diff --git a/services/ja4ebpf/bpf/uprobe_ssl.c b/services/ja4ebpf/bpf/uprobe_ssl.c
index 5f070b9..4ffd0e6 100644
--- a/services/ja4ebpf/bpf/uprobe_ssl.c
+++ b/services/ja4ebpf/bpf/uprobe_ssl.c
@@ -227,11 +227,11 @@ int kretprobe_accept4_exit(struct sys_exit_accept4_ctx *ctx)
     bpf_probe_read_user(sa_buf, sizeof(sa_buf), (void *)sockaddr_ptr);
 
     /* Extraire port (octets 2-3) et adresse IP (octets 4-7) */
-    __u16 sin_port = (__u16)(sa_buf[2] << 8) | sa_buf[3];   /* network byte order */
-    __u32 sin_addr = *(__u32 *)(sa_buf + 4);                 /* network byte order */
+    __u16 sin_port = (__u16)(sa_buf[2] << 8) | sa_buf[3];   /* already host byte order (manual assembly) */
+    __u32 sin_addr = *(__u32 *)(sa_buf + 4);                 /* network byte order (raw memory read) */
 
-    __u32 src_ip   = __builtin_bswap32(sin_addr);            /* host byte order */
-    __u16 src_port = __builtin_bswap16(sin_port);            /* host byte order */
+    __u32 src_ip   = __builtin_bswap32(sin_addr);            /* network → host byte order */
+    __u16 src_port = sin_port;                               /* already host byte order */
     __u32 fd       = (__u32)new_fd;
 
     /* Peupler accept_map[{pid_tgid, fd}] */