Re: out of port numbers

[Andrej van der Zee <andrejvanderzee () gmail com>]

> > I am seeings a lot of port-reuses in the tcpdumps. The tcpdump was
> > captured on a Debian master that runs multiple Debian guests (Linux
> > VServer). Among others, it runs a proxy and application server that
> > setup a new connection for each HTTP request that is being served.
>
> On this Linux VServer, I am seeing 20.401 reused ports (filter
> tcp.analysis.reused_ports in Wireshark) in a 429 second tcpdump
> sample. Is this value not extremely high?

I had some more time to look at this "issue" and I was hoping somebody could
advise me. In the tcpdump I find many reset connections before the 3way
handshake is even finished, for example:

clt -> srv: 17:00:04.100996 SYN [Port number resused] seq=0
clt -> srv: 17:00:04.103999 SYN seq=0
srv -> clt: 17:00:04.104033 SYN + ACK seq=0, ack=1
clt -> srv: 17:00:04.109510 RST seq=1

Under what conditions would the client reset the connection within such a
short timespan (< 10 millisecond)?

Cheers,
Andrej

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe