pipishrimp 最近的时间轴更新 pipishrimp 最近的时间轴更新 |
pipishrimpV2EX 第 417341 号会员,加入于 2019-05-31 22:50:50 +08:00 |
pipishrimp 最近回复了
5 天前 回复了 xyz3210 创建的主题 › 宽带症候群 › 近期境外访问中国网站 |
别用 ping 检测,ping 不通不代表不能访问,用 curl 指定 UA 可以成功
runner@runnervmkj6or:~$ curl www.txrjy.com
runner@runnervmkj6or:~$ curl -H "Host: www.txrjy.com" http://114.80.179.170
runner@runnervmkj6or:~$ curl -vk https://www.txrjy.com \
-H "User-Agent: Mozilla/5.0" \
--max-time 15
* Host www.txrjy.com:443 was resolved.
* IPv6: (none)
* IPv4: 114.80.179.170, 101.227.20.64, 101.227.20.65, 101.227.20.66, 101.227.20.67, 101.227.20.60
* Trying 114.80.179.170:443...
* Connected to www.txrjy.com (114.80.179.170) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=txrjy.com
* start date: Sep 17 00:00:00 2025 GMT
* expire date: Sep 16 23:59:59 2026 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G2
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> GET / HTTP/1.1
> Host: www.txrjy.com
> Accept: */*
> User-Agent: Mozilla/5.0
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 301 Moved Permanently
< Server: Tengine
< Content-Type: text/html; charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< Date: Thu, 05 Feb 2026 07:05:56 GMT
< Set-Cookie: acw_tc=707c9f7717702751560381064e5e544bfe6da63acd2eac3b0d49aaf9f4ad56;path=/;HttpOnly;Max-Age=1800
< X-Frame-Options: SAMEORIGIN
< location: forum.php
< Strict-Transport-Security: max-age=31536000
< Via: cache41.l2cn7478[34,34,301-0,M], cache6.l2cn7478[35,0], cache1.cn3259[47,46,301-0,M], cache12.cn3259[49,0]
< Ali-Swift-Global-Savetime: 1770275156
< X-Cache: MISS TCP_MISS dirn:-2:-2
< X-Swift-SaveTime: Thu, 05 Feb 2026 07:05:56 GMT
< X-Swift-CacheTime: 0
< Timing-Allow-Origin: *
< EagleId: 7250b3a017702751560204684e
<
* Connection #0 to host www.txrjy.com left intact
runner@runnervmkj6or:~$
runner@runnervmkj6or:~$ curl www.txrjy.com
runner@runnervmkj6or:~$ curl -H "Host: www.txrjy.com" http://114.80.179.170
runner@runnervmkj6or:~$ curl -vk https://www.txrjy.com \
-H "User-Agent: Mozilla/5.0" \
--max-time 15
* Host www.txrjy.com:443 was resolved.
* IPv6: (none)
* IPv4: 114.80.179.170, 101.227.20.64, 101.227.20.65, 101.227.20.66, 101.227.20.67, 101.227.20.60
* Trying 114.80.179.170:443...
