Talking about a cacophony of terms. From Wikipedia:
------------------------8<---------------------------------
In addition to the IEEE link aggregation substandards [802.3ad, 802.1ax], there
are a number of proprietary aggregation schemes including Cisco's EtherChannel
and Port Aggregation Protocol, AVAYA's Multi-Link Trunking, Split Multi-Link
Trunking, Routed Split Multi-Link Trunking and Distributed Split Multi-Link
Trunking, ZTE's "Smartgroup", or Huawei's "EtherTrunk". Most high-end network
devices support some kind of link aggregation, and software-based
implementations � such as the *BSD lagg package, Linux' bonding driver, Solaris'
dladm etc. � also exist for many operating systems.
------------------------8<---------------------------------
http://en.wikipedia.org/wiki/Link_aggregation
Thanks,
Jaap
On 03/22/2013 12:09 PM, Sake Blok wrote:
> A teamed physical interface is when you combine two network cards into one
> logical network card. Cisco calls it Etherchannel, other network vendors call it
> trunking and linux calls it bonding while in is called teaming in the windows world.
>
> Of course the SYN/ACK could not have been on the network before the SYN to which
> it was a response, therefor for some reason the capture process saw the SYN/ACK
> earlier than the SYN. This can be caused by using two network interfaces for the
> same TCP session. As the timestamping is done in the OS and not on the network card.
>
> Cheers,
> Sake
>
> On 22 mrt 2013, at 10:48, wen lui wrote:
>
>> what do you mean for this : " a teamed physical interface"
>> there are many virtual machines in one PlanetLab nodes, are there any
>> implications?
>>
>> but from the time, the second packet arrives at a minus time, it means it
>> arrives earlier than the first?
>>
>> I don't know why they are out order? any reasons?
>>
>> 2013/3/21 Martin Visser <martinvisser99@xxxxxxxxx
>> <mailto:martinvisser99@xxxxxxxxx>>
>>
>> Very simply, you have have captured the packets 1 and 2 out of order.
>> Packet 2 it would seem is the SYN, that initiated the SYN-ACK in packet
>> 1. (At least it seems that way to me - a sane stack wouldn't reuse the
>> same TCP source port at such a small interval). Are you running a teamed
>> physical interface, and hence why you are capturing packets out of order?.
>>
>> Regards, Martin
>>
>> MartinVisser99@xxxxxxxxx <mailto:MartinVisser99@xxxxxxxxx>
>>
>>
>> On 21 March 2013 00:18, wen lui <esolvepolito@xxxxxxxxx
>> <mailto:esolvepolito@xxxxxxxxx>> wrote:
>>
>> I run a simple TCP client on machine A and a simple TCP server on
>> machine B (machine B is a Planetlab node while machine A is not).
>> Then the client establishes a tcp connection with machine B and send
>> some data.
>> I capture packets on both A and B, on A the wireshark shows that it is
>> a normal 3-Way handshaking, but on B, it shows as below:
>>
>> |1 0.000000 138.46.116.22 138.46.201.109 TCP 74 54000 > 57182 [SYN, ACK] Seq=0 Ack=0 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSval=1751648211 TSecr=1119925943 WS=128 0.000000
>>
>>
>>
>> 2 -0.000062 138.46.201.109 138.46.116.22 TCP 74 [TCP Port numbers reused] 57182 > 54000 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1119925943 TSecr=0 WS=128 -0.000062
>> 3 0.000308 138.46.201.109 138.46.116.22 TCP 66 57181 > 54000 [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=1119737278 TSecr=1751459556 0.000308
>>
>>
>>
>> |
>> while I see on machine B, actually the tcp connection is established.
>> before the client sends the SYN and ACK, I checked machine B and found no TCP connection
>>
>> |netstat -tnp
>> (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
>> Active Internet connections (w/o servers)
>> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
>> tcp 0 0 138.46.116.22:54000 <http://138.46.116.22:54000/> 138.46.201.109:57181 <http://138.46.201.109:57181/> ESTABLISHED 17879/tcp_server
>>
>>
>>
>> anyway, I can send data to the tcp server and it receives it correctly.
>>
>>
>> ||
>> why wireshark shows TCP Port numbers reused? and the time is '-0.000062'? |
>>
>>
