 2013, 4:59:01 AM10/4/13
to tj...@googlegroups.com
从traceroute看来,到dns前的最后可以看到的那个hops, 8.8.8.8对应的209.85.253.71,8.8.4.4对应的 209.85.250.101 ,其whois结果都是在mountain view ,属于 Google Inc,( Net-range: 209.85.128.0 - 209.85.255.255 )
不知道sunus那边怎么样
On Friday, October 4, 2013 1:56:56 PM UTC+8, Sunus Lee wrote:
Mike
Oct 4, 2013, 9:26:08 AM10/4/13
to tj...@googlegroups.com
好奇你是哪个学校的?
钱仲超
Oct 4, 2013, 9:30:41 AM10/4/13
to tj...@googlegroups.com
我就不吐槽以前住家属区的2B网络了。ping没延迟,但所有的DNS都被劫持,不论国内外————为了用户能看到认证登录的网页界面。
"宋为@凉拌茶叶"
Oct 4, 2013, 9:40:06 AM10/4/13
to tj...@googlegroups.com
一定还为了让你能够看到广告:D
钱仲超
Oct 4, 2013, 10:03:18 AM10/4/13
to tj...@googlegroups.com
广告倒是没有 - -
sunus
Oct 4, 2013, 11:35:56 AM10/4/13
to tj...@googlegroups.com
天津工业大学..测试的环境是教育网.
Richard Ma
Oct 4, 2013, 11:44:32 AM10/4/13
to tjlug
网通没有这个现象,难道是教育网内部伪装的?
Happy Lau
Oct 10, 2013, 3:27:03 AM10/10/13
to tj...@googlegroups.com
联通正常
在 2013年10月4日星期五UTC+8下午1时56分56秒,Sunus Lee写道:
在 2013年10月4日星期五UTC+8下午1时56分56秒,Sunus Lee写道:
mu wei
Dec 24, 2013, 4:23:33 AM12/24/13
to tj...@googlegroups.com
南开大学表示一切正常。traceroute等均没有问题。
SongWeiZhi
Dec 24, 2013, 5:09:49 AM12/24/13
to tj...@googlegroups.com
外网50多ms
--
Reply all
Reply to author
Forward
0 new messages