Character Generator Protocol

The Character Generator Protocol (CHARGEN) is a simple network service within the Internet Protocol Suite, defined in RFC 864 in 1983, designed as a debugging and measurement tool that generates and transmits streams of data independently of any input received.^[1] It operates on port 19 using both TCP and UDP transports, with the TCP variant establishing a connection to deliver a continuous sequence of ASCII printable characters (typically in 72-character lines ending with carriage return and line feed) until the connection is closed, while the UDP variant responds to each incoming datagram with a random-length reply of 0 to 512 characters from the same character set, maintaining no state between transactions.^[1]^[2] Originally intended for network testing—such as evaluating throughput, latency, or connection stability without complex interactions—CHARGEN has largely become obsolete in modern networks due to its lack of authentication or access controls, rendering it unsuitable for production environments.^[1] Despite its intended use solely as a debugging tool and recommendations against enabling it on publicly accessible servers, residual implementations persist, primarily contributing to security vulnerabilities rather than legitimate use cases.^[1] A key notable aspect of CHARGEN is its exploitation in distributed reflective denial-of-service (DRDoS) attacks, particularly via UDP amplification, where attackers spoof victim IP addresses in small requests to open CHARGEN servers, eliciting disproportionately large responses (with a bandwidth amplification factor up to 358.8) that flood the target with traffic.^[3] To mitigate such risks, cybersecurity authorities recommend disabling CHARGEN services on internet-facing systems, implementing ingress filtering to block spoofed packets (per IETF BCP 38), and applying stateful inspection on firewalls to limit UDP responses.^[3]^[3]

Introduction

Definition and Purpose

The Character Generator Protocol (CHARGEN) is a simple network service defined within the Internet Protocol Suite that responds to client requests by generating a stream of ASCII characters, without regard to any input data received from the client.^[2] Over TCP, it provides a continuous stream until the connection closes; over UDP, it sends a single response datagram of 0 to 512 random-length characters. This protocol operates by transmitting data unidirectionally from the server to the client, ignoring the contents or presence of incoming packets.^[2] The primary purpose of CHARGEN is to function as a debugging and measurement tool, enabling verification of network connectivity, throughput capacity, and error rates through straightforward, non-interactive data exchange that avoids complex protocol negotiations.^[2] By delivering predictable patterns of data, it allows network administrators to assess transmission reliability and performance in early Internet environments without requiring stateful interactions.^[2] Key characteristics of CHARGEN include its stateless design, which maintains no history or session information, ensuring each request triggers independent data generation.^[2] The protocol produces output using the 95 printable ASCII characters (codes 32 through 126), arranged in an ordered sequence numbered 0 through 94 and cycling via modulo 95, formatted as 72-character lines ending with carriage return and line feed before repeating the cycle.^[2] Originally designed by Jon Postel in May 1983, CHARGEN aimed to provide a minimal and reliable service for troubleshooting connectivity issues in the nascent ARPA Internet, contributing to the suite of basic diagnostic protocols that supported early network development.^[2]

History and Development

The Character Generator Protocol (CHARGEN) was developed in 1983 by Jon Postel at the University of Southern California's Information Sciences Institute (USC/ISI) as one of several early utilities within the emerging TCP/IP protocol suite.^[1] Postel, a key figure in Internet protocol design during the ARPANET era, authored the protocol to provide a straightforward mechanism for network testing, reflecting the need for basic diagnostic tools in an environment constrained by limited computational hardware and nascent connectivity.^[4] This development occurred amid the transition from ARPANET to the broader ARPA Internet, where simple, resource-light services were essential for verifying host reachability and measuring basic performance metrics.^[1] Standardization followed shortly with the publication of RFC 864 on May 1, 1983, which outlined CHARGEN as a standard for the ARPA Internet community, with hosts expected to implement it if providing the service.^[1] The document specified implementations over both TCP and UDP on port 19.^[4] Although classified as an Internet Standard (STD 22) at the time, its experimental orientation aligned with the ad hoc nature of early protocol evolution, prioritizing utility over rigorous validation.^[1] Following its initial release, RFC 864 received no substantive updates or revisions, remaining unchanged since 1983 and contributing to the protocol's gradual obsolescence in contemporary secure networks.^[4] Modern Internet systems are advised against implementing CHARGEN due to its potential for misuse and incompatibility with current security practices, rendering it largely deprecated.^[5] Nevertheless, the protocol persists in certain legacy systems, where it continues to serve as a rudimentary diagnostic aid in isolated or historical environments.^[5]

