I have been running captures for a couple of weeks to our web service in the cloud. It using https/ssl on port 443. On the previous captures, we would send our inquiry through port 443 to the destination port of 443. Today I see in the capture that our source port has changed from 443 to 9107 and in wireshark it says "astergatefax" for the source port. It still goes to the destination port of 443 (no change there). I'm not sure what this means and if I should be concerned. I haven't been able to find much information on the internet about astergatefax. Any help would be appreciated. Thanks. asked 20 Feb '13, 08:34 sgaf |
One Answer:
astergatefax is just the translation of source port 9107 done by Wireshark with the help of this file:
There is no need to be concerned, as it is absolutely normal for TCP to have a new source port for each new connection. So, what probably happened is that either side (client or server) closed the old TCP connection and then the client opened a new connection with the source port 9107. I'm rather 'concerned' because you say: Is that intentional (design of the client software) or just coincidental (the OS picked it by chance, although none of the 'standard' OSes would do that)? If it is intentional, then you need to figure out why the source port has changed. If it was coincidental, you don't have to care, but then I would like to know the client OS. Regards answered 20 Feb '13, 08:55 Kurt Knochner ♦ edited 20 Feb '13, 08:56 |