Why is PE asking ZoneAlarm for Internet Access?

Discussion in 'Port Explorer' started by BeachComer, Jan 16, 2003.

Thread Status:
Not open for further replies.
  1. BeachComer

    BeachComer Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    4
    Good impression on first look. But why is it asking ZoneAlarm for Internet Access? Is it trying to "phone home"? Seems to work fine even though I told it "never".

    Thanks for reading!

    --BeachComer
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Greetings BeachComer,

    While we wait to hear from the Port Explorer experts, can you tell us what destination (site), protocol (TCP? UDP?) and port # is alerted by Zone Alarm when PE tries to access outward? This will tell us much about what PE is trying to do.

    Best wishes,
    LowWaterMark
     
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Hi Beachcomer, you may find it best to first read the help file regarding questions about Port Explorer because this is one of the questions answered in the "Troubleshooting -> Frequently Asked Questions" section.


    Why is Port Explorer listening on a port?
    This generally only applies to systems using a proxy service (such as Winsock proxy), such as workstations in a local area network.
    Port Explorer doesn't use any socket-opening/listening commands so it is not possible for Port Explorer itself to listen on a socket. However, Port Explorer uses several DNS-related functions (such as gethostbyname() and gethostbyaddr()), that, depending on your system configuration and whether or not you're using a proxy service, may cause a socket or possibly multiple sockets (UDP and/or TCP) to listen for returned DNS responses. If you see Port Explorer listening on any sockets, it is safe to assume they're just open for DNS address resolving.


    Port Explorer only "phone homes" when you select "Check for new version of Port Explorer" and "Check for new Databases" , both of which are only available in the registered version. It doesn't send any information in these calls which can be verified with Port Explorer's packet sniffer or some other 3rd party packet sniffer :)

    -Jason-
     
  4. BeachComer

    BeachComer Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    4
    Thanks for your help.

    >you may find it best to first read the help file

    Read the whole darn thing before finding out what I need to know? But the manual is so BIG...who has time to RTM? ;) But I DID search the Index and Search tabs in the Help File for ZoneAlarm, no joy. Then I searched this forum, no joy.

    Glad you had the answer. Thanks for taking the time to point me in the right direction (and give me the answer, to boot).

    --BeachComer
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Anyway BeachComer, as you want to resolve connections, whois, whois connected to ports, you need internet access to the whois servers; when i collect emails and don't keep certain ports for outgoing traffic or incoming closed, you'll see all those advertisers calling home for the images in the mail and spam, to name an example; closing such connections for data traffic still gives the ability to resolve and whois them, but they don't see traffic from and to you (you will not see the images in your spam mail, among others).
    It's of course a nice test for yourself to start PE when you're not connected to internet and see if there are unexpected processes connected to ports. We use TDS the process list as well of course, but possible red sockets and processes would alert us immediately if not connected to internet first place and what happens when we do connect, etc.
    Hope this explains some more.
     
  6. BeachComer

    BeachComer Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    4
    Ah! I forgot about the whois resolution -- I have always used a Favorites link for that before PE.

    Only pre-connection link I have shown is NAVAPW32 on 1025. Presuming that NAVAPW32 itself hasn't been taken over (which surely ZoneAlarm would notice, since it passes LeakTest), it would seem that I'm in good shape -- for now.

    Thanks for taking the time to explain that.

    --BeachComer
     
Thread Status:
Not open for further replies.