本篇文章給大家帶來的內容是關于如何處理能 ping 通但端口不通時端口可用性探測,有一定的參考價值,有需要的朋友可以參考一下,希望對你有所幫助。
能 ping 通但端口不通時端口可用性探測說明
端口可用性探測工具介紹
不同的操作系統,端口可用性探測所使用的工具也有所不同。
linux 環境下端口可用性探測工具介紹
traceroute 是幾乎所有 Linux 發行版本預裝的網絡測試工具,用于跟蹤 Internet 協議(IP)數據包傳送到目標地址時經過的路徑。您可以通過 traceroute 工具進行端口可用性探測。
traceroute 通過發送 TCP 數據包向目標端口進行探測,以檢測從數據包源到目標服務器的整個鏈路上相應端口的連通性情況。traceroute 端口可用性探測常見用法如下:
traceroute?[-n]?-T?-p??Host
示例
[root@centos~]#??traceroute?-n?-T?-p?22?223.5.5.5 traceroute?to?223.5.5.5?(223.5.5.5),?30?hops?max,?60?byte?packets ?1??58.96.171.249??0.431?ms??0.538?ms??0.702?ms ?2??10.88.16.29??0.997?ms??1.030?ms?10.88.16.21??1.309?ms ?3??58.96.160.246??0.393?ms??0.390?ms?58.96.160.250??0.423?ms ?4??63.218.56.237??1.110?ms?202.123.74.122??0.440?ms??0.440?ms ?5??63.223.15.90??1.744?ms?63.218.56.237??1.076?ms??1.232?ms ?6??63.223.15.158??1.832?ms?63.223.15.90??1.663?ms?63.223.15.74??1.616?ms ?7??202.97.122.113??2.776?ms?63.223.15.154??1.585?ms??1.606?ms ?8??*?*?202.97.122.113??2.537?ms ?9??202.97.61.237??6.856?ms?*?* 10??*?*?* 11??*?*?* 12??*?*?119.147.220.222??8.738?ms 13??119.147.220.230??8.248?ms??8.231?ms?* 14??*?42.120.242.230??32.305?ms?42.120.242.226??29.877?ms 15??42.120.242.234??11.950?ms?42.120.242.222??23.853?ms?42.120.242.218??29.831?ms 16??42.120.253.2??11.007?ms?42.120.242.234??13.615?ms?42.120.253.2??11.956?ms 17??42.120.253.14??21.578?ms?42.120.253.2??13.236?ms?* 18??*?*?223.5.5.5??12.070?ms?!X
參數說明
-n 直接使用 IP 地址而非主機名稱(禁用 DNS 反查)。
-T 通過 TCP 探測。
-p 探測目標端口號。
Host 目標服務器域名或 IP。
更多關于 traceroute 的用法,您可以通過man幫助查閱。
windows 環境下端口可用性探測工具介紹
Windows 環境下,您可通過 tracetcp 進行端口可用性探測。
tracetcp 同樣通過發送 TCP 數據包進行鏈路探測,以分析是否有鏈路中間節點對目標端口做了阻斷。
下載安裝
tracetcp 的使用依賴于 WinPcap library,因此,您需要前往官網下載。
點擊此處前往官網下載最新版 tracetcp。或者,您也可以下載附件 v1.0.2 版 tracetcp(可能并非最新版)。
將下載的 tracetcp 相關文件直接解壓到 C:Windows 目錄。(如果解壓到非系統目錄,則需要手工修改系統環境變量,以確保指令可以直接調用)
使用方法
雙擊打開 tracetcp 應用程序,tracetcp 的常見用法如下:
tracetcp?:
示例
C:?>tracetcp?www.aliyun.com:80 Tracing?route?to?140.205.63.8?on?port?80 Over?a?maximum?of?30?hops. 1???????3?ms????4?ms????3?ms????30.9.176.1 2???????13?ms???3?ms????4?ms????10.64.200.33 3???????3?ms????3?ms????2?ms????10.64.1.1 4???????4?ms????3?ms????3?ms????42.120.74.4 5???????5?ms????4?ms????7?ms????42.120.253.233 6???????6?ms????5?ms????7?ms????42.120.247.97 7???????8?ms????8?ms????8?ms????42.120.247.97 8???????10?ms???10?ms???8?ms????123.56.34.246 9???????9?ms????9?ms????11?ms???42.120.243.117 10??????*???????*???????*???????Request?timed?out. 11??????Destination?Reached?in?8?ms.?Connection?established?to?140.205.63.8 Trace?Complete.