Protocol Specifications

RFC 864 Details

RFC 864, titled "Character Generator Protocol," is a concise document authored by Jon Postel and published in May 1983.^[6] Spanning just three pages, it outlines a simple network service designed as a tool for debugging and measurement, explicitly stating that the character generator "simply sends data without regard to the input."^[6] The RFC lacks formal sections on abstract or references, instead dividing its content into five main parts: an introduction, descriptions of the TCP-based and UDP-based services, data syntax specifications, and a brief example.^[6] The document specifies port 19 as the default for both TCP and UDP implementations of the protocol.^[6] In TCP mode, the service establishes a connection and delivers a continuous stream of data until the connection closes, with the server generating responses independently of any client input. For UDP, it operates on a datagram basis, where the server responds to each incoming datagram with a separate datagram containing a random number of characters between 0 and 512. Central to the protocol are the character generation rules detailed in the data syntax section. The server produces lines of exactly 72 characters, each comprising the 95 printable ASCII characters (decimal codes 32 to 126), sorted in ascending order and numbered from 0 to 94, terminated by a carriage return and line feed. These lines follow a fixed cyclic pattern: the Nth line uses characters offset by N modulo 95, starting from position 0 to 71 in the sequence, creating a shifting pattern that wraps around without repetition until the cycle completes. This deterministic output aids in verifying network throughput and reliability, as emphasized in the introduction's purpose for operational testing. RFC 864 is designated as a standard for the ARPA Internet community (Internet Standard STD 22), intended as an informational service for network diagnostics. An example in the document illustrates a sample TCP interaction, showing the server initiating data transmission immediately upon connection with the first cyclic line.^[6]

Transmission Modes

The Character Generator Protocol (CHARGEN) supports two primary transmission modes: TCP and UDP, both utilizing the default port 19, with no built-in authentication or session management mechanisms.^[1] In TCP mode, CHARGEN operates as a connection-oriented service, where the server establishes a reliable, ordered connection with the client upon receiving a connection request on port 19. Once connected, the server immediately begins transmitting a continuous stream of data without regard to any input from the client, continuing until the client terminates the connection either abruptly or through a careful close. This stream consists of recommended 72-character lines comprising ASCII printing characters (decimal codes 32 through 126), sorted in ascending order, followed by a carriage return and line feed; the server discards any received data and relies on TCP's flow control to manage transmission rates. This mode is particularly suited for testing sustained throughput and connection stability due to its ordered and reliable delivery guarantees.^[1] In contrast, UDP mode functions as a connectionless, stateless protocol, where the server responds independently to each incoming datagram received on port 19 by sending a single reply datagram containing 0 to 512 random ASCII characters, again ignoring the content of the request. Each response is generated anew without retaining any state or history from prior interactions, making it ideal for quick, one-off probes but susceptible to packet loss or reordering inherent to UDP. The lack of persistent connections in this mode emphasizes its utility for lightweight, high-volume diagnostic testing rather than prolonged data exchanges.^[1] The operational differences between these modes highlight CHARGEN's flexibility for various network measurement scenarios: TCP ensures complete and ordered data delivery for in-depth reliability assessments, while UDP enables rapid, fire-and-forget transmissions that simulate bursty or unreliable conditions, though both modes share the protocol's core simplicity of generating characters without input processing.^[1]

