Behavior, in-use vs unused ports,

when a client tries to contact them


It is useful to know what happens when you try to contact software you think is running behind some port number. Sometimes you're wrong and there's no such software using that port. Something happens in that case, but by contrast if the port is in use by a program something different happens. It's good to get familiar with these behaviors so as to recognize them when you see them because they are commonplace. It's also important to bear in mind that there are two protocols that use port numbers, not one. They are TCP and UDP, each of which uses some set of the range of possible port numbers (0-65535) independent of the other. A server program might be using TCP port 5555, but that says nothing about whether or not any UDP program might be using port 5555. And if so, it's not the same port 5555. They are independent of each other.

Consequently, there are 4 cases to examine. First, trying to contact a port number as a TCP client when there is a TCP server using that number. Second, as a TCP client when there isn't. Third, trying to contact a port number as a UDP client when there is a UDP server using that number. Finally, as a UDP client when there isn't.

The assignment for you to perform

It is assumed that a target machine is available that runs the TCP discard service on port 9, no TCP service on port 10, the UDP discard service on port 9, and no UDP service on port 10. Your instructor may identify such a machine for you to use, a fellow student may run his in that way, or you may set up your own (on a different or the same box on which your client will run).

Run Wireshark while performing connection attempts in these 4 situations. Run it on your client machine, from where you are making the attempt. Save your capture file in each case, using these names:

Scenario 1 - 
 TCP client to port used by a TCP server
 filename tcp-something.cap
Scenario 2
 TCP client to port used by no TCP server
 filename tcp-nothing.cap
Scenario 3
 UDP client to port used by a UDP server
 filename udp-something.cap
Scenario 4
 UDP client to port used by no UDP server
 filename udp-nothing.cap

To exclude extraneous junk, filter the capture in Wireshark each time. Limit it to the port numbers your clients will be asking for. Namely, ports 9 and 10. Use the following filter syntax.

  Wireshark/tcpdump filter:   port 9 or port 10 or icmp

Remember that Wireshark has 2 kinds of filters. This is a capture filter, not a display filter. It goes in the "Capture filter" field of the "Capture Options" dialog box, not the prominent "Filter" field of the main window.

TCP client to port used by a TCP server

Run:

sock  <serverIP>  9 *

Observe what has appeared in the Wireshark window so far. sock stops and waits for input. If you type some, it'll send it when you hit Enter. But give it none. Instead, terminate sock with a ctrl-D keystroke. Observe what appears additionally in Wireshark. Stop the capture in Wireshark. Save it to a file, with above nomenclature.


TCP client to port used by no TCP server

Run:

sock  <serverIP>  10

sock terminates. Stop the capture in Wireshark. Save it to a file, with above nomenclature.


UDP client to port used by a UDP server

Run:

sock  -u  <serverIP>  9

sock stops and waits for input. If you type some, it'll send it when you hit Enter. But give it none. Instead, terminate sock with a ctrl-D keystroke. Observe what has appeared in the Wireshark window. Don't bother to save it, since there's nothing there. Run again:

sock  -u  <serverIP>  9

sock stops and waits for input. This time give it something: type a single letter x then hit Enter. Then terminate sock with a ctrol-D keystroke. Stop Wireshark, save to a file with above nomenclature.


UDP client to port used by no UDP server

Run:

sock  -u  <serverIP>  10

sock stops and waits for input. Give it something: type a single letter x then hit Enter. sock terminates. Stop Wireshark, save to a file with above nomenclature.

 

Be sure you can answer:

1. What is the characteristic server behavior when a client attempts to communicate with a port using TCP when no TCP program is using that port number on the server machine?

2. What is the characteristic server behavior when a client attempts to communicate with a port using UDP when no UDP program is using that port number on the server machine?

 

* you can substitute netcat for sock. Use "nc" where you see "sock" in the above prescribed commands. And use ctrl-C instead of ctrl-D to terminate/interrupt netcat.