Set when the SYN flag is set (not SYN+ACK), we have an existing conversation using the same addresses and ports, and the sequence number is different than the existing conversation’s initial sequence number.

    /* If this is a SYN packet, then check if its seq-nr is different     * from the base_seq of the retrieved conversation. If this is the     * case, create a new conversation with the same addresses and ports     * and set the TA_PORTS_REUSED flag. (XXX: There is a small chance     * that this is an old duplicate SYN received after the connection     * is ESTABLISHED on both sides, the other side will respond with     * an appropriate ACK, and this SYN ought to be ignored rather than     * create a new conversation.)     *     * If the seq-nr is the same as the base_seq, it might be a simple     * retransmission, reattempting a handshake that was reset (due     * to a half-open connection) with the same sequence number, or     * (unlikely) a new connection that happens to use the same sequence     * number as the previous one.     *     * If we have received a RST or FIN on the retrieved conversation,     * create a new conversation in order to clear out the follow info,     * sequence analysis, desegmentation, etc.     * If not, it's probably a retransmission, and will be marked     * as one later, but restore some flow values to reduce the     * sequence analysis warnings if our capture file is missing a RST     * or FIN segment that was present on the network.     *     * XXX - Is this affected by MPTCP which can use multiple SYNs?     */    if (tcpd != NULL  && (tcph->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) {        if (tcpd->fwd->static_flags & TCP_S_BASE_SEQ_SET) {            if(tcph->th_seq!=tcpd->fwd->base_seq || (tcpd->conversation_completeness & TCP_COMPLETENESS_RST) || (tcpd->conversation_completeness & TCP_COMPLETENESS_FIN)) {                if (!(pinfo->fd->visited)) {                    conv=conversation_new(pinfo->num, &pinfo->src, &pinfo->dst, CONVERSATION_TCP, pinfo->srcport, pinfo->destport, 0);                    tcpd=get_tcp_conversation_data(conv,pinfo);                    if(!tcpd->ta)                        tcp_analyze_get_acked_struct(pinfo->num, tcph->th_seq, tcph->th_ack, TRUE, tcpd);                    tcpd->ta->flags|=TCP_A_REUSED_PORTS;                    /* As above, a new conversation starting with a SYN implies conversation completeness value 1 */                    conversation_is_new = TRUE;                }            } else {                if (!(pinfo->fd->visited)) {                    /*                     * Sometimes we need to restore the nextseq value.                     * As stated in RFC 793 3.4 a RST packet might be                     * sent with SEQ being equal to the ACK received,                     * thus breaking our flow monitoring. (issue 17616)                     */                    if(tcp_analyze_seq && tcpd->fwd->tcp_analyze_seq_info) {                        tcpd->fwd->tcp_analyze_seq_info->nextseq = tcpd->fwd->tcp_analyze_seq_info->maxseqtobeacked;                    }                    if(!tcpd->ta)                        tcp_analyze_get_acked_struct(pinfo->num, tcph->th_seq, tcph->th_ack, TRUE, tcpd);                }            }        }        else {            /*             * TCP_S_BASE_SEQ_SET being not set, we are dealing with a new conversation,             * either created ad hoc above (general case), or by a higher protocol such as FTP.             * Track this information, as the Completeness value will be initialized later.             * See issue 19092.             */            if (!(pinfo->fd->visited))                conversation_is_new = TRUE;        }        tcpd->had_acc_ecn_setup_syn = (tcph->th_flags & (TH_AE|TH_CWR|TH_ECE)) == (TH_AE|TH_CWR|TH_ECE);    }    /* If this is a SYN/ACK packet, then check if its seq-nr is different     * from the base_seq of the retrieved conversation. If this is the     * case, set the TA_PORTS_REUSED flag and override the base seq.     * (XXX: Should this create a new conversation, as above with a     * SYN packet? We might have received the new connection's SYN/ACK before     * the SYN packet, or the SYN might be missing from the capture file.)     * If the seq-nr is the same as the base_seq, then do nothing so it     * will be marked as a retransmission later.     * XXX - Is this affected by MPTCP which can use multiple SYNs?     */    if (tcpd != NULL && (tcph->th_flags & (TH_SYN|TH_ACK)) == (TH_SYN|TH_ACK)) {        if ((tcpd->fwd->static_flags & TCP_S_BASE_SEQ_SET) &&            (tcph->th_seq != tcpd->fwd->base_seq)) {            /* the retrieved conversation might have a different base_seq (issue 16944) */            /* XXX: Shouldn't this create a new conversation? Changing the             * base_seq will change how the previous packets in the conversation             * are processed in the second pass.             */            tcpd->fwd->base_seq = tcph->th_seq;            if(!tcpd->ta)                tcp_analyze_get_acked_struct(pinfo->num, tcph->th_seq, tcph->th_ack, TRUE, tcpd);            tcpd->ta->flags|=TCP_A_REUSED_PORTS;        }        tcpd->had_acc_ecn_setup_syn_ack = ((tcph->th_flags & (TH_AE|TH_CWR)) == TH_CWR) ||                                          ((tcph->th_flags & (TH_AE|TH_ECE)) == TH_AE);    }

# cat tcp_port_number_reused.pkt 0   socket(..., SOCK_STREAM, IPPROTO_TCP) = 3+0  setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0+0  bind(3, ..., ...) = 0+0  listen(3, 1) = 0+0  < S 0:0(0) win 10000 <mss 1460>+0  > S. 0:0(0) ack 1 <...>+0.01 < . 1:1(0) ack 1 win 10000+0 accept(3, ..., ...) = 4#

editcap -t 0.1 tcp_port_number_reused.pcap tcp_port_number_reused_01.pcapmergecap -w tcp_port_number_reused.pcapng tcp_port_number_reused.pcap tcp_port_number_reused_01.pcap