Sign in to follow this  
XiotexStudios

Unreachable port on second network card

Recommended Posts

Hi, After putting up with a dodgy on-board network card (NForce2 - which gives seemingly random response times on packets) I finally installed a second network card. After getting the IP address I begin to send packets to it using UDP - and for every packet sent I get an ICMP port unreachable back. Have I missed something? I am definately sending to the right ip address and the port number is 50000. I can ping the card in windows and do all the other windowsy type stuff (like browse the web - talk to our fileserver etc...).

Share this post


Link to post
Share on other sites
I hate to be obvious, but do you have a UDP service running on that port? Where are you pinging it from?

I like using nmap to test my service / firewall/nat configurations.

Share this post


Link to post
Share on other sites
My setup is two PC's running XP Home.

As I mentioned in the above post - I have been happily communicating with the second PC over UDP on port 50000 but the card was a little unreliable on a LAN. It was okay for the small packets I was sending but it was losing data on large transfers and doing a ping from machine 1 to machine 2 would result in seeming random timescales being returned - never the same twice.

So, I thought I would install this second card. Now all I get in response to UDP is ICMP: port unreachable.

Now, as a test I have attemped to fire UDP packets to all of the other machines in the office and they all get through except for the server - which I would accept.

I have never come across an ICMP Port unreachable before and I am sure the UDP service is running.

Never seen nmap before... any good?

Share this post


Link to post
Share on other sites
Check the windows firewall settings - SP2 enables it by default on a new connection (ie your new card).

nmap is great for security checking, generally being nosey and anything else you might want to throw a stealthy port scanner at. It even makes guesses at the OS of the remote host by looking for port profiles. Nice.

Share this post


Link to post
Share on other sites
This nmap sounds cool - will look into it.

I thought about firewalls. I have disabled the SP2 one and also uninstalled the nvidia network manager thingy that I found too.

Still the same problem.

its an odd one.

Going to try another network card tomorrow just in case.

I will kick myself in the nads if this turns out to be a PEBKAC....

Share this post


Link to post
Share on other sites
I found the problem!

I wasn't listening to the correct port on the second card. And the card/driver reported that there was nothing listening on that port.

Bizzare thing is that if I read on a port that isn't being listened to on other machines I don't get that message - is this to stop port scanners from being effective?

Share this post


Link to post
Share on other sites
Quote:
Bizzare thing is that if I read on a port that isn't being listened to on other machines I don't get that message


I'm assuming you're using UDP. You don't know whether another machine will send a datagram on that port. Datagrams are stateless (connectionless). Someone, somewhere in the world might send you a datagram on that port at some time. Thus, it's perfectly valid (and common) to receive on a port that maybe nobody is currently sending any datagrams to.

TCP is connected, so there, it doesn't make sense to send or receive without a connection (but you can still listen() for connections while there aren't any).

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by XiotexStudios
Hi,
After putting up with a dodgy on-board network card (NForce2 - which gives seemingly random response times on packets) I finally installed a second network card.
After getting the IP address I begin to send packets to it using UDP - and for every packet sent I get an ICMP port unreachable back.
Have I missed something? I am definately sending to the right ip address and the port number is 50000. I can ping the card in windows and do all the other windowsy type stuff (like browse the web - talk to our fileserver etc...).


Your card was not dodgy, but the nforce series have an on board hardware firewall on the network card. To use the machine as a realtime server, you have to disable it. (the older series also had a bug which often resulted in random packet drops)

If you are running winxp-sp2, then an udp port is only opened implicitly after a program sends data out on it. Before running a server, you have to open ports in your system. The firewall has no effect for localhost, so you can test the server with the loopback address.

Viktor

Share this post


Link to post
Share on other sites
Yes, I understand all that.

What I am saying is that if I transmit a UDP packet to another machine and there is nothing listening on the port I specify then the packet is essentially ignored - I see no bounce back traffic.

However, on a single card in the office if the port doesn't have anything listening it bounces back an ICMP unreachable port message. If I then attach a listener to that port the message goes away.

I have been writing network code on and off now since 1998 and its the first time I have seen this behaviour.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by XiotexStudios
Yes, I understand all that.

What I am saying is that if I transmit a UDP packet to another machine and there is nothing listening on the port I specify then the packet is essentially ignored - I see no bounce back traffic.

However, on a single card in the office if the port doesn't have anything listening it bounces back an ICMP unreachable port message. If I then attach a listener to that port the message goes away.

I have been writing network code on and off now since 1998 and its the first time I have seen this behaviour.


This is caused by the firewall on the machine. If turned on, you can specify what kind of icmp messages are allowed. My machine for example never emits any icmp traffic. (no ping or port unreachable) On the local loopback, the firewall is not used so every icmp message gets through. The new windows firewall interace (winxp/sp2) hides the details, but this firewall was present since winn4/sp3, but it was turned off by default, and very few knew where and how to enable it. Also you had to specify filter rules much like you do with the linux ipchains module. The new (xpsp2) firewall system is more intelligent, much like iptables on linux but comes with a wizard interface that defaults everything to the common useage of the system. (so you better get a win2k3 server instead of winxp if you plan on hosting a game on windows)

Viktor

Share this post


Link to post
Share on other sites
Okay, that explains things...

And it's okay, the networking code is being developed on PC's for ease of development but the final platform is a console - so won't have these problems in the long run.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this