Firewall Problems with UDP

asked 2020-10-21

fly_agaric gravatar image

updated 2020-10-21

Hello I had a problem with a discord server today. One of our coworker wanted to use discord for business meetings. While Chat was possible voice and video wasn't. I looked at the tracefile with the syntax "frame contains discord". I found some TCP 443 and DNS queries. I looked at every TCP stream and i found no issues with it.

I googled a little bit and found the information that discord is using udp for voice and video so i checked our firewall and obviously everything else then TCP 80 and 443 was blocked. But what makes me wonder is why no icmp destination unreachable was found in the trace. I thought when a UDP connection fails that a icmp destination unreachable packet is sent but i didn't find any icmp packets except 2 from a workstation which tried to ping my client at the same time like i did a capture. Wireshark UDP PCAP File

answered 2020-10-21

Jaap gravatar image

A 'well behaved' intermediate system would do that, but these are becoming scarce. So the packets are simply dropped, without a peep.

edit flag offensive delete link more


okay so how can I see these dropped packets in wireshark? is there a similar mechanism like syn tcp retransmission or rst ack after syn?

fly_agaric ( 2020-10-21 16:15:07 +0000 )

For UDP? No, it's a 'send of and hope for the best' protocol. This is useful for time sensitive data streams, like voice, in which retransmission is not feasible. So the overhead of acknowledgments is not needed.

In case of packet drops the only direct indication of this should be ICMP messages. Usually protocols running over UDP, like for voice that could be RTP, have some form of quality metrics, in case of RTP that would be RTCP. But since that is also transported over UDP you won't see that either.

Jaap ( 2020-10-21 17:38:38 +0000 )

Asked: 2020-10-21

