In my case, I knew already why the port reuse happened and could dismiss it as not being a problem. It needs to be at least as long as the time the stacks keep the old connection in their tables ( TIME_WAIT comes into play here unless a Reset packet terminates the session). If the port is reused too soon it may confuse the TCP stacks involved, so you need to look at the delta time between closing the old conversation and starting the new one. This is something that rarely happens, but if it does it is worth investigating.
Yay! – now I can start using the new version! Thanks, Alexis! 🙂 The “Port numbers reused” diagnosisĭuring my preparation of capture files for Sharkfest I came across the problem of TCP sessions using the same port numbers – meaning, the 5-tuple is exactly the same for multiple conversations: And Alexis was right (of course) – the conversation filter menu option is included. So today, I downloaded the latest portable developer version and checked it out.
Well, this is what happened feature is alive ! it will be good soon and merged in #Wireshark master Thanks /Lr1ZGoZqCm And I can’t say the same because of the conversation filter feature missing. I sometimes teased the core developers about it (sorry, guys 😉 ), because Gerald often says that he uses 1.99 on day-to-day basis for a long time now. This is a real important filter because most analysis tasks require to look at isolated conversations. What it does is to create and apply a socket display filter, adding both source and destination address and port without having to type anything. The one reason I could not start to use the new developer builds of the QT version was that it was missing a feature I use more than any other: the TCP conversation filter pop up menu option. At which point I have to add that it is also possible to make the GTK version look beautiful on MAC OSX too, if you want – take a look at Bálints blog post. The new version is going to leverage QT instead of GTK, and from the reactions of the Mac OSX users it’s a step in the right direction. Not sure if you have seen it yet, but the Wireshark we have all been using every day (hm, maybe not all of us, but still) is going to be replaced with a completely new GUI version soon. So let’s waste a little additional time on a blog post 🙂 Since that also involves adding features and fixing bugs in TraceWrangler (which I also need for the large demo part of my FIRST presentation the week before Sharkfest) it is a slow process. Sharkfest 2015 is coming up fast (22 days, 12 hours to go when typing this), and so I spend the morning hours of my Saturday for preparation of materials for my three talks.
0 kommentar(er)
