17

I have noticed that sometimes while trying to telnet in some random port, I have observed two kind of scenarios:

$ telnet example.com 3432
  Trying 173.252.110.27...

$ telnet example.com 3432
  Connection Refused.

Can someone explain me what is the difference between the two ?

user
  • 4,335
  • 4
  • 34
  • 71
pradeepchhetri
  • 2,698
  • 6
  • 37
  • 47
  • 1
    In first case, the traffic is dropped and in the second case the traffic is rejected. The below link summarises the difference between DROP vs REJECT http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject – tuk Sep 26 '18 at 04:39

1 Answers1

14

One reason would be the behavior of a firewall on example.com. In the event the firewall simply drops the traffic, you will see the first response. On the other hand, if the firewall rejects the traffic, you will get the second.

To better understand, take a packet filter such as tcpdump or wireshark and sniff the traffic as you perform the tests.

The first case will look like Syn,Syn,Syn...

The second case will look like Syn,Rst along with a possible ICMP port-unreachable.

A successfull connection will look like the Syn,Syn-Ack,Ack we expect in the tcp three-way handshake.

dmourati
  • 25,540
  • 2
  • 42
  • 72
  • 2
    One doubt, so in case, if some app is not listening on some port and there is no firewall blocking the connection to that port, I should experience the second case. I mean I should get a RST TCP flag set in the reply . Am I correct ? – pradeepchhetri Jul 07 '13 at 07:18
  • 2
    @pradeepchhetri Yes, if there is nothing *either listening on or blocking traffic to a live host*, you will get a connection refused error (and the associated TCP RST packet). That is really uncommon on the Internet these days, however. – user Jul 07 '13 at 08:17