I try to understand differences between TCP and UDP packet on the error-checking. I know that UDP packets are connectionless and doesn't care that the packet will arrive the destination safely. And TCP packet is the opposite of UDP.
My question is, if a packet send into a closed port of a remote host, what action will take place on UDP and TCP packets?
UDP packet - response with an ICMP (Code-3)? TCP packet - response with a RST packet?
According to the RFC 793 Reset Generation rules:
As a general rule, reset (RST) must be sent whenever a segment arrives
which apparently is not intended for the current connection. A reset
must not be sent if it is not clear that this is the case.
There are three groups of states:
- If the connection does not exist (CLOSED) then a reset is sent
in response to any incoming segment except another reset. In
particular, SYNs addressed to a non-existent connection are rejected
by this means.
Since the port is closed (not listening or communicating) there is no connections and because of that TCP is supposed to reply with a RST package.
RFC 768 for UDP does not specify any action on a closed port but the ICMP RFC 792 specifies a message Type 3 Code 3, Destination Unreachable: Destination port unreachable that may be sent.
However, ports only actually do this if they are unfiltered. Filtered connections do not reply at all and simply drop the packet. Filtering is usually done by any firewall worthy of the name since it makes attackers jobs harder by providing less information.
It's worth mentioning that, even if a server udp port is closed, you can still observe udp packets sent from a client to that closed port.
Try:
Server:
sudo tcpdump -n -i eth0 udp and dst port 8080 -X
replace eth0 to your own network card interface and 8080 to your closed port on server side.
Client:
echo "send from client, udp protocol" | nc -u [server ip] 8080
with UDP you may see in Wireshark:
52081 14:12:05.897100 37.xxx.xxx.xxx 5060 port-xxxx.xxxnet.de ICMP 406 47445 Destination unreachable (Port unreachable)
Port here is 47445. 37.xxx.xxx.xxx is your IP, port--xxxx.xxxnet.de the server who is trying.
