ICMP port unreachable message stops NMAP on UDP scan but not always [migrated]
I have two almost identical embedded hosts that I am scanning with NMAP on the specific UDP port 47808.
On host 192.168.2.12 NMAP returns after a while with:
while on 192.168.2.24 NMAP immediately returns with:
In both cases the host replies with an ICMP Type 3 Code 3 message, but for 192.168.2.12 NMAP keeps scanning, while for 192.168.2.24 it returns immediately after first ICMP answer.
This is the first ICMP answer from 192.168.2.12:
while this is the first ICMP from 192.168.2.24:
Both are Type 3 Code 3 messages but for 192.168.2.24 there is a different payload.
Why does NMAP stop immediately for 192.168.2.24 even if the ICMP type and code are identical to 192.168.2.12 ?
Here is the 192.168.2.12 NMAP packet trace:
and here it is for 192.168.2.24:
Even if both ICMP packets are Type 3 Code 3, NMAP identifies 192.168.2.12 answer as Destination Unreachable while 192.168.2.24 as Port Unreachable.
Why this different classification for two packets with the same Type and Code?
