tcp - 为什么使用 hping3 使用假源 IP 地址 ping 本地地址可以收到响应？

Question

我像这样运行命令：

hping3 192.168.1.10 -a 1.1.1.1

输出如下：

HPING 192.168.1.10 (en0 192.168.1.10): NO FLAGS are set, 40 headers + 0 data bytes
len=40 ip=192.168.1.10 ttl=64 id=33456 sport=0 flags=RA seq=0 win=0 rtt=1.1 ms
len=40 ip=192.168.1.10 ttl=64 id=24121 sport=0 flags=RA seq=1 win=0 rtt=0.1 ms
len=40 ip=192.168.1.10 ttl=64 id=3236 sport=0 flags=RA seq=2 win=0 rtt=0.2 ms
len=40 ip=192.168.1.10 ttl=64 id=61692 sport=0 flags=RA seq=3 win=0 rtt=0.2 ms
len=40 ip=192.168.1.10 ttl=64 id=15728 sport=0 flags=RA seq=4 win=0 rtt=0.2 ms
^C
--- 192.168.1.10 hping statistic ---
5 packets tramitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.4/1.1 ms

并通过本地机器上的 tcpump：

$ sudo tcpdump host 1.1.1.1
Password:
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
10:23:36.822615 IP 192.168.1.10.0 > one.one.one.one.rsap: Flags [R.], seq 0, ack 2065105878, win 0, length 0
10:23:37.823681 IP 192.168.1.10.0 > one.one.one.one.concurrent-lm: Flags [R.], seq 0, ack 672263270, win 0, length 0
10:23:38.826824 IP 192.168.1.10.0 > one.one.one.one.kermit: Flags [R.], seq 0, ack 1563876222, win 0, length 0
10:23:39.830404 IP 192.168.1.10.0 > one.one.one.one.nkd: Flags [R.], seq 0, ack 1283038394, win 0, length 0
10:23:40.833370 IP 192.168.1.10.0 > one.one.one.one.shiva_confsrvr: Flags [R.], seq 0, ack 186762329, win 0, length 0
10:23:41.834124 IP 192.168.1.10.0 > one.one.one.one.xnmp: Flags [R.], seq 0, ack 1670612994, win 0, length 0
10:23:42.838885 IP 192.168.1.10.0 > one.one.one.one.alphatech-lm: Flags [R.], seq 0, ack 1276848919, win 0, length 0
10:23:43.842073 IP 192.168.1.10.0 > one.one.one.one.stargatealerts: Flags [R.], seq 0, ack 1793953901, win 0, length 0
10:23:44.846601 IP 192.168.1.10.0 > one.one.one.one.dec-mbadmin: Flags [R.], seq 0, ack 790578368, win 0, length 0
10:23:45.851313 IP 192.168.1.10.0 > one.one.one.one.dec-mbadmin-h: Flags [R.], seq 0, ack 1015896230, win 0, length 0
10:23:46.854682 IP 192.168.1.10.0 > one.one.one.one.fujitsu-mmpdc: Flags [R.], seq 0, ack 399151884, win 0, length 0
10:23:47.858144 IP 192.168.1.10.0 > one.one.one.one.sixnetudr: Flags [R.], seq 0, ack 1964033843, win 0, length 0
10:23:48.860881 IP 192.168.1.10.0 > one.one.one.one.sg-lm: Flags [R.], seq 0, ack 1593356211, win 0, length 0
10:23:49.863557 IP 192.168.1.10.0 > one.one.one.one.skip-mc-gikreq: Flags [R.], seq 0, ack 395378252, win 0, length 0
10:23:50.867165 IP 192.168.1.10.0 > one.one.one.one.netview-aix-1: Flags [R.], seq 0, ack 1055206979, win 0, length 0
10:23:51.868183 IP 192.168.1.10.0 > one.one.one.one.netview-aix-2: Flags [R.], seq 0, ack 751066644, win 0, length 0
^C
16 packets captured
229 packets received by filter
0 packets dropped by kernel

我的问题是：

为什么我可以收到来自 hping3 输出的响应？ICMP 响应应该转到 1.1.1.1，我应该收到任何东西。
为什么我的 tcpdump 只显示 localhost 到 1.1.1.1，没有从 1.1.1.1 到我的 IP 的数据包？

tcp - 为什么使用 hping3 使用假源 IP 地址 ping 本地地址可以收到响应？

0 回答 0

Related

Reference