没有收到所有ICMP超时消息:为什么? [英] not getting all ICMP time-exceeded messages: why?

问题描述

我正在使用Scapy重播一些我更改了TTL值的转储数据包.即使使用TTL = 1，我也得到了非常奇怪的结果.

I'm using Scapy to replay some dumped packets in which I change the TTL value. I've been getting very odd results even with TTL=1.

当我将测试时间彼此分开运行时，可以收到大约40％到95％的经过ICMP超时消息回复的数据包.然后，我可以递归地重播未答复的数据包，并每次都获得与以前大致相同百分比的已答复数据包.

When I run my test hours apart from each other, I can get from roughly 40% to 95% of packets replied to with an ICMP time-exceeded message. Then I can recursively replay unanswered packets and get each time more or less the same percentage of answered packets as before.

那是为什么?

我一直在发送数据包，彼此之间的间隔为0.1秒.这样应该可以吧?我的超时值为10s，应该非常保守.

I've been sending packets with an interval of 0.1 seconds between each other. This should be ok, right? My timeout value is 10s, which should be very conservative.

这是怎么了?

推荐答案

实际上，您要说的是，在给定的时间范围内，您只能测试这么多无法访问的主机.可能的原因之一:许多路由器都对ICMP消息进行速率限制.

What you're saying is essentially you can only test for so many unreachable hosts in a given span of time. One possible reason: many routers rate-limit ICMP messages.

在做其他事情之前，先测试主机成功完成ping更好；这样，您就可以肯定性地达到可及性.缺点是MS Windows默认会阻止ping操作.

It is much better to test for a ping success to a host before doing something else; this way you have positive confirmation of reachability. The downside is MS Windows blocks pings by default.

如果您不能先​​ping，则需要增加两次探测之间的时间，或者提高正在返回ICMP消息的路由器上的ICMP不可达速率.

If you can't ping first, then you'll need to increase the time between your probes, or raise the ICMP unreachable rate on the router that is returning the ICMP messages.

根据评论，您似乎正在碰壁scapy的处理流量的能力.过去，通过发送scapy并在后台生成tcpdump来接收流量，可以提高吞吐量.

Based on the comments, it looks like you're hitting a wall for scapy's ability to process traffic. I have improved throughput in the past by sending with scapy and spawning tcpdump in the background to receive traffic.

这篇关于没有收到所有ICMP超时消息:为什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！