that capture connect on a reserved port. To do this, capture binds a
dynamic reserved port to connect to capserver, which verifies the
integrity of the sender by looking at the portnumber that accept
returns.

Note that this has the potential problem of burning a lot of reserved
ports on ops (128 tiplines) since the kernel keeps the client side in
TIME_WAIT for a minute or two after it is closed (the socket is in
actual use for just a moment before being closed). If we try to
restart capture too many times within a span of a minute or two, we
might have problems. Will have to switch to a fancier protocol then.
Yuck.