Hi I am trying to send files with FTPS (SSL/TLS) but it's not working that well. When I do a wireshark trace I see that source port are 2806 (cspuni) 1.1.1.2 3.3.3.4 TCP cspuni > ftps [SYN] Seq=0 Win=65535 Len=0 MSS=1460 Source port: cspuni (2806) Destination port: ftps (990) I havent heard of cspuni before, anyone have an idea what that is. Or do this appear when something is wrong, for example the certificate doesn't match? / P asked 23 Aug '12, 01:36  ph13 |
One Answer:
I don't know what it is, but you don't have to worry about it. Wireshark tries to lookup well known ports in the services table, for example to be able to replace port 80 with "http". Unfortunately, Wireshark also does this for epheremal ports (which are used by clients), confusing lots of users with protocol names they don't even use. As you may know clients use ephemeral ports for creating each new connection. For example Windows XP starts at port 1025 and goes up to 5000, only to start at 1025 again. Wireshark replaces these ports just like it does with server ports, and you'll see lots of funny protocol names. The list of protocols can be found in the Wireshark installation directory in a file called "services". In there you'll see that cspuni is a protocol using port 2806, which is a typical ephemeral port of a client. You can disable the replacement of ports by disabling it at "View" -> "Name Resolution" -> "Transport Layer" (which would be temporary), or completely in the preferences dialog at the name resolution pane. That way Wireshark will show port number instead of protocol names. answered 23 Aug '12, 01:50  Jasper ♦♦ |
Thanks, I was just confused when I saw that in Wireshark, thought it had something to do with the communication problem I have, that it used that port then.