* Connected to www.txrjy.com (114.80.179.170) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=txrjy.com
* start date: Sep 17 00:00:00 2025 GMT
* expire date: Sep 16 23:59:59 2026 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G2
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> GET / HTTP/1.1
> Host: www.txrjy.com
> Accept: */*
> User-Agent: Mozilla/5.0
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 301 Moved Permanently
< Server: Tengine
< Content-Type: text/html; charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< Date: Thu, 05 Feb 2026 07:05:56 GMT
< Set-Cookie: acw_tc=707c9f7717702751560381064e5e544bfe6da63acd2eac3b0d49aaf9f4ad56;path=/;HttpOnly;Max-Age=1800
< X-Frame-Options: SAMEORIGIN
< location: forum.php
< Strict-Transport-Security: max-age=31536000
< Via: cache41.l2cn7478[34,34,301-0,M], cache6.l2cn7478[35,0], cache1.cn3259[47,46,301-0,M], cache12.cn3259[49,0]
< Ali-Swift-Global-Savetime: 1770275156
< X-Cache: MISS TCP_MISS dirn:-2:-2
< X-Swift-SaveTime: Thu, 05 Feb 2026 07:05:56 GMT
< X-Swift-CacheTime: 0
< Timing-Allow-Origin: *
< EagleId: 7250b3a017702751560204684e
<
* Connection #0 to host www.txrjy.com left intact
runner@runnervmkj6or:~$
1 月 29 日 回复了 383394544 创建的主题 › 宽带症候群 › 电信 5G 什么时候改成国内拜访地接入的?哪些省改了? |
@koor 我家车的车联网,车机流量也是固定接入到重庆联通
1 月 29 日 回复了 crc8 创建的主题 › 宽带症候群 › 如何检测有没有省墙? |
用自己的网络环境 curl --resolve www.facebook.com:80:61.170.77.86 http://www.facebook.com
其中 61.170.77.86 是上海的 IP ,也可以把 IP 换成其他的但不是自己省份的,在测试前要求这个 IP 可以响应任意 host 头,用来检测此 IP 是否 rst 不属于自己的 Host,例如 curl --resolve www.hwjajabmcdgw.com:80:61.170.77.86 http://www.hwjajabmcdgw.com,如果可以响应,404 也算
然后给这个省外 IP 发送黑名单 host ,如果被 RST 阻断,则说明存在省墙
其中 61.170.77.86 是上海的 IP ,也可以把 IP 换成其他的但不是自己省份的,在测试前要求这个 IP 可以响应任意 host 头,用来检测此 IP 是否 rst 不属于自己的 Host,例如 curl --resolve www.hwjajabmcdgw.com:80:61.170.77.86 http://www.hwjajabmcdgw.com,如果可以响应,404 也算
然后给这个省外 IP 发送黑名单 host ,如果被 RST 阻断,则说明存在省墙
2025 年 7 月 23 日 回复了 abchendai00 创建的主题 › 宽带症候群 › 针对 x.com 在国内访问情况一个有趣的发现 |
GFW 不敢墙 CF 的 IP 加端口,一般都是看到 TLS 里面的域名如果在黑名单里就 tcp 重置
2025 年 1 月 8 日 回复了 crc8 创建的主题 › 宽带症候群 › 人在潮汕, IP 在广州。 |
@initialsky 深圳长城宽带甚至可以给你穿透到长沙移动再出去
2024 年 11 月 9 日 回复了 liuhaibin 创建的主题 › 宽带症候群 › 为什么中国三家不去国外买或租公网 IPV4,国外好多大量闲置 |
@xyz3210 如果只是为了上网,NAT4 比 NAT1 更省 IP?
2023 年 11 月 20 日 回复了 amyw495062 创建的主题 › 宽带症候群 › nat4 的网络没办法 ZeroTier 穿透,有什么更好的解决方案 |
@allplay #7 联通电信不知道,反正移动卡流量给的 v6 禁止入站连接
2023 年 11 月 1 日 回复了 hudingwen1995 创建的主题 › 宽带症候群 › 河南 sni 阻断 |
移动 sni 阻断 eu.org 网站,DNS 暂时还没被污染
2023 年 10 月 30 日 回复了 fake23 创建的主题 › 宽带症候群 › 求问坛内大佬,用 cf 中转在线看图会被限速么? |
@ganwen 想知道 400T 流量是如果做到的,开机场吗?
2023 年 10 月 30 日 回复了 Redhut 创建的主题 › 宽带症候群 › 移动随机发送 Cloudflare 的 IPv6 的流量 |
cloudflare Anycast 按就近原则中国的流量应该送到香港,香港容量不够稍微远点的的日韩也行,可是联通电信大多数时候都去欧美反而增加了延迟
Select Language