Implementation

System Integration

In Unix-like operating systems, the Character Generator Protocol (CHARGEN) is typically integrated through super-servers such as inetd or its extended version, xinetd, which manage lightweight network services on demand. These super-servers listen for incoming connections and invoke the appropriate handler based on configuration entries in files like /etc/inetd.conf or /etc/xinetd.d/chargen. For CHARGEN, the configuration specifies port 19 for both TCP and UDP protocols, with the service often marked as "internal" to indicate that the super-server handles the protocol logic directly without requiring a separate executable; example entries include "chargen stream tcp nowait root internal" for TCP and "chargen dgram udp wait root internal" for UDP.^[7] CHARGEN has been available by default in many BSD-derived systems, such as FreeBSD and older versions of Solaris, where it was often enabled in legacy configurations for network testing purposes. In these environments, the service is bundled with the base system and activated via the super-server setup without additional installation. Similarly, older Linux distributions, including those using inetd or early xinetd implementations, included CHARGEN entries in their default configuration files, though typically commented out to prevent unintended exposure. (Note: This Oracle doc references legacy Solaris services; for specifics, see historical SMF manifests in Solaris 10 documentation archives.) (Adapted for stable LFS context on xinetd internals.) Upon startup, the super-server binds to port 19 and monitors for connections using the specified protocols. When a request arrives, it spawns a child process or handles the connection internally for stateless services like CHARGEN, generating the character stream without maintaining persistent state between sessions; this on-demand model minimizes resource usage compared to standalone daemons. The configuration supports both TCP stream mode, where data flows continuously until the connection closes, and UDP datagram mode for discrete packet responses.^[8] In modern distributions, CHARGEN is rarely included or enabled by default due to associated security risks, such as potential amplification in denial-of-service attacks, leading most systems to exclude it from standard packages. Administrators seeking to implement it must manually compile or install from open-source implementations inspired by RFC 864, then configure the super-server accordingly, often requiring explicit enabling of the service files.^[9] (CIS benchmark for Ubuntu, applicable to general Linux practices.)

Programming Examples

Implementing a CHARGEN server requires binding to port 19 and generating data according to the specifications in RFC 864, which defines the protocol for both TCP and UDP transports.^[1] The server ignores any incoming data and continuously produces a stream of ASCII printable characters (codes 32 through 126) in a cyclic pattern resembling a "barber pole" effect.^[1]

Basic TCP Server Pseudocode

A basic TCP CHARGEN server listens on port 19, accepts connections, and sends lines of 72 characters each, followed by a carriage return and line feed (CR LF), cycling through the 95 printable ASCII characters with an offset per line until the client disconnects.^[1] The following pseudocode illustrates this process:

initialize socket with TCP, bind to port 19
listen for connections
while true:
    accept client connection
    line_offset = 0
    while client connected:
        for column = 0 to 71:
            char_index = (line_offset + column) mod 95
            char = printable_ascii[char_index]  // ASCII 32-126, indexed 0-94
            send char to client
        send CR LF to client
        line_offset += 1
    close client connection
close socket
initialize socket with TCP, bind to port 19
listen for connections
while true:
    accept client connection
    line_offset = 0
    while client connected:
        for column = 0 to 71:
            char_index = (line_offset + column) mod 95
            char = printable_ascii[char_index]  // ASCII 32-126, indexed 0-94
            send char to client
        send CR LF to client
        line_offset += 1
    close client connection
close socket

This loop ensures a continuous stream without regard to client input, as required by the protocol.^[1]

UDP Server Example in Python

For UDP, the server responds to each incoming datagram with a single datagram containing up to 512 bytes of data in the same character pattern, but without maintaining state across requests; a typical implementation generates approximately 511 bytes per response to maximize utility for testing.^[1] The Python standard library's socket module provides a straightforward way to implement this. The example below uses IPv4, binds to port 19, and generates lines until reaching the byte limit:

python
import socket

# Printable ASCII characters (32-126), 95 chars
CHARS = [chr(i) for i in range(32, 127)]
NEWLINE = '\r\n'
PORT = 19
WIDTH = 72
MAX_BYTES = 512

def generate_response():
    response = ''
    line_num = 0
    while len(response.encode('ascii')) < MAX_BYTES:
        line = ''.join(CHARS[(line_num + col) % 95] for col in range(WIDTH))
        response += line + NEWLINE
        line_num += 1
    return response.encode('ascii')[:MAX_BYTES - 1]  # Ensure under 512

