Wireshark mailing list archives
Re: out of port numbers
From: Andrej van der Zee <andrejvanderzee () gmail com>
Date: Thu, 1 Sep 2011 07:01:45 +0200
I am seeings a lot of port-reuses in the tcpdumps. The tcpdump was captured on a Debian master that runs multiple Debian guests (Linux VServer). Among others, it runs a proxy and application server that setup a new connection for each HTTP request that is being served.On this Linux VServer, I am seeing 20.401 reused ports (filter tcp.analysis.reused_ports in Wireshark) in a 429 second tcpdump sample. Is this value not extremely high?
I had some more time to look at this "issue" and I was hoping somebody could advise me. In the tcpdump I find many reset connections before the 3way handshake is even finished, for example: clt -> srv: 17:00:04.100996 SYN [Port number resused] seq=0 clt -> srv: 17:00:04.103999 SYN seq=0 srv -> clt: 17:00:04.104033 SYN + ACK seq=0, ack=1 clt -> srv: 17:00:04.109510 RST seq=1 Under what conditions would the client reset the connection within such a short timespan (< 10 millisecond)? Cheers, Andrej
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- out of port numbers Andrej van der Zee (Aug 19)
- Re: out of port numbers Andrew Hood (Aug 19)
- Re: out of port numbers Andrej van der Zee (Aug 19)
- Re: out of port numbers Andrej van der Zee (Aug 22)
- Re: out of port numbers Andrej van der Zee (Aug 31)
- Re: out of port numbers Andrej van der Zee (Aug 19)
- Re: out of port numbers Andrew Hood (Aug 19)