Windows firewall blocking but switch lights flashing?

Radiation · 3 Aug 2013 at 14:42

If a program is blocked from connecting to the internet why do the switch lights still flash when it's running?

I did a quick test after i blocked something and noticed the activity, once nothing was running i did the same with firefox, tcpview shows no active connections but when i refresh a page the lights flash which doesn't make any sense if it's actually blocked, however firefox doesn't load it so it must be working? :confused:

Caged · 3 Aug 2013 at 15:13

You can't use the switch activity lights as a way of monitoring TCP/IP traffic, they work at a much lower level than that.

Radiation · 3 Aug 2013 at 15:30

Why do they flash though if windows is supposedly blocking outgoing connections?

Woden · 3 Aug 2013 at 15:33

There is always something going down the line as long as the port is connected and powered.

Radiation · 3 Aug 2013 at 16:14

Woden said:
There is always something going down the line as long as the port is connected and powered.

No i said this was tested with no activity, it only flashed when i tried loading a website in firefox or i ran the program i wanted blocked.

Caged · 3 Aug 2013 at 16:25

If your PC is connected to a switch and the port is enabled there is no such thing as 'no activity'. The lights seeming to stop flashing when Firefox wasn't doing anything was a coincidence.

The only way to see exactly what's going on is to get a switch that supports port mirroring and run everything through Wireshark.

Woden · 3 Aug 2013 at 16:34

Radiation said:
No i said this was tested with no activity, it only flashed when i tried loading a website in firefox or i ran the program i wanted blocked.

Like I said, there is ALWAYS something going down the line. Sometimes it is just your router and/or PC saying "duuude im still here!".

Install WireShark and watch it for a while. You would be surprised at just how much is sent and received even when the PC is sitting idle.

Edit: For example I just ran it with nothing running and left it for 5 mins, 857 packets of data recorded.

Radiation · 3 Aug 2013 at 17:50

Guys i get what you're saying but the flashing is directly related to my trying to connect, for example i could sit and wait with nothing running and see no flashing for as long as i want, yet when i block firefox and try loading a page the lights flash but i get no page, windows is sending something to the router and my switch lights flash, what exactly is happening im not sure, is it perhaps dns being checked but no actual connections from firefox or something else? perhaps windows firewall simply routes the packets to nowhere?

MrMoonX · 3 Aug 2013 at 21:04

It's working why do u care that your switch is receiving activity

Moley · 26 Nov 2015 at 16:35

You might be blocking the HTTP traffic but DNS resolution will still be taking place - that is likely your 'flashing'. Load up Wireshark as previously suggested and enlighten yourself to the wonderful world of L2/L3 packet analysis.

Orcvader · 26 Nov 2015 at 16:37

Break the lights on the port, then it will stop flashing

.

bluebeatle · 26 Nov 2015 at 16:46

Will be Firefox running other tasks and triggering things like a DNS lookup. not necessarily traffic to the blocked site.

Phal · 26 Nov 2015 at 18:27

Network lights will flash whether you're doing anything or not :/ If you've got any other devices on your network then it could be traffic coming from them to your computer...

If you want to know what's happening then you can use Wireshark or Microsoft Network Monitor but the data you get there probably won't mean much to you.

Alternatively you can check the Windows Resouce Monitor in the network section to see what else has connections to anything off your computer but I wouldn't worry about it.

Steveocee · 26 Nov 2015 at 19:23

You are blocking all outbound traffic and the switch activity lights are a problem.

Solution: Unplug RJ45, Windows will stop sending traffic and the switch light will be off.

Woden · 26 Nov 2015 at 19:28

Necrophilia!