On Tue, Aug 25, 2020 at 08:27:24AM -0400, K. Scott Helms wrote: > Comcast is blocking it. From the table on that page. > > "Port 0 is a reserved port, which means it should not be used by > applications. Network abuse has prompted the need to block this port."
The 'Transport' column seems to indicate that TCP port 0 is blocked, but not that UDP port 0 is blocked. I believe there are comcast people on this mailing list, it would be interesting to hear what the considerations were to block one but not the other. > "What about UDP IP fragmentation?" > > I'm not sure I follow this. The IP packet will be fragmented with UDP > inside it. When the IP packet gets put together the UDP PDU will have > a port number. It's possible that some packet analyzers or network > gear will improperly "see" a partial UDP flow as port 0 but that's a > mischaracterization of the flow. You are absolutely right. There is no layer-4 header in a fragment. 'port 0' in netflow/ipfix traffic analyzer tools when displayed may be the result of a lack of ability to label it differently in the datastructures used. "mischaracterization" is a fitting word :-) Kind regards, Job
