Active Connections Viewer is wrong (or not)[RESOLVED]

I tried out two port listener applications, I set one(1) of them to listen on UDP ports. But the Active Connections Viewer(ACV) says it listens on TCP protocolls. Of course, if I set the app to listen on TCPs, Comodo shows TCP listenings. Strange…

The other(2) app I tried is set to listen UDP, but Comodo shows nothing of it at all. Active process list viewer shows the process, but Active Connections Viewer shows nothing. With setting to listen on TCP, everything is OK.

app(1) is Attacker 3.0(most of the antiviruses(including CAV) threat it as a malware, but it is not)
app(2) is PortPeeker

CPU: 32 bit

Have you looked at how programs likeTCPview or Netstat treat active connections? Seems to be the same as CFP. UDP is connectionless and doesn’t listen for incoming connection requests in the sense that TCP does-there aren’t any. With UDP you just get sent a datagram, and that is the end of it. With TCP you actually set up a bilateral connection and start passing a series of datagrams in both directions. UDP shows up only when actual traffic is being passed.

I see now. Thank you!

However Comodo still doesn’t show the connections of PortPeeker. TCPview shows it. Do you think it is a bug?

Don’t know port peeker. I have seen that the timouts for TCP connections are different for the different programs. Does port peeker actually set up a connection or is it just listening? If it is running and listening for tcp connections, it should show up in cfp3 also if it’s not blocked by CFP rules. If it is a packet sniffer, ??? Typical active connection view from my system is attached; seems to cover the things I know about.

[attachment deleted by admin]

It is not blocked by Comodo. PortPeeker is a packet sniffer. If I start it, it begins listening on the prtotocol and port I set. If I set it to listen on TCP protocol, it shows up in Active Connections Viewer. But if I set it to listen on UDP, it doesn’t show up. I’ve attached the pictures of both tcp and udp listenings.

[attachment deleted by admin]

Try sending out a DNS request and looking at ACV. CFP3 should show the UDP out, but not the listening for a return. Both ACV and TCPView treat it like this. I notice you have UDP listening on port 80, the http (tcp) port. Try port 53 and see what it does with DNS requests. Should show up as outbound from svchost.

What do you mean on ‘sending a DNS request’. Typing and loading a site in a web browser? I’m not an expert, sorry. ;D I’m a bit confused now. My problem is not that CFP does not show UDP connections. My problem is that it does not show PortPeeker.exe when I set PP to listen on UDP.

You have Port Peeker set to listen on a port that is not used much for UDP, so I suggested you change that so that you can see what the behavior is when there is actual UDP traffic on the port. You can just use your web browser to access a few sites, and compare what you see on ACV with what you see on PP. I suspect that PP uses “listen” in the generic sense, since it is a packet sniffer.

I tried many different UDP ports but still no signs of it in ACV.

I suspect you will never see a UDP “listen” by convention, but you should be able to see the UDP out occur briefly. I see UDP out from svchost in ACV (briefly) when I go to a new website from Opera.

I see UDP out from svchost in ACV

Yeah I see it too. UDP OUT with destination port 53 (as you mentioned before). I think my problem is solved now. You can close this thread if you want.

Thank you for your patience and help! (:WAV)

BTW, I don’t mean to discourage you from submitting this as a feature request at . I just don’t think it’s a bug, since it follows the convention that Microsoft seems to have adopted in tcpview and netstat for what is “listening”. And if more detailed information is required than the ACV summary, both are free and easy to use. There are other firewalls that do show all of the ports that are “listening” for UDP because they are open to inbound UDP traffic. It would make the ACV summary a little more complicated because of all the potential ports open for UDP traffic. I attached an active connection summary from the old Kerio 2.1.5 to show what it might look like.

[attachment deleted by admin]