What happens when we send a random byte via UDP to an opened TCP port at another machine? Does received PC turns back to sender with any byte or bytes? Also what happens when we try to send a packet to a non opened TCP port at another PC?
The operation you describe is impossible. You can't send a UDP datagram to a TCP port at all, whether . Ergo nothing can possibly happen.
Open and closed has nothing to do with it, and neither does local or remote.
Related
I have been analyzing packets sent out from my IP to a game server.
The connection to the server was getting reset for some reason and after packet capture, I could see that there are TCP RST packets sent at the time of the disconnection.
I have tried to use advance firewall to specifically only restrict the TCP RST packets to the game server to see if that will prevent this disconnection. However I am unable to specify the flag level details in the rules.
How can I accomplish this configuration?
Is there any third party firewall that can do this?
Thank you
I have checked this UDP packets not displayed in Wireshark and this UDP Packet not captured by Wireshark, but is captured by UDP application , but couldnt solve my issue.
I am using Wireshark to observe traffic on an adapter I have connected to some network device- no other traffic than the one I issue is there.
Then I am using Packet Sender application to send a UDP packet to an IP address I know is on the other side of the adapter (i.e. I am 10.10.10.34, the other device is 10.10.10.1).
I can correctly ping the other device and ICMP packets are visible in Wireshark. I can sent TCP or SSL packets and see them in Wireshark. Whenever I send UDP packet, it is not seen in Wireshark- I cannot figure out why. All my settings are default ones.
The other thing I suspect that the UDP packet is not sent by the Packet Sender application, but I am not sure how to validate that.
The case was not about Wireshark, but about Packet sender. Binding the IP address as described here solved my problem:
https://github.com/dannagle/PacketSender/issues/158#issuecomment-516481820
I think the question explains it fully.
Another way to say it: Are the packets read via a raw socket removed from the communication channel completely, so that they are not even delivered to the TCP socket that they were intended for in the first place. For e.g., if there is a web server running on my host, listening on port 80, and I open a raw socket listening for all TCP protocol packets, will the web server never receive those packets being sent to port 80?
Thanks.
From my experience packets read on the raw socket are not removed from the communication. You could even have multiple raw sockets at the same time and all get the same packages. But to cite from Linux: man raw:
Raw sockets may tap all IP protocols in Linux, even protocols like ICMP or TCP which have a protocol module in the kernel. In this case, the packets are passed to both the kernel module and the raw socket(s). This should not be relied upon in portable programs, many other BSD socket implementation have limitations here.
to undestand how tcp/ip works i'we wrote my implementation of the tcp/ip stack, i can successfully get IP address from DHCP server, can ping, but can't get TCP to work.i'm trying to connect to port 80 on microcontroller with MII PHY using chrome browser on win8. my log can be downloaded by link http://prefiles.com/rbmiresq8x51/my.pcap
for my knowledge of how TCP packet should look... tcp SYN/ACK responce is correct, wireshark colored it as green,but anyway i think the issue appearing when i'm composing tcp SYN/ACK packet, can anybody check whats wrong? the packet looks OK, all field correctly filled.
littlebit offtopic - browser always sends packets with corrupted checksum is it normal, trouble with win8 or chrome browser?
I use raw socket to build a tcp client program and run it on machine A
and I run a regular tcp server program on machine B
the raw socket-based client program first send a SYN packet
and then it receives a SYN/ACK packet from the remote tcp server
then the kernel of machine A sends a RST to the remote tcp server
the sequence number and ack-sequence number is fine
what are potential reasons?
and how to deal with it? thanks!
BTW: I used tcpdump to capture packets on the remote machine B
and it shows "TCP port numbers reused" for the SYN packet from client,
actually before the client send the SYN, I used
netstat -tnp
to check on-going tcp sessions, and it shows nothing
This is perfectly normal. If a machine receives a SYN/ACK packet it doesn't expect, it should respond with a RST to let the other side know that it has no knowledge of or interest in that connection. The kernel sent a RST because that's what it's supposed to do -- it has no idea what your program is doing.
If you're trying to run your own TCP stack on a machine that already has a TCP stack, you'll have to prevent the regular TCP stack from responding to machines your stack is trying to talk to -- otherwise, they'll be talking to two TCP stacks which can't possibly work.