当前位置:网站首页>connection reset by peer
connection reset by peer
2022-07-06 17:32:00 【Tang Monk riding white horse】
1、connection reset by peer?
From the perspective of application layer logs , It's almost impossible to be sure connection reset by peer The underlying reason . therefore , We started the work of capturing bags . The specific way is :
- We need to choose one end to do bag grabbing , This is the client ;
- Check the application log , Found that it appeared in a few minutes connection reset by peer The error of ;
- Compare the error log with the packet capture file , Look for clues .
Let's take a look first , What do these error logs look like :
2015/12/01 15:49:48 [info] 20521#0: *55077498 recv() failed (104: Connection reset by peer) while sending to client, client: 10.255.252.31, server: manager.example.com, request: "POST /WebPageAlipay/weixin/notify_url.htm HTTP/1.1", upstream: "http:/10.4.36.207:8080/WebPageAlipay/weixin/notify_url.htm", host: "manager.example.com"
2015/12/01 15:49:54 [info] 20523#0: *55077722 recv() failed (104: Connection reset by peer) while sending to client, client: 10.255.252.31, server: manager.example.com, request: "POST /WebPageAlipay/app/notify_url.htm HTTP/1.1", upstream: "http:/10.4.36.207:8080/WebPageAlipay/app/notify_url.htm", host: "manager.example.com"
2015/12/01 15:49:54 [info] 20523#0: *55077710 recv() failed (104: Connection reset by peer) while sending to client, client: 10.255.252.31, server: manager.example.com, request: "POST /WebPageAlipay/app/notify_url.htm HTTP/1.1", upstream: "http:/10.4.36.207:8080/WebPageAlipay/app/notify_url.htm", host: "manager.example.com"
2015/12/01 15:49:58 [info] 20522#0: *55077946 recv() failed (104: Connection reset by peer) while sending to client, client: 10.255.252.31, server: manager.example.com, request: "POST /WebPageAlipay/app/notify_url.htm HTTP/1.1", upstream: "http:/10.4.36.207:8080/WebPageAlipay/app/notify_url.htm", host: "manager.example.com"
2015/12/01 15:49:58 [info] 20522#0: *55077965 recv() failed (104: Connection reset by peer) while sending to client, client: 10.255.252.31, server: manager.example.com, request: "POST /WebPageAlipay/app/notify_url.htm HTTP/1.1", upstream: "http:/10.4.36.207:8080/WebPageAlipay/app/notify_url.htm", host: "manager.example.com"
Log analysis
- recv() failed: there recv() It's a system call , That is to say Linux Network programming interface . Its function is , It's easy to understand literally , It is used to receive data . We can directly man recv, See the details of this system call , It also includes its various abnormal status codes .
- 104: This number is also related to system calls , It is recv() Call a status code when an exception occurs , This is given by the operating system . stay Linux In the system ,104 The corresponding is ECONNRESET, It is also a TCP Connected by RST Abnormal closing of message .
- upstream: stay Nginx In the terminology of reverse proxy software ,upstream Refers to the back-end server . in other words , The client sends the request to Nginx,Nginx Will forward the request to upstream, Wait for the latter to reply HTTP After response ,Nginx Reply this response to the client . Be careful , there “ client <->Nginx” and “Nginx<->upstream” It's two separate TCP Connect , It's just like the picture below :
2、wireshark Common filters
ip.addr eq my_ip: Filter out source IP Or purpose IP by my_ip Message of
ip.src eq my_ip: Filter out source IP by my_ip Message of
ip.dst eq my_ip: Filter out the purpose IP by my_ip Message of
tcp.seq eq 1 and tcp.ack eq 1 RST The serial number of is 1, The confirmation number is also 1
frame.time >="dec 01, 2015 15:49:48" and frame.time <="dec 01, 2015 15:49:49" #frame.time filter
frame.time >="dec 01, 2015 15:49:48" and frame.time <="dec 01, 2015 15:49:49" and ip.addr eq 10.255.252.31 and tcp.flags.reset eq 1 and !(tcp.seq eq 1 or tcp.ack eq 1)
find TCP RST message . This requires another type of filter , That is to say tcp.flags, And here it is flags, Namely SYN、ACK、FIN、PSH、RST etc. TCP Sign a .
about RST message , The filter condition is :
tcp.flags.reset eq 1
ip.addr eq 10.255.252.31 and tcp.flags.reset eq 1
3、 Kernel call of client handshake
Client initiates connection , These system calls are called in turn :
- socket()
- connect()
The server listens to the port and provides services , Then the following system calls should be called in turn :
- socket()
- bind()
- listen()
- accept()
The user space program of the server should use TCP Connect , First, get the last interface above , That is to say accept() Return of call . and accept() The premise that the call can return successfully , It is normal to complete three handshakes .
边栏推荐
猜你喜欢
yarn : 无法加载文件 D:\ProgramFiles\nodejs\yarn.ps1,因为在此系统上禁止运行脚本
【逆向初级】独树一帜
1. JVM入门介绍
[reverse primary] Unique
2021-03-22 "display login screen during recovery" can't be canceled. The appearance of lock screen interface leads to the solution that the remotely connected virtual machine can't work normally
信息与网络安全期末复习(基于老师给的重点)
Flink源码解读(二):JobGraph源码解读
JVM之垃圾回收器上篇
虚拟机启动提示Probing EDD (edd=off to disable)错误
Take you hand-in-hand to do intensive learning experiments -- knock the level in detail
随机推荐
JVM之垃圾回收器上篇
EasyRE WriteUp
04个人研发的产品及推广-数据推送工具
vscode
[reverse intermediate] eager to try
Redis installation on centos7
关于Stream和Map的巧用
Instructions for Redux
基于Infragistics.Document.Excel导出表格的类
MySQL报错解决
JVM垃圾回收概述
【逆向初级】独树一帜
Wu Jun trilogy insight (IV) everyone's wisdom
Redis快速入门
MySQL advanced (index, view, stored procedure, function, password modification)
Program counter of JVM runtime data area
自动化运维利器-Ansible-Playbook
集成开发管理平台
[mmdetection] solves the installation problem
MySQL Advanced (index, view, stored procedures, functions, Change password)