windows xp vs 7, what's difference UDP accepting rules

Question

When I get a UDP packet (especially, rtp), I have a different phenomenon. It happens by difference of windows version at windows 7 professional K.

UDP packet coming normally without open udp port on my pc (I saw it on wireshark) but, at windows XP SP3, UDP packet is not coming without open udp port.

Exactly half of packet is reached normally, but rest of them is not reached. So, my pc make a ICMP type 3 (Unreachable port error) packet and send it.

I want to know what make difference, specifically.

Answer 1

If you're running Wireshark "at the wire" (which is generally how you run it) you should see all packets (UDP/TCP/w/e else) regardless of local firewall settings and whether or not a port is open. As you have noticed, if the port is not open your computer will respond with an ICMP packet to tell the source that it can't communicate on that port. Then you are unlikely to see further packets from that machine because the program trying to communicate has been told that you won't accept communications on that port. However, regardless of operating system, before that ICMP packet gets sent the source has no way of knowing whether the port is open or not and therefore you should see UDP packets even if the corresponding port is open.

Likely what's happening is the RTP library notices that your machine is not accepting packets and stops sending them. My guess would be you started the application/service, then started Wireshark, by which time the ICMP packet has already been sent back. The sending application/service caches the fact that your computer will not receive such packets and stops sending to your computer. In particular, this is probably done to keep your machine (and any others in a multicast environment) from spamming the sender with ICMP packets.