Weird continuous icmp connection on pfSense
-
@W5Ofwur1xtOmtk9ZBO
????
ICMP doesn't have connections. Each message stands alone. Also, it doesn't use ports, it uses message types.
-
@JKnott ok thank you. Then what does this state in pfTop mean?
-
@W5Ofwur1xtOmtk9ZBO
I don't know, I don't use pfTop.
-
pftop is just using the icmp ID as the port.. This is how it matches up return traffic to specific icmp IDs.. when you send a request, the reply will use the same ID..
-
I have deleted the state, but it just comes back (on the same port).
Then I restarted the other server and the state is gone. However, there is a new ICMP one but on a different port. This time it's 1228 instead of 3075
So you're saying that's normal?
-
What is that device at 192.168.1.20?
If you check the WAN you will see a similar old ICMP state that us pfSense pinging something to monitor the connection. I imagine that server is doing something similar.
Steve
-
@W5Ofwur1xtOmtk9ZBO said in Weird continuous icmp connection on pfSense:
. This time it's 1228 instead of 3075
Yeah because it changed the ID of the icmp request.. They are suppose to be random..
-
@johnpoz said in Weird continuous icmp connection on pfSense:
They are suppose to be random..
Unless it's Windows....fun the first time you see a ping fail from Windows because another Windows device has already opened that state.
-
Well even if random that "could" happen.. If you have enough devices on the network doing pings.. It would be random chance that they ping with the same ID to cause a problem at the firewall.
But that could be a bit a pain to track down ;) Failed ping - whats in the state table would prob be the very last place I would look ;)
-
Oh I've felt that pain!
