Kamis, 10 April 2014

WireShark "TCP Port Number Reused" Entry

For the continuation of my previous blog entry, I will explain about "TCP Port Number Reused" entry in my wireshark data record.

The simplest explanation would be there are so many same TCP SYN Packet from the same IP address with same port which already been captured by the wireshark before.

The more technical explanation is because in port scanning, my Kali Linux sent a lot of packet to the windows XP and it keeps trying to open new port every time.Wireshark does not simply forget the source address and port it has seen or captured before. Because I used port 445 alot from the same IP ( in last picture.) Wireshark display the TCP Port Number Reused because wireshark captured the similar connection source before (In relatively short time). It won't Display this entry if the same connection isn't happened in relatively short time.

Tidak ada komentar:

Posting Komentar