關于更多 tracetcp 參數說明,您可以通過 tracetcp -? 獲取和查看。
端口可用性探測步驟
通常情況下,您可以:
根據前文所述,使用對應工具對目標地址的目標端口進行可用性探測。
排查分析探測結果,確定異常節點。
通過 ip.taobao.com 等 IP 地址查詢網站獲取相應節點歸屬運營商及網絡。
或者提交工單,阿里云將為您向相關運營商反饋問題。
鏈路測試結果分析簡述
異常節點判定方法:如果相關端口在某一跳被阻斷,則其后各跳均不會返回數據。據此就可以判定出異常節點。
示例1
C:>tracetcp?www.aliyun.com:135 Tracing?route?to?115.239.210.27?on?port?135 Over?a?maximum?of?30?hops. 1???????3?ms????3?ms????3?ms????30.9.176.1 2???????4?ms????3?ms????3?ms????10.64.200.33 3???????3?ms????3?ms????3?ms????10.64.1.1 4???????*???????*???????*???????Request?timed?out. 5???????*???????*???????*???????Request?timed?out. 6???????*???????*???????*???????Request?timed?out. 7???????*???????*???????*???????Request?timed?out. 8???????*???????*???????*???????Request?timed?out. 9???????*???????*???????*???????Request?timed?out. 10??????*???????*???????*???????Request?timed?out. 11??????*???????*???????*???????Request?timed?out. 12??????*???????*???????*???????Request?timed?out. 13??????*???????*???????*???????Request?timed?out. 14??????*???????*???????*???????Request?timed?out. 15??????*???????*???????*???????Request?timed?out. 16??????*???????*???????*???????Request?timed?out. 17??????*???????*???????*???????Request?timed?out. 18??????*???????*???????*???????Request?timed?out. 19??????*???????*???????*???????Request?timed?out. 20??????*???????*???????*???????Request?timed?out. 21??????*???????*???????*???????Request?timed?out. 22??????*???????*???????*???????Request?timed?out. 23??????*???????*???????*???????Request?timed?out. 24??????*???????*???????*???????Request?timed?out. 25??????*???????*???????*???????Request?timed?out. 26??????*???????*???????*???????Request?timed?out. 27??????*???????*???????*???????Request?timed?out. 28??????*???????*???????*???????Request?timed?out. 29??????*???????*???????*???????Request?timed?out. 30??????*???????*???????*???????Request?timed?out. Trace?Complete.
上述探測數據中,目標端口在第 3 跳之后就沒有數據返回。說明相應端口在該節點被阻斷。
示例結論:因為該節點為內網 IP,可能是本地網絡相關安全策略所致,您需要聯系本地網絡管理人員做進一步排查分析。
示例2
[root@mycentos?~]#?traceroute?-T?-p?135?www.baidu.com traceroute?to?www.baidu.com?(111.13.100.92),?30?hops?max,?60?byte?packets ?1??*?*?* ?2??192.168.17.20?(192.168.17.20)??4.115?ms??4.397?ms??4.679?ms ?3??111.1.20.41?(111.1.20.41)??901.921?ms??902.762?ms??902.338?ms ?4??111.1.34.197?(111.1.34.197)??2.187?ms??1.392?ms??2.266?ms ?5??*?*?* ?6??221.183.19.169?(221.183.19.169)??1.688?ms??1.465?ms??1.475?ms ?7??221.183.11.105?(221.183.11.105)??27.729?ms??27.708?ms??27.636?ms ?8??*?*?* ?9??*?*?* 10??111.13.98.249?(111.13.98.249)??28.922?ms?111.13.98.253?(111.13.98.253)??29.030?ms??28.916?ms 11??111.13.108.22?(111.13.108.22)??29.169?ms??28.893?ms?111.13.108.33?(111.13.108.33)??30.986?ms 12??*?*?* 13??*?*?* 14??*?*?* 15??*?*?* 16??*?*?* 17??*?*?* 18??*?*?* 19??*?*?* 20??*?*?* 21??*?*?* 22??*?*?* 23??*?*?* 24??*?*?* 25??*?*?* 26??*?*?* 27??*?*?* 28??*?*?* 29??*?*?* 30??*?*?*
上述探測數據中,目標端口在第 11 跳之后就沒有數據返回。說明相應端口在該節點被阻斷。
示例結論:因為該節點經查詢歸屬北京移動,所以您需要自行排查,或者提交工單做進一步排查分析。