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind(('', PORT))

while True:
    data, addr = sock.recvfrom(1024)  # Ignore data, just get addr
    response = generate_response()
    sock.sendto(response, addr)
import socket

# Printable ASCII characters (32-126), 95 chars
CHARS = [chr(i) for i in range(32, 127)]
NEWLINE = '\r\n'
PORT = 19
WIDTH = 72
MAX_BYTES = 512

def generate_response():
    response = ''
    line_num = 0
    while len(response.encode('ascii')) < MAX_BYTES:
        line = ''.join(CHARS[(line_num + col) % 95] for col in range(WIDTH))
        response += line + NEWLINE
        line_num += 1
    return response.encode('ascii')[:MAX_BYTES - 1]  # Ensure under 512

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind(('', PORT))

while True:
    data, addr = sock.recvfrom(1024)  # Ignore data, just get addr
    response = generate_response()
    sock.sendto(response, addr)

This code produces independent responses for each datagram, aligning with the UDP mode where no stream continuity is maintained.^[1]

C Implementation Outline

In C, a CHARGEN server leverages the Berkeley sockets API from <sys/socket.h> to create and manage connections, often using fork() to handle multiple clients concurrently in a multi-process model.^[1] The outline below shows the core structure for a TCP server, including socket setup, acceptance loop, and character generation using write():

c
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

#define PORT 19
#define WIDTH 72
#define NUM_CHARS 95  // Printable ASCII 32-126

int main() {
    int sockfd, clientfd;
    struct sockaddr_in server_addr, client_addr;
    socklen_t client_len = sizeof(client_addr);
    char buffer[WIDTH + 2];  // +2 for CR LF
    int line_offset = 0;

    // Printable chars array (initialize with ASCII 32-126)
    char chars[NUM_CHARS];
    for (int i = 0; i < NUM_CHARS; i++) {
        chars[i] = 32 + i;
    }

    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(PORT);
    server_addr.sin_addr.s_addr = INADDR_ANY;
    bind(sockfd, (struct sockaddr*)&server_addr, sizeof(server_addr));
    listen(sockfd, 5);

    while (1) {
        clientfd = accept(sockfd, (struct sockaddr*)&client_addr, &client_len);
        if (fork() == 0) {  // Child process
            close(sockfd);
            line_offset = 0;
            while (1) {
                for (int col = 0; col < WIDTH; col++) {
                    int idx = (line_offset + col) % NUM_CHARS;
                    buffer[col] = chars[idx];
                }
                buffer[WIDTH] = '\r';
                buffer[WIDTH + 1] = '\n';
                write(clientfd, buffer, WIDTH + 2);
                line_offset++;
            }
            close(clientfd);
            exit(0);
        }
        close(clientfd);
    }
    close(sockfd);
    return 0;
}
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

#define PORT 19
#define WIDTH 72
#define NUM_CHARS 95  // Printable ASCII 32-126

int main() {
    int sockfd, clientfd;
    struct sockaddr_in server_addr, client_addr;
    socklen_t client_len = sizeof(client_addr);
    char buffer[WIDTH + 2];  // +2 for CR LF
    int line_offset = 0;

    // Printable chars array (initialize with ASCII 32-126)
    char chars[NUM_CHARS];
    for (int i = 0; i < NUM_CHARS; i++) {
        chars[i] = 32 + i;
    }

