LinuxQuestions.org - odd behavior from linux kernel

Today I was working on some software that involved network traffic, so I started tcpdump, and sat there happily doing my thing.

I killed off my network programs, and was busy debugging something when I noticed a weird bunch of SYNACK->ACK on the loopback device. there are no TCP SYN's starting it, and there's nothing else I can think of. there are no non-ack packets, netstat doesn't report anything unusual, there are no extraneous file descriptors in /proc that could explain it. could it be internal transfer between some running programs? maybe IPC?

Anyone with any information feel free to reply

snippet of some of the packets:

Code:

10:44:53.502287 reveka.orgcandman.com.60317 > reveka.orgcandman.com.1098: S 2228933544:2228933544(0) win 32767 <mss 16396,sackOK,timestamp 14350431[|tcp]> (DF)

0x0000  4500 003c 2bf7 4000 4006 8d70 c0a8 0002        E..<+.@.@..p....

0x0010  c0a8 0002 eb9d 044a 84da d3a8 0000 0000        .......J........

0x0020  a002 7fff cab5 0000 0204 400c 0402 080a        ..........@.....

0x0030  00da f85f 0000                                ..._..

10:44:53.502355 reveka.orgcandman.com.1098 > reveka.orgcandman.com.60317: S 2219981233:2219981233(0) ack 2228933545 win 32767 <mss 16396,sackOK,timestamp 14350431[|tcp]> (DF)

0x0000  4500 003c 0000 4000 4006 b967 c0a8 0002        E..<..@.@..g....

0x0010  c0a8 0002 044a eb9d 8452 39b1 84da d3a9        .....J...R9.....

0x0020  a012 7fff 1367 0000 0204 400c 0402 080a        .....g....@.....

0x0030  00da f85f 00da                                ..._..

the ports ARE changing. maybe this is related to emacs/the fact that I'm sshed in. I'm just paranoid because a while ago I was subjected to a lot of failed ssh attacks (none were successful, and md5 sums were untouched). am I just freaking out? does anyone know what this is related to?