View Single Post
  #3   (View Single Post)  
Old 1st April 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

When we think of TCP or UDP ports, we almost always think of the destination port number, but there are two port numbers involved -- not only the destination port, there is a sending port as well.

There are two port numbers involved in every UDP or TCP conversation. Each side has its own port number.

Wikipedia says (highlight mine):
Quote:
The core network services, such as the World-Wide Web, typically use small port numbers less than 1024. In many operating systems special privileges are required for applications to bind to these ports, because these are often deemed critical to the operation of IP networks. Conversely, the client end of a connection typically uses a high port number allocated for short term use, therefore called an ephemeral port.
In this case, the sending port was indeed port 22. I have no idea why, but... this does not have anything to do with operating an SSH server, such as sshd(8), which uses port 22 as the default destination port.
Quote:
what does R 0:0(0) ack 1 win 0(pf) mean ?????
The tcpdump(8) man page says:
Code:
    The general format of a TCP protocol line is:

                   src > dst: flags src-os data-seqno ack window urgent options
Below that, you will find descriptions and examples.

Specifically:

"R" is the TCP flag "RST" -- it means, "Reset the Connection."
0:0(0) says the packet sequence number is zero, and contains no data.
"ack 1" is the sequence number expected in response
"win 0(pf)" is zero bytes for window (the remote buffer), as this is a pflog trace, rather than a trace of a NIC.
Reply With Quote