    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(PORT);
    server_addr.sin_addr.s_addr = INADDR_ANY;
    bind(sockfd, (struct sockaddr*)&server_addr, sizeof(server_addr));
    listen(sockfd, 5);

    while (1) {
        clientfd = accept(sockfd, (struct sockaddr*)&client_addr, &client_len);
        if (fork() == 0) {  // Child process
            close(sockfd);
            line_offset = 0;
            while (1) {
                for (int col = 0; col < WIDTH; col++) {
                    int idx = (line_offset + col) % NUM_CHARS;
                    buffer[col] = chars[idx];
                }
                buffer[WIDTH] = '\r';
                buffer[WIDTH + 1] = '\n';
                write(clientfd, buffer, WIDTH + 2);
                line_offset++;
            }
            close(clientfd);
            exit(0);
        }
        close(clientfd);
    }
    close(sockfd);
    return 0;
}

This implementation forks a new process per client to send the cyclic lines via write(), ensuring the server remains responsive; a similar structure applies to UDP by using SOCK_DGRAM and recvfrom()/sendto().^[1] CHARGEN implementations per RFC 864 perform no input validation, as the protocol explicitly disregards received data.^[1] However, custom builds may incorporate timeouts on connections or datagram handling—such as using select() or alarm() in C, or socket.settimeout() in Python—to mitigate potential resource exhaustion from persistent clients, though this extends beyond the minimal RFC requirements. As an alternative to custom servers, inetd can invoke a simple handler script or binary for CHARGEN on supported systems.^[1]

Applications

Network Testing

The Character Generator Protocol (CHARGEN) serves as a foundational tool for verifying network performance and reliability by actively generating data streams that simulate real-world traffic conditions. Specified in RFC 864, it operates on port 19 using either TCP for continuous streams or UDP for discrete responses, allowing testers to evaluate key metrics without complex setups.^[2] In throughput measurement, clients establish connections to the CHARGEN service to produce sustained traffic volumes, enabling assessments of bandwidth constraints, packet loss, and latency across LAN and WAN infrastructures. For instance, the TCP mode delivers an unending sequence of characters at a steady rate, facilitating load simulation to identify bottlenecks in data transfer efficiency.^[2]^[9] Connectivity diagnostics leverage a basic telnet session to port 19, where a successful link-up and immediate receipt of generated characters confirm host reachability and service responsiveness, particularly valuable for validating firewall configurations. This straightforward probe helps isolate issues in path availability without additional diagnostics.^[2] For error detection, the protocol's output of patterned 72-character lines—such as sequential ASCII symbols—permits observers to spot disruptions like garbled sequences or gaps, signaling transmission errors or misconfigurations in foundational network environments. These observable patterns provide a low-overhead method to pinpoint integrity problems during testing.^[2] In early TCP/IP networks during the 1980s, CHARGEN found application in troubleshooting efforts to mimic traffic loads absent dedicated utilities.^[2]

Diagnostic Tools

CHARGEN, defined in RFC 864, serves as a basic tool for generating continuous streams of data or test patterns, enabling its integration with other network utilities to facilitate comprehensive diagnostics.^[2] Scripting integrations further enhance CHARGEN's diagnostic utility, particularly through tools like netcat (nc), which can automate sessions to capture and log output streams. For instance, netcat commands can initiate TCP or UDP connections to a CHARGEN server on port 19, redirecting responses to files for subsequent analysis of network behaviors such as jitter or packet reordering in automated test scripts.^[10] This method supports repeatable diagnostics by combining CHARGEN's predictable data generation with netcat's flexibility in handling connections and output processing. In legacy systems, CHARGEN formed part of standard network service suites in SunOS and early UNIX environments for basic network services.^[11] Similarly, early Cisco IOS implementations included CHARGEN among small servers for router interface testing, aiding in the evaluation of port functionality and basic traffic handling prior to more advanced configurations.^[12] However, CHARGEN's limitations in modern diagnostics stem from its fixed, non-configurable output, which lacks the precision for variable bandwidth, protocol-specific testing, or detailed metrics control. It has largely been superseded by tools like iperf, which offer greater flexibility in generating controlled traffic for accurate performance assessment.

