Tcpdump: verbose output suppressed, or use - v - vv for full protocol decode
Listening on eth0, link -type EN10MB (Ethernet), capture the size of 262144 bytes
03:16:21. 727402 7 e: e8:8 c: a6:3 e: 22 & gt; 00:00:5 e: 00:01:6 e , ethertype IPv4 (0 x0800), length: 66 167.71.156.49.29775 & gt; 157.245.121.35.9010: Flags [S], seq 763495115, Windows 29200, the options (1460 MSS, nop, nop, sackOK, nop, wscale 8], length 0
.
03:16:21. 805106 9 c: cc: 83:8 d: 78-74 & gt; 7 e: e8:8 c: a6:3 e: 22, ethertype IPv4 (0 x0800), length: 66 157.245.121.35.9010 & gt; 167.71.156.49.29775: Flags [S], seq 636224093, ack, 763495116, 29200, win the options (1460 MSS, nop, nop, sackOK, nop, wscale 8], length 0
.
03:16:21. 805179 7 e: e8:8 c: a6:3 e: 22 & gt; 00:00:5 e: 00:01:6 e, ethertype IPv4 (0 x0800), length: 54 167.71.156.49.29775 & gt; 157.245.121.35.9010: Flags [.], ack 1, win 115, length 0
7: e e8:8 c: a6:3 e: 22 native 167.71.156.49 corresponding MAC
00:00:5 e: 00:01:6 e native gateway MAC
Two cloud hosting have public IP, tcpdump caught, found three times handshake the MAC address is not the same as above, who can explain? Why the SYN ACK MAC without gateway
CodePudding user response:
Layer 3 switches? If it is the two net is through the layer 3 switches do routing, I think I should will appear this kind of phenomenon, you are on a grab bag, initiate initiate the SYN and ACK, because it is across the network segment, so the bags are sent to you first gateway, but back to the time of the SYN + ACK to end, because is a layer 3 switches is a routing, forward for many times, it will find the destination MAC address and port correspondence already exists, so will be forwarded directly, rather than the route again, so come and package, the source MAC address is on the MAC address, not your gateway address,CodePudding user response:
Layer 3 switches? If these two network is through the layer 3 switches do routing, I think I should will appear this kind of phenomenon, because you are on a grab bag, so a launch the SYN and ACK, because it is across the network segment, therefore the gateway packet is sent to you, but for the side back to the SYN + ACK, because is the layer 3 switches, layer 3 switches is a routing, forward for many times, it will find the destination IP address, MAC address and port correspondence already exists, so will be forwarded directly, rather than the route again, so come and package, the source MAC address is on the MAC address, not your gateway address, in the end you grab a computer bag, should and this is back up,