Sent a packet to xxxhub and found some hidden secrets

Posted by ciaran on Fri, 07 Jan 2022 09:23:28 +0100

Hello, I'm Jay Chou.

That day, I suddenly thought of a question:

When I visit the GitHub that fascinates thousands of otaku programmers, how does the data packet sent by my computer reach the GitHub server on the other side of the ocean, and what nodes do I pass through?

Let's explore this problem together. Please fasten your seat belt. The computer network express is leaving···

IP message

The Internet connects countless mobile phones, computers, servers, routers, switches and other devices together. If these devices want to communicate through the network, they naturally need a set of communication protocols. TCP/IP is such a set of protocols.

The data sent by these applications, including browsers, are encapsulated layer by layer by HTTP, TCP and IP protocols, and finally form IP messages one by one, which are sent to the underlying network card.

IP packets are routed and forwarded by nodes in the network, and finally come to the target server.

How do you know which network nodes have passed through in the process of routing and forwarding?

tracert program on Windows and traceroute program on Linux can do this.

How do they do it?

IP messages can't be forwarded without restrictions. In case of circular forwarding, it will be endless? The IP message in the network has a concept of lifetime, which is located in the header field of IP message——

TTL: time to live.

After each forwarding, the TTL value will be reduced by 1. If a node finds that TTL becomes 0, it will lose the IP message and send a timeout notification message to the sender of the data message.

tracert and traceroute make use of this feature in the IP protocol to increase the TTL value from 1. By observing who sent back the notification to themselves, they can judge which nodes went through in the routing process.

The difference between the two programs is that tracert sends ICMP message and traceroute sends UDP message.

Route tracking

Well, after explaining the basic knowledge, come and try it quickly and visit GitHub.

First, ping and get the IP address of GitHub: Note that people in different regions may get different addresses.

Next, route tracking:


Tracking through up to 30 hops
 reach [] Routing:

  1    <1 millisecond   <1 millisecond   <1 MS 10.??.??.1
  2    <1 millisecond   <1 millisecond   <1 MS 10.??.??.??
  3     2 ms     1 ms     1 ms
  4     *        *        *     The request timed out.
  5     1 ms     *        2 ms
  6     *       25 ms     *
  7     *        *        *     The request timed out.
  8    36 ms    37 ms    36 ms
  9   184 ms   191 ms   185 ms
 10   195 ms   194 ms   194 ms []
 11   190 ms   190 ms   190 ms []
 12   324 ms   325 ms   324 ms []
 13     *        *      333 ms []
 14   334 ms     *        * []
 15     *      327 ms   325 ms []
 16     *        *        *     The request timed out.
 17     *        *        *     The request timed out.
 18   332 ms   332 ms   340 ms []
 19     *        *        *     The request timed out.
 20   343 ms   338 ms     * []
 21   355 ms   353 ms   353 ms []
 22   335 ms   334 ms   338 ms []
 23   340 ms   341 ms   341 ms
 24     *        *        *     The request timed out.
 25     *        *        *     The request timed out.
 26   335 ms   343 ms   343 ms []

It can be seen that after forwarding by 26 nodes, it finally reaches the GitHub server. In other words, the TTL of the IP message sent by your computer must be at least 26 before it can reach GitHub, otherwise it will collapse.

[supporting technical documents]

Next, let's take a look. Where have we been all the way?


After the data packet is sent from my computer, the first forwarding node encountered is my local LAN gateway: 10 1. For security, I desensitize the IP address, and use the middle two paragraphs? Replace.

After that, the second node is the address of the LAN. It can be seen that the network pattern where I am is connected to the public network after two-level LAN routing and forwarding.


The third forwarding node is a public network address: After checking, it is found that it is located in Wuhou District, Chengdu, which is consistent with my actual situation.


The next fourth routing node is a little confused. The three time points are * and tracert displays the request timeout. This means that the tracert program does not receive a notification after setting TTL to 4, or waits too long. Some nodes in the network may not send timeout notifications for security reasons.

In this way, tracert cannot know who the fourth node is.


The fifth node is, which is still in Chengdu.


The sixth node:, arrived in Beijing.

[supporting technical documents]


The seventh node is the same as the fourth node.


The eighth node:, came to Shanghai.


The ninth node:, still in Shanghai.


The tenth node: went abroad, California, USA.

I won't look at the following, that is, the forwarding of nodes in the United States.

Next, let's take a look. What kind of path is this?


After the network data packet is out of our local LAN, it will be finally connected to a larger backbone network through the man provided by telecom operators.

There are four main civil backbone networks in Chinese mainland:

    ChinaNet: China Telecom 163 backbone network
    CN2: China Telecom next generation bearer network
    CHINA169: China Unicom 169 backbone network
    CMNET: China Mobile backbone network

The 163 backbone network of China Telecom and the 169 backbone network of China Unicom are the two main backbone networks, carrying the vast majority of the traffic of China's Internet.

The last access to my network is the 163 backbone network of China Telecom. The following is an approximate network topology of the 163 backbone network.

163 backbone network has a total of 9 core nodes in China:

    Super core: Beijing, Shanghai, Guangzhou
    Ordinary core: Tianjin, Xi'an, Nanjing, Hangzhou, Wuhan, Chengdu

The 9 core nodes are responsible for some parts of the Chinese mainland.

Under the three super cores of Beijing, Shanghai and Guangzhou, there are also international inter network interconnection equipment (x router). ChinaNet connects and exchanges traffic with other operators in the world through X router.

Therefore, going abroad through 163 network must go through one of the three core nodes of Beishang Guangyuan.

GitHub's server is located in the United States. For a packet going abroad, its general journey before going abroad is as follows:

Local LAN - > municipal network - > provincial network - > core node - > international export - > overseas access point

This process is consistent with the path tracked by tracert above.

Unexpectedly, as soon as you return the car, the data packet has gone to so many places. The computer network is really a magical thing.

[supporting technical documents]

Topics: Cyber Security computer