Security Considerations

Inherent Vulnerabilities

The Character Generator Protocol (CHARGEN), as defined in RFC 864, operates in a stateless manner, maintaining no history or state information between interactions, particularly in its UDP implementation. This design lacks any mechanism for client verification or authentication, enabling any remote host to initiate requests and trigger the server to generate and transmit data without restriction. As a result, attackers can exploit this unauthenticated access to induce unlimited output from the server, potentially draining computational resources such as CPU and memory on vulnerable systems.^[2]^[13] The protocol's output is highly predictable, consisting of fixed sequences of ASCII printing characters arranged in 72-character lines that cycle through a sorted pattern of 95 printable characters, concluding each line with a carriage return and line feed. This deterministic generation process allows for easy spoofing of requests, as adversaries require no knowledge of internal server states or secrets to mimic legitimate traffic and elicit responses. In the UDP mode, responses are sent unicast to the source IP of the request, but the lack of source validation enables attackers to spoof the victim's IP, directing amplified responses toward the target.^[2]^[9] In TCP mode, CHARGEN provides a continuous stream of data upon connection establishment, transmitting characters indefinitely until the connection is terminated by either party, with no built-in rate limiting or throttling mechanisms specified in the protocol. This feature, intended for diagnostic purposes, can lead to sustained consumption of server CPU cycles for data generation and network bandwidth for transmission, particularly on systems lacking external safeguards. The protocol's reliance on underlying transport layer flow control, such as TCP's windowing, offers minimal protection against prolonged sessions, rendering it susceptible to resource exhaustion in environments where the service remains enabled.^[2]^[13]

Exploitation in Attacks

The Character Generator Protocol (CHARGEN) is frequently exploited in distributed denial-of-service (DDoS) amplification attacks, where adversaries spoof the victim's IP address in small UDP requests sent to publicly accessible CHARGEN servers. These servers, responding with large streams of character data—typically up to 512 bytes per response—direct the amplified traffic toward the target, creating a bandwidth multiplication effect. This results in amplification factors exceeding 350:1, allowing attackers to generate substantial volumetric floods with minimal outbound traffic from their controlled sources.^[14]^[5] CharGEN flood attacks have been documented in numerous incidents from 2014 onward, often leveraging botnet variants that target Internet of Things (IoT) devices with inadvertently enabled CHARGEN services for reflection. For instance, early exploits highlighted in 2014 involved widespread scanning for open CHARGEN reflectors, enabling volumetric assaults reaching up to 100 Gbps or more against enterprise networks. These attacks exploit the protocol's legacy design, turning misconfigured devices into unwitting amplifiers and contributing to sustained network disruptions in sectors like finance and e-commerce.^[3]^[15] In reflection techniques, CHARGEN is commonly integrated with other UDP-based protocols such as DNS and NTP to form multi-vector DDoS campaigns, overwhelming defenses through diverse traffic patterns. The preference for UDP mode stems from its stateless nature, which simplifies IP spoofing and evades basic source validation, allowing bots to impersonate the victim across multiple reflector pools without establishing connections. This combination enhances attack potency by distributing the reflective load and complicating mitigation efforts.^[16] In March 2024, researchers disclosed a new class of "Loop DoS" attacks targeting UDP application-layer protocols, including CHARGEN. These attacks exploit misconfigurations where two endpoints (e.g., a CHARGEN server and an ECHO server) continuously reflect and amplify traffic to each other, creating self-sustaining loops that can overwhelm networks with minimal attacker effort. Scans identified approximately 300,000 systems vulnerable to such loops involving CHARGEN, highlighting ongoing risks despite mitigation efforts. To counter Loop DoS, administrators should disable unnecessary UDP services, implement strict firewall rules to prevent inter-service communication, and monitor for anomalous traffic patterns.^[17]^[18] As of 2025, CHARGEN's role in standalone attacks has declined due to widespread adoption of ingress filtering and service disablement on exposed hosts, reducing the pool of available reflectors. However, it persists in hybrid attacks that blend amplification with direct floods, particularly targeting cloud infrastructure where rapid scaling can amplify service outages.^[19]^[15]

