How you executed DRDoS attacks includes NTP, DNS...? Why these attacks in CICDDoS2019 dataset have random ports?

[theYTQ]

For example, this is DRDoS_NTP, and its port is not 123. This is DRDoS_SNMP, and its port is not 161.

[Magic-Doufu]

I also see many records with zero SYN FLAG COUNTS in the SYN attack files. Maybe the attack records includes records after the service dies? CICIDS2019 included reflection attack. (NTP/DNS are reflection attacks, probably the reason for random ports.)