Wireshark mailing list archives
Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes
From: Sake Blok <sake () euronet nl>
Date: Fri, 22 Mar 2013 12:09:07 +0100
A teamed physical interface is when you combine two network cards into one logical network card. Cisco calls it Etherchannel, other network vendors call it trunking and linux calls it bonding while in is called teaming in the windows world. Of course the SYN/ACK could not have been on the network before the SYN to which it was a response, therefor for some reason the capture process saw the SYN/ACK earlier than the SYN. This can be caused by using two network interfaces for the same TCP session. As the timestamping is done in the OS and not on the network card. Cheers, Sake On 22 mrt 2013, at 10:48, wen lui wrote:
what do you mean for this : " a teamed physical interface" there are many virtual machines in one PlanetLab nodes, are there any implications? but from the time, the second packet arrives at a minus time, it means it arrives earlier than the first? I don't know why they are out order? any reasons? 2013/3/21 Martin Visser <martinvisser99 () gmail com> Very simply, you have have captured the packets 1 and 2 out of order. Packet 2 it would seem is the SYN, that initiated the SYN-ACK in packet 1. (At least it seems that way to me - a sane stack wouldn't reuse the same TCP source port at such a small interval). Are you running a teamed physical interface, and hence why you are capturing packets out of order?. Regards, Martin MartinVisser99 () gmail com On 21 March 2013 00:18, wen lui <esolvepolito () gmail com> wrote: I run a simple TCP client on machine A and a simple TCP server on machine B (machine B is a Planetlab node while machine A is not). Then the client establishes a tcp connection with machine B and send some data. I capture packets on both A and B, on A the wireshark shows that it is a normal 3-Way handshaking, but on B, it shows as below: 1 0.000000 138.46.116.22 138.46.201.109 TCP 74 54000 > 57182 [SYN, ACK] Seq=0 Ack=0 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSval=1751648211 TSecr=1119925943 WS=128 0.000000 2 -0.000062 138.46.201.109 138.46.116.22 TCP 74 [TCP Port numbers reused] 57182 > 54000 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1119925943 TSecr=0 WS=128 -0.000062 3 0.000308 138.46.201.109 138.46.116.22 TCP 66 57181 > 54000 [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=1119737278 TSecr=1751459556 0.000308 while I see on machine B, actually the tcp connection is established. before the client sends the SYN and ACK, I checked machine B and found no TCP connection netstat -tnp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 138.46.116.22:54000 138.46.201.109:57181 ESTABLISHED 17879/tcp_server anyway, I can send data to the tcp server and it receives it correctly. why wireshark shows TCP Port numbers reused? and the time is '-0.000062'? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- wireshark shows: TCP Port numbers reused on PlanetLab nodes wen lui (Mar 20)
- Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes Martin Visser (Mar 21)
- Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes Sake Blok (Mar 21)
- Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes wen lui (Mar 22)
- Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes Sake Blok (Mar 22)
- Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes Jaap Keuter (Mar 23)
- Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes Martin Visser (Mar 23)
- Re: wireshark shows: TCP Port numbers reused on PlanetLab nodes Martin Visser (Mar 21)