Practical Examples

Session Demonstration

A typical TCP session with the Character Generator Protocol (CHARGEN) begins when a client establishes a connection to port 19 on a server supporting the protocol.^[2] Upon connection, the server immediately starts transmitting a continuous stream of data without requiring any input from the client.^[2] This stream consists of lines, each containing 72 ASCII printable characters (from space at code 32 to tilde '~' at code 126), followed by a carriage return and line feed (CR LF).^[2] The characters cycle through a fixed sequence of 95 printable symbols in ascending ASCII order, with each subsequent line shifting the starting position by one character in the cycle.^[2] For example, the first line begins with a space followed by:

 !"# $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS
 !"# $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS

The second line shifts to start with '!':

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST

This pattern continues indefinitely, limited only by TCP flow control, until the client disconnects the session.^[2] In contrast, a UDP session involves sending a single datagram to the server's port 19, to which the server responds with one datagram containing a random number of characters (between 0 and 512) chosen from the same set of 95 printable ASCII characters.^[2] Unlike TCP, there is no persistent connection or continuity between requests; each UDP datagram elicits an independent response.^[2] Implementations often generate a contiguous segment from the cyclic sequence starting at a random offset, though the RFC does not specify the exact selection method. For instance, a request might yield a response beginning with characters such as:

 !"# $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO
 !"# $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO

illustrating a possible position in the cycle including the space.^[2] The response size varies to simulate network load without establishing state.^[2] To reproduce these sessions from the command line, users can employ tools like netcat (nc).^[2] For TCP, the command nc <host> 19 initiates a connection and displays the streaming output in real time, which can be captured by redirecting to a file (e.g., nc <host> 19 > output.txt) for verification against the expected cyclic pattern.^[2] For UDP, a simple datagram can be sent using echo "" | nc -u <host> 19, prompting a single response packet that can be observed via packet capture tools or logged output.^[2] The TCP session persists and generates data continuously until the client explicitly terminates the connection, such as by closing the socket or sending a control signal like Ctrl+C in an interactive terminal.^[2] UDP interactions, however, are inherently one-shot, completing with the immediate exchange of a single request-response pair per invocation.^[2]

Output Visualization

The Character Generator Protocol (CHARGEN), as defined in RFC 864, produces a continuous stream of printable ASCII characters ranging from space (ASCII 32) to tilde (ASCII 126), for a total of 95 distinct symbols. The output begins with the first line consisting of the initial 72 characters in this sequence, followed by a carriage return and line feed (CR LF). Each subsequent line shifts the starting position by one character forward, wrapping around modulo 95, creating a repeating, cyclical pattern that ensures no line exactly repeats another within the 95-line cycle.^[2] This shifting mechanism results in a visually distinctive diagonal progression when viewed as a block of text, where each line appears to scroll leftward relative to the previous one, evoking the effect of a scrolling marquee. To illustrate, the following excerpt shows the first five lines of a typical CHARGEN output stream (leading space on first line noted; characters represented as they appear in standard ASCII rendering):

 !"# $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTU
#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV
$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW
 !"# $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRS
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRST
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTU
#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUV
$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW

The pattern continues indefinitely until the connection is terminated, with lines 95 onward repeating the cycle from the first line. This representation highlights the uniform, predictable nature of the stream, which was designed for diagnostic testing of network throughput and reliability but also facilitates straightforward analysis due to its non-random structure.^[2] Notably, the protocol specifies no colors, fonts, or additional formatting; the output is purely a raw sequence of bytes representing these printable characters, terminated only by CR LF at the end of each 72-character line. For a more precise examination, especially to observe non-printable control sequences like CR LF or to inspect the raw byte stream beyond visual rendering, terminal emulators such as xterm or PuTTY, or hex viewers like xxd, are recommended tools. These allow users to connect via TCP or UDP on port 19 and capture the output in its native form, revealing the protocol's simplicity and adherence to basic ASCII standards.^[2]