Results 1 to 4 of 4

Thread: heavy packet loopback

  1. #1

    Question heavy packet loopback

    --> Hola! this is my second thread in a similar vein.
    --> Before even plugging in the DSL modem today, Tiny Firewall Status screen was showing large packets counts leaving one port and the exact number returning in other port. Outgoing port was for PFWADMIN.EXE, while incoming port was for PERSFW.EXE. Now, I had originally thought the problem was the modem, and i downloaded TPF so i could see which ports were doing what, so the packet flows predate TPF installation. Apparently, ZoneAlarm had same huge flows, i just couldn't see it w/no port viewer.
    --> Any idea what this may be or how to stop it?
    --> Netstat -s , produced following snapshot in the minutes before I got online:

    PACKETS RECEIVED: 4614
    RECEIVED PACKETS DELIVERED: 4614
    OUTPUT REQUESTS: 4614
    ...
    SEGMENTS RECEIVED: 4610
    SEGMENTS SENT: 4610

    --> I Feel like i am missing something obvious, please tell me what i am missing
    Thanks
    Obey All Orders Without Question...The comfort you\'ve demanded is now mandatory. --Jello Biafra

  2. #2
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Uhm... persfw.exe and pfwadmin.exe are both part of the Tiny firewall. The "Status viewer" window is getting it's information via that localhost connection to the actual firewall itself... basically, the status window is a client for connecting to the firewall, and in this case, your computer has both on it. (They made it this way so that you could remotely view and administer the firewall.)

    AFAIK the Persfw-Pfwadmin connection is only on when you are viewing the firewall info or changing rules... so I would ignore those two programs, since those do not predate the firewall installation )

    Are there *other* high-density flows? What about when online?
    [HvC]Terr: L33T Technical Proficiency

  3. #3

    Arrow reply

    --> Thanks Terr. In answer to your question, there are only the heavy packet flows on those two ports (for TPF: persfw.exe and pfwadmin.exe , in and out) EVEN WHEN ONLINE. Since the heavy flows were evident during the previous firewall installation (ZoneAlarmPro), I am guessing that they too were using the ZoneAlarm in-and-out ports, for the corresponding ZoneAlarm Exe's. I'm not sure if they are evidence of a problem or just a harmless glitch.

    --> Since it happens offline, I am guessing no real trouble exists, but this guess is based on my present knowledge (not much).

    --> Just a thought, is there a way i can discern what information is IN the packets?
    Obey All Orders Without Question...The comfort you\'ve demanded is now mandatory. --Jello Biafra

  4. #4

    Talking another clue

    --> I tried opening Windows Task Manager before starting up firewall, then enabled firewall. Memory usage increases, no surprise there, but the graph of memory usage shows an oscillation of usage from almost none up to max usage, constantly, in near vertical peaks and valleys. These pulses coincide w/ packet bursts to the 127.0.0.0 loopback address, out one port and in the other. Disabling the Tiny firewall returns memory usage to a more homeostatic usage graph.
    --> Any ideas? (or rather, am I just fascinated with bright shiny objects?)
    Obey All Orders Without Question...The comfort you\'ve demanded is now mandatory. --Jello Biafra

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •