Ask Your Question

Revision history [back]

TCP Port numbers reused

Hi experts,

For the pcap, SYN、SYN/ACK、RST、SYN、SYN/ACK、RST, When I ignore the No.4 SYN packet,Why is packet No.2 marked with "TCP Port numbers reused"? tcpd == NULL?

No. Source  Destination Protocol    Stream  Length  Info
1   10.83.12.253    10.92.54.95 TCP 0   62  54321  >  447 [SYN] Seq=0 Win=14600 Len=0
2   10.92.54.95 10.83.12.253    TCP 0   60  [TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
3   10.83.12.253    10.92.54.95 TCP 0   62  54321  >  447 [RST] Seq=1 Win=0 Len=0
4   <Ignored>
5   10.92.54.95 10.83.12.253    TCP 0   60  [TCP Previous segment not captured] [TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
6   10.83.12.253    10.92.54.95 TCP 0   62  54321  >  447 [RST] Seq=1 Win=0 Len=0


packet-tcp.c
SYN
if (tcpd != NULL  && (tcph->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) {
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

SYN/ACK
if (tcpd != NULL && (tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)){
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

Regards, 7ACE

click to hide/show revision 2
None

updated 2024-04-16 14:36:33 +0000

grahamb gravatar image

TCP Port numbers reused

Hi experts,

For the pcap, SYN、SYN/ACK、RST、SYN、SYN/ACK、RST, When I ignore the No.4 SYN packet,Why is packet No.2 marked with "TCP Port numbers reused"? tcpd == NULL?

No. Source   Destination Protocol  Stream  Length  Info
1   10.83.12.253    10.92.54.95 TCP 0 10.92.54.95  TCP        0    62  54321  >     54321 > 447 [SYN] Seq=0 Win=14600 Len=0
2   10.92.54.95 10.83.12.253    TCP 0  10.83.12.253 TCP        0    60  [TCP     TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
3   10.83.12.253    10.92.54.95 TCP 0 10.92.54.95  TCP        0    62  54321  >     54321 > 447 [RST] Seq=1 Win=0 Len=0
4   <Ignored>
5   10.92.54.95 10.83.12.253    TCP 0  10.83.12.253 TCP        0    60   [TCP Previous segment not captured] [TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
6   10.83.12.253    10.92.54.95 TCP 0 10.92.54.95  TCP        0    62  54321  >     54321 > 447 [RST] Seq=1 Win=0 Len=0

The relevant code:

packet-tcp.c
SYN
if (tcpd != NULL  && (tcph->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) {
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

SYN/ACK
if (tcpd != NULL && (tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)){
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

Regards, 7ACE

TCP Port numbers reused

Hi experts,

For the pcap, SYN、SYN/ACK、RST、SYN、SYN/ACK、RST, When I ignore the No.4 SYN packet,Why is packet No.2 marked with "TCP Port numbers reused"? tcpd == NULL?

No. Source       Destination Protocol Stream Length Info
1   10.83.12.253 10.92.54.95  TCP        0    62     54321 > 447 [SYN] Seq=0 Win=14600 Len=0
2   10.92.54.95  10.83.12.253 TCP        0    60      TCP [TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
3   10.83.12.253 10.92.54.95  TCP        0    62     54321 > 447 [RST] Seq=1 Win=0 Len=0
4   <Ignored>
5   10.92.54.95  10.83.12.253 TCP        0    60     [TCP Previous segment not captured] [TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
6   10.83.12.253 10.92.54.95  TCP        0    62     54321 > 447 [RST] Seq=1 Win=0 Len=0

The relevant code:

packet-tcp.c
SYN
if (tcpd != NULL  && (tcph->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) {
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

SYN/ACK
if (tcpd != NULL && (tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)){
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

Regards, 7ACE

click to hide/show revision 4
None

updated 2024-04-16 14:53:46 +0000

grahamb gravatar image

TCP Port numbers reused

Hi experts,

For the pcap, SYN、SYN/ACK、RST、SYN、SYN/ACK、RST, When I ignore the No.4 SYN packet,Why is packet No.2 marked with "TCP Port numbers reused"? tcpd == NULL?

No. Source       Destination  Protocol Stream Length Info
1   10.83.12.253 10.92.54.95  TCP        0    62     54321 > 447 [SYN] Seq=0 Win=14600 Len=0
2   10.92.54.95  10.83.12.253 TCP        0    60     [TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
3   10.83.12.253 10.92.54.95  TCP        0    62     54321 > 447 [RST] Seq=1 Win=0 Len=0
4   <Ignored>
5   10.92.54.95  10.83.12.253 TCP        0    60     [TCP Previous segment not captured] [TCP Port numbers reused] 447  >  54321 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460
6   10.83.12.253 10.92.54.95  TCP        0    62     54321 > 447 [RST] Seq=1 Win=0 Len=0

The relevant code:

packet-tcp.c
SYN
if (tcpd != NULL  && (tcph->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) {
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

SYN/ACK
if (tcpd != NULL && (tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)){
    ...
    tcpd->ta->flags|=TCP_A_REUSED_PORTS;
    ...
}

Regards, 7ACE