-3

the random port initiates the TCP request between two server programs on centos 6.8.

# netstat -an|grep 6001
tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:52470             127.0.0.1:6001              TIME_WAIT   
tcp        0      0 127.0.0.1:52599             127.0.0.1:6001              TIME_WAIT   
tcp        0      0 127.0.0.1:52428             127.0.0.1:6001              TIME_WAIT   
tcp        0      0 127.0.0.1:52640             127.0.0.1:6001              TIME_WAIT   
tcp        0      0 127.0.0.1:50038             127.0.0.1:6001              ESTABLISHED 
tcp        0      0 127.0.0.1:6001              127.0.0.1:50038             ESTABLISHED 
tcp        0      0 127.0.0.1:52510             127.0.0.1:6001              TIME_WAIT   
tcp        0      0 127.0.0.1:52559             127.0.0.1:6001              TIME_WAIT

Some TIME_WAITs always exist, I don't understand why.

# tcpdump -ni lo port 6001
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
08:55:01.001341 IP 127.0.0.1.50038 > 127.0.0.1.6001: Flags [P.], seq 12:24, ack 1, win 1024, options [nop,nop,TS val 9066110 ecr 9056110], length 12
08:55:01.001358 IP 127.0.0.1.6001 > 127.0.0.1.50038: Flags [.], ack 24, win 512, options [nop,nop,TS val 9066110 ecr 9066110], length 0
08:55:02.947977 IP 127.0.0.1.50038 > 127.0.0.1.6001: Flags [P.], seq 24:42, ack 1, win 1024, options [nop,nop,TS val 9068056 ecr 9066110], length 18
08:55:02.947987 IP 127.0.0.1.6001 > 127.0.0.1.50038: Flags [.], ack 42, win 512, options [nop,nop,TS val 9068056 ecr 9068056], length 0
08:55:08.107233 IP 127.0.0.1.53349 > 127.0.0.1.6001: Flags [S], seq 4256285474, win 65495, options [mss 65495,sackOK,TS val 9073216 ecr 0,nop,wscale 7], length 0
08:55:08.107255 IP 127.0.0.1.6001 > 127.0.0.1.53349: Flags [S.], seq 3307774380, ack 4256285475, win 65483, options [mss 65495,sackOK,TS val 9073216 ecr 9073216,nop,wscale 7], length 0
08:55:08.107271 IP 127.0.0.1.53349 > 127.0.0.1.6001: Flags [.], ack 1, win 512, options [nop,nop,TS val 9073216 ecr 9073216], length 0
08:55:08.107294 IP 127.0.0.1.53349 > 127.0.0.1.6001: Flags [F.], seq 1, ack 1, win 512, options [nop,nop,TS val 9073216 ecr 9073216], length 0
08:55:08.107370 IP 127.0.0.1.6001 > 127.0.0.1.53349: Flags [.], ack 2, win 512, options [nop,nop,TS val 9073216 ecr 9073216], length 0
08:55:08.108237 IP 127.0.0.1.6001 > 127.0.0.1.53349: Flags [F.], seq 1, ack 2, win 512, options [nop,nop,TS val 9073217 ecr 9073216], length 0
08:55:08.108248 IP 127.0.0.1.53349 > 127.0.0.1.6001: Flags [.], ack 2, win 512, options [nop,nop,TS val 9073217 ecr 9073217], length 0
08:55:12.001197 IP 127.0.0.1.50038 > 127.0.0.1.6001: Flags [P.], seq 42:54, ack 1, win 1024, options [nop,nop,TS val 9077109 ecr 9068056], length 12
08:55:12.001206 IP 127.0.0.1.6001 > 127.0.0.1.50038: Flags [.], ack 54, win 512, options [nop,nop,TS val 9077110 ecr 9077109], length 0
08:55:16.859786 IP 127.0.0.1.53391 > 127.0.0.1.6001: Flags [S], seq 127196351, win 65495, options [mss 65495,sackOK,TS val 9081968 ecr 0,nop,wscale 7], length 0
08:55:16.859797 IP 127.0.0.1.6001 > 127.0.0.1.53391: Flags [S.], seq 1018026274, ack 127196352, win 65483, options [mss 65495,sackOK,TS val 9081968 ecr 9081968,nop,wscale 7], length 0
08:55:16.859809 IP 127.0.0.1.53391 > 127.0.0.1.6001: Flags [.], ack 1, win 512, options [nop,nop,TS val 9081968 ecr 9081968], length 0
08:55:16.859827 IP 127.0.0.1.53391 > 127.0.0.1.6001: Flags [F.], seq 1, ack 1, win 512, options [nop,nop,TS val 9081968 ecr 9081968], length 0
08:55:16.860234 IP 127.0.0.1.6001 > 127.0.0.1.53391: Flags [F.], seq 1, ack 2, win 512, options [nop,nop,TS val 9081969 ecr 9081968], length 0
08:55:16.860254 IP 127.0.0.1.53391 > 127.0.0.1.6001: Flags [.], ack 2, win 512, options [nop,nop,TS val 9081969 ecr 9081969], length 0
08:55:22.001768 IP 127.0.0.1.50038 > 127.0.0.1.6001: Flags [P.], seq 54:66, ack 1, win 1024, options [nop,nop,TS val 9087110 ecr 9077110], length 12
08:55:22.001777 IP 127.0.0.1.6001 > 127.0.0.1.50038: Flags [.], ack 66, win 512, options [nop,nop,TS val 9087110 ecr 9087110], length 0

