Solved

UDP packets get changed to ICMP packets

Posted on 2007-12-01
13
1,260 Views
Last Modified: 2013-11-29
While debugging an app, I discovered that packets I sent as UDP had been changed to ICMP packets when sent over the internet. As a test, I did the following from a Mac running OS-X 10.5:

1. Open a terminal window with "nc -u -l 1028" to listen for UDP packets.
2. Open another terminal window with "nc -u x.x.x.x 1028" to send UDP packets.
3.  With x.x.x.x set to 192.168.0.8, the IP address of the Mac I'm using, text sends just fine from one window to the other.
4. With x.x.x.x set to my internet IP address, packets never show up on the listening window.
5. Using the Wireshark packet sniffer, the transmitted packet appears as UDP, as expected.
6. The received packet, however, is shown as an ICMP packet, 28 bytes longer. The data portion of the content is correct.

The fact that the packet sniffer shows an incoming ICMP packet indicates that the packet is not being blocked by any firewall (set to forward port 1028 to 192.168.0.8). My internet connection is Verizon FIOS, using their Actiontec wireless router.

In short, UDP between two terminal windows on the same machine works fine when using the local machine address, but does not work when routing through the internet to the machine's internet IP address because the packets somehow get changed to ICMP packets. Any ideas would be appreciated. Thanks.
0
Comment
Question by:jsmeast
  • 6
  • 5
  • 2
13 Comments
 
LVL 11

Expert Comment

by:tvman_od
Comment Utility
!!!!!!!!!!!!!!!!!!!!!!!
I was banging my head why my VoIP application is not working over FIOS with Actiontec router. Another FOIS connection with different router works just fine and all other sorts of connections work just fine, this the only one. So it must be a problem in the firmware. I'd like to resolve it for you and myself. Which UDP ports your application whants to use? A TFTP client behind the Actiontec will work with multiple errors. TFTP Server reports multiple DUP requests. I had to decrease TFTP block size down to 512 bytes. Adjusting MTU on the server didn't give any resilts. The application can download a firmware image over TFTP and then cannot start properly. UDP requests can reach the server and I see answers going toward the client behind the Actiontec but I don't see anything in local LAN. Firewall is completely disabled. Tryed to set the application client's host as DMZ host, so any kind of unmatched by NAT traffic will hit this host didn't give any results. Troibleshooting with Verizon level 3 support didn't help. This is the information which I have discovered so far.
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
Comment Utility
Can you tell me the type of ICMP message recieved? Is it type 3?
0
 
LVL 11

Expert Comment

by:tvman_od
Comment Utility
I didn't expect ICMP, so I set tcpdump filter to listen for UDP only.
Which version of firmware do you have? I'll contact the user and ask for deatails. Besides that I'll try to set another debug session because I kind of gaveup. I'll try your method using "nc".
0
 
LVL 12

Accepted Solution

by:
Amit Bhatnagar earned 250 total points
Comment Utility
Hey Budd, I am not a Router Guy. I am System Admin although, the behaviour you just described is normal in UDP. UDP being a connectionless protocol, there is really no way for confirming the delivery of the packets like in TCP so the upper layers take that responsibilty for the same. And when a UDP Packet is not delivered at the destination due to Service not listening etc., an ICMP Packet is generated with Type 3 which only means Destination 'Port' Unreachable. Again, I am making assumptions here but since you saw ICMP replies immediately after sending UDP packets ...Chances are they are the same ICMP packets. ICMP packets can also be used in a lot of other different ways...

http://www.networksorcery.com/enp/protocol/icmp/msg3.htm

Do try and take a trace and see if this is the case...:)
0
 
LVL 11

Expert Comment

by:tvman_od
Comment Utility
The strange part is the content. Echo responce will repeat the content of Echo request. Unreachable messages don't include any data portion. "nc" test works in LAN and doesn't when crossing the router.
0
 
LVL 11

Expert Comment

by:tvman_od
Comment Utility
Bamit99, we are trying to find as much as possible, so your input is really appreciated.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:jsmeast
Comment Utility
Thanks for the clues, guys. The ICMP packet is type 3 (unreachable). Since nc to nc works on the local network, the UDP listen port is obviously reachable internally. However, since it doesn't work through the internet, something, presumably my Actiontec router, must be blocking port 1028. I'll double check port forwarding and report back. Obviously, all UDP packets are not being blocked, since DNS and other UDP-based services work fine. To be continued...
0
 
LVL 11

Expert Comment

by:tvman_od
Comment Utility
To be continued... Looks like there is no expert for this problem :) so we are on our own and Verizon :( Is it possible that Actiontec is trying to understand the protocol and fails?
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
Comment Utility
ICMP Type 3 Does contain the header of the original UDP Packet, rather to be accurate it contains "the first 8 bytes of the original datagram's data". And 'jsmeast' just mentioned it is a Type 3 only. Now, as for other UDP packets like DNS are considered standard over the Internet, most of the firewall allow them but anything out of ordinary will be blocked as you see with your App.
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
Comment Utility
Also, incase you feel the Firewalls are completely out of the picture then make sure that the Destination Machine is actually listening on the UDP port for which you are trying to sent the Data.
0
 
LVL 11

Expert Comment

by:tvman_od
Comment Utility
BTW, do you see trivial pings on the sfiffer at x.x.x.x? You said that UDP datagramms don't make their way to x.x.x.x. I kind of overlooked this statement. Try to send DNS request to x.x.x.x even if you don't have a server and see it on the sniffer.
0
 

Author Comment

by:jsmeast
Comment Utility
Problem solved, although I don't know exactly why. Re-checking the received ICMP packet, I confirmed that it was type 3 and saw that the "code" said "port unreachable". On re-reading the link provided by Bamit99, it finally became clear that the only router that could know if that port was unreachable was my Actiontec residential gateway.

I carefully looked through every setting, but didn't see anything suspicious. Still, it had to be that router, so I did a factory reset. After reconfiguring everything and adding a forward for port 1028 to my local machine, everything worked--nc to nc worked, and my app worked. The settings look no different now than they did before. Apparently, something not visible through the web interface had gotten changed in the Actiontec router.

Bamit99, I hadn't realized that a router would respond with an ICMP packet to a failed UDP send. That information, and the link you provided, were the keys to resolving the problem. Thanks.

tvman_od, thanks for your suggestions, too. All along, I've had reliable service on other UDP ports, e.g. DNS, streaming audio, etc., so I think we may have different problems. Should you decide to try a "Restore defaults" on your Actiontec, bear in mind that it wipes out all user settings. Login info goes back to the defaults of "admin" and "password". If you have lots of user configuration, you might consider saving a copy of the configuration files first, so you can restore to your previous settins, if necessary. Good luck!
0
 
LVL 12

Expert Comment

by:Amit Bhatnagar
Comment Utility
Hey!!, I am glad it got resolved. Yes, sometimes resetting the setting back to what you already got...helps !!...:). Take care, Cheers !!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now