标签:server capture client routing src apt dna dnat net
简介
Client: 192.168.189.149
Proxy: 172.19.222.16
RealServer: 192.100.13.203
拓扑图
实验
一、(对应拓扑图中的列1)
配置
-A PREROUTING -p tcp -d 172.19.222.16/32 --dport 3389 -j DNAT --to-destination 192.100.13.203:3389 -A POSTROUTING -j MASQUERADE
抓包分析(Client: nc -w2 -t -v 172.19.222.16 3389 Proxy: tcpdump -nn port 3389)
[root@tv_proxy ~]# tcpdump -nn port 3389 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 01:37:06.476695 IP 192.168.189.149.58685 > 172.19.222.16.3389: Flags [S], seq 1226688947, win 65535, options [mss 1240,nop,wscale 5,nop,nop,TS val 788372890 ecr 0,sackOK,eol], length 0 01:37:06.476765 IP 172.19.222.16.58685 > 192.100.13.203.3389: Flags [S], seq 1226688947, win 65535, options [mss 1240,nop,wscale 5,nop,nop,TS val 788372890 ecr 0,sackOK,eol], length 0 01:37:06.483030 IP 192.100.13.203.3389 > 172.19.222.16.58685: Flags [S.], seq 3555435495, ack 1226688948, win 8192, options [mss 1448,nop,wscale 8,sackOK,TS val 1118072622 ecr 788372890], length 0 01:37:06.483093 IP 172.19.222.16.3389 > 192.168.189.149.58685: Flags [S.], seq 3555435495, ack 1226688948, win 8192, options [mss 1448,nop,wscale 8,sackOK,TS val 1118072622 ecr 788372890], length 0 01:37:06.487023 IP 192.168.189.149.58685 > 172.19.222.16.3389: Flags [.], ack 1, win 4106, options [nop,nop,TS val 788372901 ecr 1118072622], length 0 01:37:06.487040 IP 172.19.222.16.58685 > 192.100.13.203.3389: Flags [.], ack 1, win 4106, options [nop,nop,TS val 788372901 ecr 1118072622], length 0 01:37:08.503085 IP 192.168.189.149.58685 > 172.19.222.16.3389: Flags [F.], seq 1, ack 1, win 4106, options [nop,nop,TS val 788374912 ecr 1118072622], length 0 01:37:08.503129 IP 172.19.222.16.58685 > 192.100.13.203.3389: Flags [F.], seq 1, ack 1, win 4106, options [nop,nop,TS val 788374912 ecr 1118072622], length 0 01:37:08.503704 IP 192.100.13.203.3389 > 172.19.222.16.58685: Flags [.], ack 2, win 259, options [nop,nop,TS val 1118072824 ecr 788374912], length 0 01:37:08.503729 IP 172.19.222.16.3389 > 192.168.189.149.58685: Flags [.], ack 2, win 259, options [nop,nop,TS val 1118072824 ecr 788374912], length 0
验证了IP包的(拓扑图中列1 (1) -> (2) ->(3) ->(4) )走向
二、(对应拓扑图中的列2)
配置
-A PREROUTING -p tcp -d 172.19.222.16/32 --dport 3389 -j DNAT --to-destination 192.100.13.203:3389
抓包分析(Client: nc -w2 -t -v 172.19.222.16 3389 )
Proxy: tcpdump -nn port 3389
[root@tv_proxy ~]# tcpdump -nn port 3389 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 01:33:07.135139 IP 192.168.189.149.58678 > 172.19.222.16.3389: Flags [S], seq 532017972, win 65535, options [mss 1240,nop,wscale 5,nop,nop,TS val 788133903 ecr 0,sackOK,eol], length 0 01:33:07.135227 IP 192.168.189.149.58678 > 192.100.13.203.3389: Flags [S], seq 532017972, win 65535, options [mss 1240,nop,wscale 5,nop,nop,TS val 788133903 ecr 0,sackOK,eol], length 0
RealServer: tcpdump -nn port 3389
[root@fortress ~]# tcpdump -i ens192 -nn port 3389
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens192, link-type EN10MB (Ethernet), capture size 65535 bytes
01:46:13.647774 IP 192.168.189.149.58678 > 192.100.13.203.3389: Flags [S], seq 20768373, win 65535, options [mss 1240,nop,wscale 5,nop,nop,TS val 788919097 ecr 0,sackOK,eol], length 0
01:46:13.647846 IP 192.100.13.203.3389 > 192.168.189.149.58678: Flags [S.], seq 752203413, ack 20768374, win 14480, options [mss 1460,sackOK,TS val 1766913754 ecr 788919097,nop,wscale 7], length 0
标签:server capture client routing src apt dna dnat net
原文地址:http://www.cnblogs.com/metasequoia/p/6510758.html