Port 53349 and 53391, Where does the TCP request start? please help.

borey
  • 5
  • 3
  • On another machine is normal, In short some of the normal but some have the above problems – borey Aug 02 '17 at 02:17
  • Connection is not closed properly. Impossible to say anything else without code. – Sami Kuhmonen Aug 02 '17 at 02:41
  • @SamiKuhmonen thanks so much, Not the port is not properly shut down. New TCP request launch from random port. – borey Aug 02 '17 at 02:51
  • Yes, the source port is random, as it should be. – Sami Kuhmonen Aug 02 '17 at 03:12
  • @SamiKuhmonen I change 6001 to 30001, there is no such problem,run normal. thanks all~ – borey Aug 02 '17 at 03:18
  • 1
    Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Aug 02 '17 at 06:29
  • There is no such problem as what? What's the question? I've answered everything I could identify as a question but it appears you're really asking something else entirely. – user207421 Aug 02 '17 at 06:47
  • The system environment caused unknown tcp request. maybe another service check this port. – borey Aug 02 '17 at 06:55
  • You have two TCP connections, one from each of those ports, over which no data was sent. Both originated locally and both were closed correctly. – user207421 Aug 02 '17 at 07:02
  • transmit data by ESTABLISHED tcp connections. an unknow service try to access port 6001, i cannt locate it. so i change 6001 to another port. – borey Aug 02 '17 at 07:18
  • @borey I repeat. No data was transmitted from those ports. Check the packet sizes in the dump. They are all `length 0`. – user207421 Aug 02 '17 at 07:23
  • i know, tcpdump show length = 0. i want to locate that who launch tcp request. – borey Aug 02 '17 at 07:43
  • First time you have actually stated that. You can see that via `netstat`. Just look for the process that has 53349 or 53391 as its local TCP port. – user207421 Aug 02 '17 at 08:36
  • netstat useless, can not locate. – borey Aug 02 '17 at 11:38
  • Not a programming question - try [su] ? – Paul R Nov 21 '18 at 08:06

1 Answers1

0

the random port initiates the TCP request between two server programs

Correct. The client end port is allocated randomly.

Some TIME_WAITs always exist, I don't understand why.

Because they always do, at the end which does the first close. It's a defined part of TCP. See RFC 793.

Port 53349 and 53391, Where does the TCP request start?

At the end which is using those ports locally. If you're asking which line:

8:55:08.107233 IP 127.0.0.1.53349 > 127.0.0.1.6001: Flags [S], seq 4256285474, win 65495, options [mss 65495,sackOK,TS val 9073216 ecr 0,nop,wscale 7], length 0

and

08:55:16.859786 IP 127.0.0.1.53391 > 127.0.0.1.6001: Flags [S], seq 127196351, win 65495, options [mss 65495,sackOK,TS val 9081968 ecr 0,nop,wscale 7], length 0

(S for SYN).

Community
  • 1
  • 1
user207421
  • 305,947
  • 44
  • 307
  • 483