Answer the question
In order to leave comments, you need to log in
A
A
Alexander Lipatov2017-12-04 16:00:13
Alexander Lipatov, 2017-12-04 16:00:13
Gray IPs in the source of the packet, from where?
Actually, I’ve been thinking about what day it is, what’s the matter and why, when sending packets from the local network (behind NAT), the packets fly to the Internet with a source address with a gray IP!
Log from Uncle Lesha (provider admin):
Посмотрел ваш трафик, возможно на выходе не все попадает под NAT/firewall, вот срез с нашего роутера, интерфейс Gi0/NAME_INTERFACE - это
VLAN ваш, пакеты с приватными адресами летят "наружу":
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Gi0/NAME_INTERFACE ***Local_ip**** Null 64.233.165.113 11 D769 01BB 3
Gi0/NAME_INTERFACE ***Local_ip**** Null 52.17.203.231 06 FAAE 040C 7
Gi0/NAME_INTERFACE ***Local_ip**** Null 74.125.205.189 11 F8EF 01BB 1
Gi0/NAME_INTERFACE ***Local_ip**** Null 52.17.203.231 06 E6A4 040C 3
Gi0/NAME_INTERFACE ***Local_ip**** Null 64.233.165.139 06 D163 01BB 1NAT is naturally included, there are forwards. Uncle Lesha should see the external IP given to us, right? And in fact, in such a scenario that its "extreme" border router cuts off these packets, since the answer will come to them, and this affects the quality of the "Internet services" that we receive ..
And packets with a source address with a local IP on the external interface, only the mystery is that it is not a full-fledged subnet, but from different subnets, packets selectively fly ... As an example:
09:23:12.451428 IP ***LOCAL_IP***.63440 > 94.100.180.72.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:12.454861 IP ***LOCAL_IP***.63435 > 94.100.180.76.443: Flags [F.], seq 3091904178, ack 4143344419, win 1020, length 0
09:23:12.454880 IP ***LOCAL_IP***.63435 > 94.100.180.76.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:12.454892 IP ***LOCAL_IP***.63433 > 217.69.139.244.443: Flags [F.], seq 3268938754, ack 859051175, win 65535, length 0
09:23:12.455099 IP ***LOCAL_IP***.63433 > 217.69.139.244.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:12.456098 IP ***LOCAL_IP***.63432 > 217.69.139.244.443: Flags [F.], seq 1193167781, ack 3677299424, win 1021, length 0
09:23:12.456344 IP ***LOCAL_IP***.63432 > 217.69.139.244.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:13.416121 IP ***LOCAL_IP***.63444 > 184.31.10.65.443: Flags [F.], seq 2954132686, ack 1776309780, win 1022, length 0
09:23:13.416135 IP ***LOCAL_IP***.63444 > 184.31.10.65.443: Flags [R.], seq 1, ack 1, win 0, length 0
09:23:16.264048 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 4112172240, ack 2323109567, win 16425, length 0
09:23:16.564170 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 0, ack 1, win 16425, length 0
09:23:17.160054 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 0, ack 1, win 16425, length 0
09:23:18.361985 IP ***LOCAL_IP***.50225 > 188.43.61.140.80: Flags [F.], seq 0, ack 1, win 16425, length 0Somewhere buried "curvature of the hands" or software?
Similar questions
R
R
O
N
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question