如果本机所处的网络中的路由器、网关等设备中有配置透明代理(Shadowsocks 的 ss-redir 等),我们可以使用 tracetcp (Windows), tcptraceroutetraceroute --tcp (Linux) 来测试我们与目标IP/端口间的连接是否会经过该透明代理。

Windows

安装 tracetcp

  1. 下载安装 WinPcap
  2. 下载解压 tracetcp

测试连接

首先以管理员身份运行 cmd.exe 或 powershell,随后切换到 tracetcp.exe 所在目录。

tracetcp.exe 用法如下,其中端口默认为 80:

tracetcp IP|hostname[:port]

如果连接没有经过透明代理,则 tracetcp 命令会需要很久才能完成,且会在结果中列出多跳:

PS C:\bin> tracetcp 114.114.114.114:53

Tracing route to 114.114.114.114 [public1.114dns.com] on port 53
Over a maximum of 30 hops.
1       3 ms    2 ms    2 ms    10.99.28.1      [OpenWrt.lan]
2       2 ms    1 ms    2 ms    192.168.1.1     [SMBSHARE]
3       5 ms    3 ms    4 ms    100.68.192.1
4       *       *       *       Request timed out.
5       5 ms    6 ms    8 ms    139.226.210.77
6       21 ms   20 ms   21 ms   219.158.106.10
7       *       *       *       Request timed out.
8       *       *       *       Request timed out.
9       *       *       *       Request timed out.
10      *       *       *       Request timed out.
11      *       *       *       Request timed out.
12      *       *       *       Request timed out.
13      *       *       *       Request timed out.
14      *       *       *       Request timed out.
15      *       *       *       Request timed out.
16      *       *       *       Request timed out.
17      Destination Reached in 19 ms. Connection established to 114.114.114.114

如果连接经过了透明代理,则 tracetcp 命令仅需几秒就能完成,且返回的结果只会包含 1 跳:

PS C:\bin> tracetcp 1.1.1.1
Tracing route to 1.1.1.1 [one.one.one.one] on port 80
Over a maximum of 30 hops.
1       Destination Reached in 2 ms. Connection established to 1.1.1.1
Trace Complete.

Linux

在 Linux 系统上我们可以使用 tcptraceroutetraceroute --tcp 命令。

使用 tcptraceroute

安装 tcptraceroute

Ubuntu 19.10+, Debian 10+:

sudo apt install tcptraceroute

Arch Linux:

sudo yay -S tcptraceroute

测试连接

用法如下,其中端口 port 默认 80。

sudo tcptraceroute IP/Hostname port

如果连接没有经过透明代理,则 tcptraceroute 命令会需要很久才能完成,且会在结果中列出多跳:

$ sudo tcptraceroute 1.1.1.1
Selected device enp0s31f6, address 10.99.28.99, port 57631 for outgoing packets
Tracing the path to 1.1.1.1 on TCP port 80 (http), 30 hops max
 1  10.99.28.1  0.302 ms  0.224 ms  0.218 ms
 2  192.168.1.1  0.664 ms  0.631 ms  0.591 ms
 3  100.68.192.1  3.166 ms  10.801 ms  5.540 ms
 4  * * *
 5  * * *
 6  219.158.113.114  11.876 ms  6.327 ms  11.776 ms
 7  219.158.113.137  11.188 ms  6.303 ms  11.537 ms
 8  219.158.116.238  200.530 ms  203.248 ms  185.336 ms
 9  * * *
10  * * *
11  1.1.1.1 [open]  181.990 ms  186.445 ms  187.835 ms

如果连接经过了透明代理,则 tcptraceroute 命令仅需几秒就能完成,且返回的结果只会包含1跳:

$ sudo tcptraceroute 1.1.1.1
Selected device enp0s31f6, address 10.99.28.99, port 44889 for outgoing packets
Tracing the path to 1.1.1.1 on TCP port 80 (http), 30 hops max
 1  one.one.one.one (1.1.1.1) [open]  0.326 ms  0.280 ms  0.285 ms

使用 traceroute –tcp

安装 traceroute

Debian, Ubuntu:

sudo apt install traceroute

CentOS:

sudo yum install traceroute

Arch Linux:

sudo pacman -S traceroute

测试连接

用法如下,其中端口 port 默认 80。

sudo traceroute --tcp IP/Hostname --port=80

如果连接没有经过透明代理,则 traceroute 命令会需要很久才能完成,且会在结果中列出多跳:

$ sudo traceroute --tcp 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  OpenWrt.lan (172.30.112.1)  15.383 ms  15.422 ms  15.417 ms
 2  192.168.1.1 (192.168.1.1)  15.414 ms  15.388 ms  15.380 ms
 3  * * *
 4  * * *
 5  139.226.225.129 (139.226.225.129)  30.063 ms 139.226.227.33 (139.226.227.33)  28.776 ms  13.918 ms
 6  219.158.19.82 (219.158.19.82)  28.737 ms  11.527 ms  11.322 ms
 7  219.158.19.89 (219.158.19.89)  12.812 ms  12.700 ms  12.627 ms
 8  219.158.102.130 (219.158.102.130)  167.559 ms  167.451 ms  166.400 ms
 9  * * *
10  * * *
11  1.1.1.1 (1.1.1.1)  231.883 ms  151.286 ms  233.210 ms

如果连接经过了透明代理,则 traceroute 命令仅需几秒就能完成,且返回的结果只会包含 1 跳:

$ sudo traceroute --tcp 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  one.one.one.one (1.1.1.1)  0.403 ms  0.397 ms  0.432 ms