Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes

[wen lui <esolvepolito () gmail com>]

what do you mean for this : " a teamed physical interface"
there are many virtual machines in one PlanetLab nodes, are there any
implications?

but from the time, the second packet arrives at a minus time, it means it
arrives earlier than the first?

I don't know why they are out order? any reasons?

2013/3/21 Martin Visser <martinvisser99 () gmail com>

> Very simply, you have have captured the packets 1 and 2 out of order.
> Packet 2 it would seem is the SYN,  that initiated the SYN-ACK in packet 1.
> (At least it seems that way to me - a sane stack wouldn't reuse the same
> TCP source port at such a small interval). Are you running a teamed
> physical interface, and hence why you are capturing packets out of order?.
>
> Regards, Martin
>
> MartinVisser99 () gmail com
>
>
> On 21 March 2013 00:18, wen lui <esolvepolito () gmail com> wrote:
>
> > I run a simple TCP client on machine A and a simple TCP server on machine
> > B (machine B is a Planetlab node while machine A is not).
> > Then the client establishes a tcp connection with machine B and send some
> > data.
> > I capture packets on both A and B, on A the wireshark shows that it is a
> > normal 3-Way handshaking, but on B, it shows as below:
> >
> > 1    0.000000        138.46.116.22   138.46.201.109  TCP     74      54000 > 57182 [SYN, ACK] Seq=0 Ack=0 Win=5792 
> > Len=0 MSS=1460 SACK_PERM=1 TSval=1751648211 TSecr=1119925943 WS=128 0.000000
> >
> >
> > 2    -0.000062       138.46.201.109  138.46.116.22   TCP     74      [TCP Port numbers reused] 57182 > 54000 [SYN] 
> > Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1119925943 TSecr=0 WS=128        -0.000062
> > 3    0.000308        138.46.201.109  138.46.116.22   TCP     66      57181 > 54000 [ACK] Seq=1 Ack=1 Win=14720 Len=0 
> > TSval=1119737278 TSecr=1751459556       0.000308
> >
> >
> > while I see on machine B, actually the tcp connection is established.
> > before the client sends the SYN and ACK, I checked machine B and found no TCP connection
> >
> > netstat -tnp
> > (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see 
> > it all.)
> > Active Internet connections (w/o servers)
> > Proto Recv-Q Send-Q Local Address               Foreign Address                State       PID/Program name
> > tcp        0      0 138.46.116.22:54000         138.46.201.109:57181        ESTABLISHED 17879/tcp_server
> >
> > anyway, I can send data to the tcp server and it receives it correctly.
> >
> >
> > why wireshark shows TCP Port numbers reused? and the time is '-0.000062'?
> >
> >
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request () wireshark org
> > ?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe