This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Source Port went from 443 to astergatefax

0

I have been running captures for a couple of weeks to our web service in the cloud. It using https/ssl on port 443. On the previous captures, we would send our inquiry through port 443 to the destination port of 443.

Today I see in the capture that our source port has changed from 443 to 9107 and in wireshark it says "astergatefax" for the source port. It still goes to the destination port of 443 (no change there).

I'm not sure what this means and if I should be concerned. I haven't been able to find much information on the internet about astergatefax. Any help would be appreciated. Thanks.

asked 20 Feb '13, 08:34

sgaf's gravatar image

sgaf
21226
accept rate: 0%


One Answer:

1

astergatefax is just the translation of source port 9107 done by Wireshark with the help of this file:

Windows: %ProgramFiles%\Wireshark\services

There is no need to be concerned, as it is absolutely normal for TCP to have a new source port for each new connection. So, what probably happened is that either side (client or server) closed the old TCP connection and then the client opened a new connection with the source port 9107.

I'm rather 'concerned' because you say: We would send our inquiry through port 443 to the destination port of 443. That implies, that you had used 443 for the source and destination port. Well, that's possible, but rather unusual.

Is that intentional (design of the client software) or just coincidental (the OS picked it by chance, although none of the 'standard' OSes would do that)?

If it is intentional, then you need to figure out why the source port has changed. If it was coincidental, you don't have to care, but then I would like to know the client OS.

Regards
Kurt

answered 20 Feb '13, 08:55

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 20 Feb '13, 08:56