search

zhxie / pcap2socks

Redirect traffic to SOCKS proxy with pcap.
MIT License
631 stars 76 forks source link

有些电脑或网络下面会出现DNS解析错误 #18

Open terryops opened 2 years ago

terryops commented 2 years ago

远程代理正常,在其他电脑和网络下测试顺利 日志如下:

Listen on \Device\NPF_{9CC2C489-5F32-478B-9575-D08EC625BD52} (Qualcomm Atheros QCA61x4A Wireless Network Adapter) [c8:ff:28:fe:7a:1f]: 10.0.0.21 Use MTU 1500 Publish for 10.10.0.1 Please set the network of your device which is going to be proxied with the following parameters: 鈹屸攢鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹� 鈹� IP Address 10.10.0.2 鈹� 鈹� Mask 255.255.255.0 鈹� 鈹� Gateway 10.10.0.1 鈹� 鈹傗攢鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹� 鈹� MTU <=1500 鈹� 鈹斺攢鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹� Proxy 10.10.0.2/32 to 127.0.0.1:54981 receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) Device 10.10.0.2 (64:b5:c6:15:88:ea) joined the network send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:39425 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54982 -> 8.8.8.8:53 (50 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:49448 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 54984 -> 8.8.8.8:53 (50 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:45663 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63210 -> 8.8.8.8:53 (50 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:20008 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63408 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:20008 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63408 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:20008 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63408 -> 8.8.8.8:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:20008 -> 8.8.8.8:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 63408 -> 8.8.8.8:53 (50 Bytes)

zhxie commented 2 years ago

Seems same as #11.

看上去同#11 类似,但因为没有抓包的记录,所以其实我也不知道在什么电脑,什么网络下会发生这一问题。

terryops commented 2 years ago

看上去是类似,应该是一样的问题。 我是用来加速switch,然后连不上网络,提示是DNS解析失败。 我判断switch去访问某个网站,然后请求dns,但是返回了空值或者返回值不正常,所以重新请求。 不知道有没有给你一些启发?

zhxie commented 2 years ago

Could you run pcap2socks with arguments -vv and provide me with the log? In addition, can you try another DNS like 233.5.5.5, to see if it works normally?

可以烦请在启动 pcap2socks 时附上 -vv 参数然后提供一下日志吗?另外,可以试试使用别的 DNS,比如 223.5.5.5,看看是否能正常运行吗?

terryops commented 2 years ago

试过换DNS,包括223.5.5.5,但是还是不行。 -vv之后的log如下:

Listen on \Device\NPF_{3A19C912-1AE1-4AC5-8839-5DFA5C5CAA9C} (Realtek PCIe GbE Family Controller) [38:d5:47:14:50:26]: 192.168.3.18 Use MTU 1500 Publish for 10.10.0.1 Please set the network of your device which is going to be proxied with the following parameters: 鈹屸攢鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹� 鈹� IP Address 10.10.0.2 鈹� 鈹� Mask 255.255.255.0 鈹� 鈹� Gateway 10.10.0.1 鈹� 鈹傗攢鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹� 鈹� MTU <=1500 鈹� 鈹斺攢鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹€鈹� set local IP address to 10.10.0.1 Proxy 10.10.0.2/32 to 127.0.0.1:58862 send to pcap: ARP: 10.10.0.1 -> 10.10.0.1, Operation = Request (42 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) set source hardware address of 10.10.0.2 to 70:48:f7:cd:df:6b Device 10.10.0.2 (70:48:f7:cd:df:6b) joined the network send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) registering event source with poller: token=Token(0), interests=READABLE | WRITABLE registering event source with poller: token=Token(1), interests=READABLE | WRITABLE create datagram 10.10.0.2:37535 = 59810 bind UDP port 59810 = 10.10.0.2:37535 send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:37535 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 59810 -> 114.114.114.114:53 (50 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) registering event source with poller: token=Token(2), interests=READABLE | WRITABLE registering event source with poller: token=Token(3), interests=READABLE | WRITABLE create datagram 10.10.0.2:29172 = 51565 bind UDP port 51565 = 10.10.0.2:29172 send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:29172 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51565 -> 114.114.114.114:53 (50 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) registering event source with poller: token=Token(4), interests=READABLE | WRITABLE registering event source with poller: token=Token(5), interests=READABLE | WRITABLE create datagram 10.10.0.2:23733 = 51567 bind UDP port 51567 = 10.10.0.2:23733 send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:23733 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51567 -> 114.114.114.114:53 (50 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) registering event source with poller: token=Token(6), interests=READABLE | WRITABLE registering event source with poller: token=Token(7), interests=READABLE | WRITABLE create datagram 10.10.0.2:21652 = 51569 bind UDP port 51569 = 10.10.0.2:21652 send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:21652 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51569 -> 114.114.114.114:53 (50 Bytes) receive from pcap: ARP: 10.10.0.2 -> 10.10.0.1, Operation = Request (42 Bytes) send to pcap: ARP: 10.10.0.1 -> 10.10.0.2, Operation = Reply (42 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) registering event source with poller: token=Token(8), interests=READABLE | WRITABLE registering event source with poller: token=Token(9), interests=READABLE | WRITABLE create datagram 10.10.0.2:62779 = 51571 bind UDP port 51571 = 10.10.0.2:62779 send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes) receive from pcap: UDP: 10.10.0.2:62779 -> 114.114.114.114:53, Length = 48 (42 + 40 Bytes) send to proxy: UDP: 51571 -> 114.114.114.114:53 (50 Bytes)

zhxie commented 2 years ago

Observing the log, I found that pcap2socks did not receive any reply from the proxy. Please follow the steps below to troubleshoot:

  1. Confirm whether SOCKS5 proxy 127.0.0.1:58862 is enabled with UDP support
  2. Use stunxy, ninat or Natch to test the UDP connectivity of the network
  3. Use Wireshark to capture packets

观察日志的话,我发现 pcap2socks 没有从 proxy 侧收到回复。烦请按照以下的步骤排查:

  1. 确认 SOCKS5 代理 127.0.0.1:58862 是否启用了 UDP 支持
  2. 使用 stunxyninatNatch 测试网络的 UDP 连通性
  3. 使用 Wireshark 等抓包应用抓包
JolyonJostar commented 2 years ago

今天遇到了这个问题,用的是shadowsocks,我把模式从pac改成全局就解决了