auditd reports port number '0' for connect() system call

Hi all, I'm developing custom audit client to monitor Linux system activities. I'm testing my client from Ubuntu 14.04 (64-bit) system with the following auditctl rules. sudo auditctl -l LIST_RULES: exit,always arch=3221225534 (0xc000003e) syscall=open,close,dup,dup2,socket,connect,accept,listen,socketpair,clone,fork,vfork,execve,exit,creat,unlink,exit_group,openat,unlinkat,accept4,dup3 And I captured the raw system messages with the following command. sudo auditd -f > /tmp/log.txt While /tmp/log.txt contains a considerable amount of raw audit messages, I grep'ed only connect() system calls with its associated saddr entries. grep -A1 -e "syscall=42 success=yes" /tmp/log.txt -- type=SYSCALL msg=audit(1459302277.538:35891018): arch=c000003e syscall=42 success=yes exit=0 a0=61 a1=7f2ec75a1ed0 a2=10 a3=1 items=0 ppid=2779 pid=21581 auid=4294967295 uid=8271 gid=5001 euid=8271 suid=8271 fsuid=8271 egid=5001 sgid=5001 fsgid=5001 tty=(none) ses=4294967295 comm="Chrome_IOThread" exe="/opt/google/chrome/chrome" key=(null) type=SOCKADDR msg=audit(1459302277.538:35891018): saddr=020000358A0F6C0B0000000000000000 -- type=SYSCALL msg=audit(1459302309.098:35898719): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7fffe9a24980 a2=10 a3=7fffe9a246d0 items=0 ppid=20312 pid=2991 auid=4294967295 uid=8271 gid=5001 euid=0 suid=0 fsuid=0 egid=0 sgid=5001 fsgid=0 tty=pts23 ses=4294967295 comm="sudo" exe="/usr/bin/sudo" key=(null) type=SOCKADDR msg=audit(1459302309.098:35898719): saddr=0200006F8A0FA5090000000000000000 -- type=SYSCALL msg=audit(1459302309.098:35898722): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=7fffe9a24980 a2=10 a3=7fffe9a246d0 items=0 ppid=20312 pid=2991 auid=4294967295 uid=8271 gid=5001 euid=0 suid=0 fsuid=0 egid=0 sgid=5001 fsgid=0 tty=pts23 ses=4294967295 comm="sudo" exe="/usr/bin/sudo" key=(null) type=SOCKADDR msg=audit(1459302309.098:35898722): saddr=0200030B8A0FA5090000000000000000 ... For these entries, I decoded saddr entries with the attached program and extracted entries port values '0'. g++ -o sock_decode sock_decode.cpp grep -A1 -e "syscall=42 success=yes" /tmp/log.txt |grep saddr | awk 'BEGIN{FS="="} {print “ ./sock_decode " $4}' |sh |grep "sa_family: 2.* port: 0" |more 0200000036447A640000000000000000: sa_family: 2 addr: 1685734454, port: 0 (0) 020000003644ECD00000000000000000: sa_family: 2 addr: 3505144886, port: 0 (0) 02000000369520250000000000000000: sa_family: 2 addr: 622892342, port: 0 (0) .... If I understood correctly, connect() should return error when sin_port field is set with '0'. Would anyone explain this to me or help me with fix this problem? Thanks a lot for your help in advance!