Actually, there was a bug in Wireshark that treated the SYN/ACK and the SYN as different streams when they are captured out-of-order. I fixed this in svn 48466, which is listed for the next 1.6.x and 1.8.x release.
Cheers,
Sake
On 21 mrt 2013, at 20:46, Martin Visser wrote:
> Very simply, you have have captured the packets 1 and 2 out of order. Packet 2 it would seem is the SYN, that initiated the SYN-ACK in packet 1. (At least it seems that way to me - a sane stack wouldn't reuse the same TCP source port at such a small interval). Are you running a teamed physical interface, and hence why you are capturing packets out of order?.
>
> Regards, Martin
>
> MartinVisser99@xxxxxxxxx
>
>
> On 21 March 2013 00:18, wen lui <esolvepolito@xxxxxxxxx> wrote:
> I run a simple TCP client on machine A and a simple TCP server on machine B (machine B is a Planetlab node while machine A is not).
> Then the client establishes a tcp connection with machine B and send some data.
> I capture packets on both A and B, on A the wireshark shows that it is a normal 3-Way handshaking, but on B, it shows as below:
>
> 1 0.000000 138.46.116.22 138.46.201.109 TCP 74 54000 > 57182 [SYN, ACK] Seq=0 Ack=0 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSval=1751648211 TSecr=1119925943 WS=128 0.000000
>
>
> 2 -0.000062 138.46.201.109 138.46.116.22 TCP 74 [TCP Port numbers reused] 57182 > 54000 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1119925943 TSecr=0 WS=128 -0.000062
>
> 3 0.000308 138.46.201.109 138.46.116.22 TCP 66 57181 > 54000 [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=1119737278 TSecr=1751459556 0.000308
>
>
>
>
> while I see on machine B, actually the tcp connection is established.
> before the client sends the SYN and ACK, I checked machine B and found no TCP connection
>
>
> netstat -tnp
> (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
> tcp 0 0
> 138.46.116.22:54000 138.46.201.109:57181 ESTABLISHED 17879/tcp_server
>
>
> anyway, I can send data to the tcp server and it receives it correctly.
>
>
>
> why wireshark shows TCP Port numbers reused? and the time is '-0.000062'?
>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
