-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > > I recently thought about the following. If a port is
> > closed the host
> > > refuses the connection. What does the host exactly
> > response?
> >
> > It sends a reset.
>
> Correct if I'm wrong, but the host would respond with FIN,
> ACK.
>
No, it sends a reset (Unless its UDP, then it sends ICMP port
unreach). Here's a snippet from a tcpdump session where I telnetted
to port 34 (which I knew was closed) on host1 from host2. The names
have changed to protect the innocent.
20:33:40.561302 eth0 < host2.example.com.1310 > host1.example.com.34:
S 4219042999:4219042999(0) win 32120 <mss 1460,sackOK,timestamp
218657032 0,nop,wscale 0> (DF) (ttl 64, id 55488)
20:33:40.561381 eth0 > host1.example.com.34 > host2.example.com.1310:
R 0:0(0) ack 4219043000 win 0 (DF) (ttl 255, id 0)
- From RFC 793:
1. If the connection does not exist (CLOSED) then a reset is
sent
in response to any incoming segment except another reset. In
particular, SYNs addressed to a non-existent connection are
rejected
by this means.
> Client sync--> host
> client <--sync,ack host
> cllent ack---> host
You'd only see this if the port was open. A closed port would not
respond with a syn.
> (if host port is closed )
>
> client <---fin,ack host
> client ack---> host
> client rst---> host
This is more like a client initiated end of a session (with a couple
missing packets).
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQA/AwUBO/iPa/ovw8oq4sMpEQKvWwCgviOpuRcdIXD6IQjny2DYtVv3cmAAoMH0
R8TCVVPoAlE6KlHjRR0eBNsa
=wz0r
-----END PGP SIGNATURE-----
