無法從office365 portal下載安裝office軟件（Wireshark查找問題）

無法從office365 portal下載安裝office軟件（Wireshark查找問題）

每臺電腦從office365 portal下載安裝office軟件，都出現以下錯誤。

使用wireshark抓包
首先，點擊坐下角的專家模式進入專家模式

發現大量的RST包，隨便選一條，後面的數據流就到了指定包。看一下IP地址就是我們要查詢的

查詢conversations

找到該IP和我們IP的對話作爲filter

然後關閉conversations,得到我們所要分析的數據包

發現TCP三次握手沒問題。客戶端向服務器發送的HEAD也得到了服務器端的200 OK相應。客戶端再向服務器發送GET請求，服務器直接回復 HTTP/1.0 302 Moved Temporarily。然後就FIN關閉連接了。
跟蹤TCP Stream

發現了與Host: officecdn.microsoft.com連接的如下情況：

以下是客戶端發給服務器端（正常）
HEAD /SG/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.12527.20242/stream.x86.zh-cn.dat HTTP/1.1
Connection: Keep-Alive
Accept: /
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com

以下是服務器端發給客戶端（正常）
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Connection: keep-alive
Content-Disposition: attachment; filename=stream.x86.zh-cn.dat
Powered-By-ChinaCache: MISS from BGP-GZ-b-3g9
Powered-By-ChinaCache: MISS from CHN-LN-u-D02
Powered-By-ChinaCache: HIT from BGP-YZ-b-3Wn
Powered-By-ChinaCache: HIT from CCT-NC-1-D01
Content-Length: 346547097
Last-Modified: Sun, 01 Mar 2020 03:32:16 GMT
Cache-Control: public, max-age=259200
X-Powered-By: ASP.NET
Expires: Fri, 13 Mar 2020 08:23:50 GMT
X-CID: 6
Server: Microsoft-IIS/10.0
Date: Tue, 10 Mar 2020 08:23:50 GMT
Age: 177929
Accept-Ranges: bytes
CACHE: TCP_MISS
CACHE: TCP_MISS
CACHE: TCP_HIT
X-CC-ServiceID: 446fecab53783a4c70f5b29456716ee7
CC_CACHE: TCP_HIT

以下是客戶端發給服務器端（正常）
GET /SG/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.12527.20242/stream.x86.zh-cn.dat HTTP/1.1
Connection: Keep-Alive
Accept: /
Accept-Encoding: identity
If-Unmodified-Since: Sun, 01 Mar 2020 03:32:16 GMT
Range: bytes=0-7281,8487-11092,12320-31744,33002-68329,73105-83923,123865-149239,150558-216083,220929-232666,273860-312039,315119-433194,442613-466013,530351-575228,578223-695563,704892-728005,792182-12802506,13174909-13547741,13549737-13635345,13642276-13658608,13705396-13739537,13741501-13827320
User-Agent: Microsoft BITS/7.5
Host: officecdn.microsoft.com

以下是服務器端發給客戶端（不正常）
HTTP/1.0 302 Moved Temporarily
Location: http://1.1.1.3/disable/disable.htm?url_type=%E4%B8%8B%E8%BD%BD%E5%B7%A5%E5%85%B7/%E5%A4%9A%E7%BA%BF%E7%A8%8B%E4%B8%8B%E8%BD%BD&plc_name=%E5%BA%94%E7%94%A8%E5%B0%81%E5%A0%B5
Content-Type: text/html;
Content-Length: 14

<h2>Moved</h2>

將以下地址在瀏覽器中訪問
http://1.1.1.3/disable/disable.htm?url_type=%E4%B8%8B%E8%BD%BD%E5%B7%A5%E5%85%B7/%E5%A4%9A%E7%BA%BF%E7%A8%8B%E4%B8%8B%E8%BD%BD&plc_name=%E5%BA%94%E7%94%A8%E5%B0%81%E5%A0%B5

這才發現是被上網行爲管理給屏蔽了。