主页 / computer / 问题 / 1744411
Accepted
RedRum
Asked: 2022-09-27 05:30:25 +0800 CST

发送高 ICMPv6 邻居请求是否正常?

  • 772

我怀疑我的家庭网络可能被恶意行为者入侵和使用。

我是网络菜鸟,所以我想知道发送的邻居请求 > 2000 是否正常?

我通过运行命令获得了这些统计信息netstat -s

IPv4 Statistics

  Packets Received                   = 44873
  Received Header Errors             = 0
  Received Address Errors            = 0
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 1
  Received Packets Discarded         = 3479
  Received Packets Delivered         = 62550
  Output Requests                    = 48541
  Routing Discards                   = 0
  Discarded Output Packets           = 389
  Output Packet No Route             = 0
  Reassembly Required                = 0
  Reassembly Successful              = 0
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0

IPv6 Statistics

  Packets Received                   = 1991
  Received Header Errors             = 0
  Received Address Errors            = 0
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 0
  Received Packets Discarded         = 1229
  Received Packets Delivered         = 34570
  Output Requests                    = 36382
  Routing Discards                   = 0
  Discarded Output Packets           = 1979
  Output Packet No Route             = 0
  Reassembly Required                = 0
  Reassembly Successful              = 0
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0

ICMPv4 Statistics

                            Received    Sent
  Messages                  509         444
  Errors                    0           0
  Destination Unreachable   462         416
  Time Exceeded             19          0
  Parameter Problems        0           0
  Source Quenches           0           0
  Redirects                 0           0
  Echo Replies              16          12
  Echos                     12          16
  Timestamps                0           0
  Timestamp Replies         0           0
  Address Masks             0           0
  Address Mask Replies      0           0
  Router Solicitations      0           0
  Router Advertisements     0           0

ICMPv6 Statistics

                            Received    Sent
  Messages                  947         3080
  Errors                    0           0
  Destination Unreachable   943         943
  Packet Too Big            0           0
  Time Exceeded             0           0
  Parameter Problems        0           0
  Echos                     0           0
  Echo Replies              0           0
  MLD Queries               0           0
  MLD Reports               0           0
  MLD Dones                 0           0
  Router Solicitations      0           6
  Router Advertisements     0           0
  Neighbor Solicitations    2           2127
  Neighbor Advertisements   2           4
  Redirects                 0           0
  Router Renumberings       0           0

TCP Statistics for IPv4

  Active Opens                        = 1454
  Passive Opens                       = 543
  Failed Connection Attempts          = 132
  Reset Connections                   = 219
  Current Connections                 = 36
  Segments Received                   = 38050
  Segments Sent                       = 34308
  Segments Retransmitted              = 743

TCP Statistics for IPv6

  Active Opens                        = 85
  Passive Opens                       = 5
  Failed Connection Attempts          = 79
  Reset Connections                   = 2
  Current Connections                 = 0
  Segments Received                   = 914
  Segments Sent                       = 667
  Segments Retransmitted              = 251

UDP Statistics for IPv4

  Datagrams Received    = 26358
  No Ports              = 772
  Receive Errors        = 2818
  Datagrams Sent        = 11585

UDP Statistics for IPv6

  Datagrams Received    = 34871
  No Ports              = 234
  Receive Errors        = 1104
  Datagrams Sent        = 32306

正如你所看到的,Neighbor Solicitation 是唯一让我觉得不正常的东西,或者上面或下面是否还有其他任何可能不正常的东西?

ICMPv6 Statistics

                            Received    Sent
  Messages                  947         3080
  Errors                    0           0
  Destination Unreachable   943         943
  Packet Too Big            0           0
  Time Exceeded             0           0
  Parameter Problems        0           0
  Echos                     0           0
  Echo Replies              0           0
  MLD Queries               0           0
  MLD Reports               0           0
  MLD Dones                 0           0
  Router Solicitations      0           6
  Router Advertisements     0           0
  Neighbor Solicitations    2           2127
  Neighbor Advertisements   2           4
  Redirects                 0           0
  Router Renumberings       0           0

谢谢!

windows-10 netstat

1 个回答

  1. Best Answer

    是和否——这个数字看起来很正常,尽管与收到的邻居请求的数量(以及收到的邻居广告响应的数量相比)有点高,因为四个计数器通常应该大约在相同的范围。

    ICMPv6 邻居请求与 IPv4 中的 ARP 查询具有相同的主要目的——它们将 IP 地址转换为 MAC 地址。因此,当您的计算机想要联系自己子网中的 IPv6 地址并因此需要知道 MAC 地址时,它就会发送 ICMPv6 NS。(这包括使用该地址作为网关,而不仅仅是直接与它通信——所以如果你有 IPv6,那么就会有邻居请求发送到你的路由器地址。)

    如果没有具有该地址的设备,则最多可能有 3 次(或 5 次?)NS 尝试,直到您的计算机放弃。几分钟后,如果一个程序仍然试图联系那个地址,就会有更多的 NS 查询,等等。(例如,我的桌面上安装了 Syncthing,它经常尝试访问我的笔记本电脑,这可能是那个时候睡着了。)

    它们还有一个用于邻居不可达检测的次要目的(尽管 IPv4 中的 ARP 查询有时也以这种方式使用,但它不是标准的一部分)——不活动的邻居缓存条目在 IPv6 中更主动地标记为“陈旧”,新的邻居请求是直接发送到该设备以验证其活动性,即使其 MAC 地址仍然已知。(虽然我忘记了确切的细节。)

    (注意:即使您的 ISP 不提供 IPv6,并且如果您没有全球 IPv6 地址,您的路由器仍然很有可能会设置本地“fdXX:”IPv6 网络 - 而且它将是自动用于 Windows 文件共享等)

    一般来说,有一种非常简单的方法可以查看这些统计数据背后发生的情况:使用数据包捕获工具,例如 Wireshark 或 Microsoft Network Monitor(或命令行 tshark、tcpdump、pktmon)。他们会从字面上向您展示实际发出的邻居请求数据包。

    • 1

相关问题