In setting up my firewall to allow UltraVNC Server to function, I noticed that it sends UDP packets to my computer's default DNS server about twice per second. I am running the VNC server as a service.
What is the purpose of these persistent UDP packets and can this be turned off while still allowing UltraVNC server to accept connections?
Thank you for your help.
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Persistent DNS UDP Packets
Caused by Ultr@VNC
Are you sure it isn't caused by something else? If you stop the service does it continue?
I'm running RC18 and I don't have that happening.
I ran a packet capture and it didn't show ay UDP port 53 (DNS) until I forced DNS lookups.
I'm running RC18 and I don't have that happening.
I ran a packet capture and it didn't show ay UDP port 53 (DNS) until I forced DNS lookups.
It could be the Service helper sending the packets
Lenisham,
I am pretty sure the UDP packets are caused by VNC because the firewall log (ZoneAlarm Pro) specifically states that it is winvnc.exe that is sending the packets. However, your question led me to a possible clue. Before going to service manager to stop the service, I tried closing VNC using the VNC service helper icon in the systray. When I did this, the DNS packets stopped even though "closing VNC" did not actually stop the VNC Server service. The service still showed as "Started" and it still accepted connections from remote VNC clients.
Now the question is why having the service helper icon in the systray causes UDP packets to be sent. But at least I know a way to stop them. Thank you for your input.
By the way, I am using RC18 as well.
I am pretty sure the UDP packets are caused by VNC because the firewall log (ZoneAlarm Pro) specifically states that it is winvnc.exe that is sending the packets. However, your question led me to a possible clue. Before going to service manager to stop the service, I tried closing VNC using the VNC service helper icon in the systray. When I did this, the DNS packets stopped even though "closing VNC" did not actually stop the VNC Server service. The service still showed as "Started" and it still accepted connections from remote VNC clients.
Now the question is why having the service helper icon in the systray causes UDP packets to be sent. But at least I know a way to stop them. Thank you for your input.
By the way, I am using RC18 as well.
Re: It could be the Service helper sending the packets
Now that is interesting In all my experiences closing the icon actually stops the VNC service. It isn't a helper application it is the program itself. Are you sure someone hasn't added another version of VNC that dosen't display an icon?AC0132 wrote:Before going to service manager to stop the service, I tried closing VNC using the VNC service helper icon in the systray. When I did this, the DNS packets stopped even though "closing VNC" did not actually stop the VNC Server service. The service still showed as "Started" and it still accepted connections from remote VNC clients.
Where did you get your version from? Did you have a different VNC installed in the past?
Have you considered uninstalling VNC removing all the registry entries and reinstalling it?
Personally I have seen ZoneAlarm do some strange things so Io not trust it 100%. Have you considered doing a packet capture?
Zone Alarm may be the culprit
Lenisham,
Strangely, the capture program I tried did not find packets to correspond to the packets being detected by ZoneAlarm. To make sure ZoneAlarm wasn't preventing detection, I shut it down temporarily and still no UDP packets to the DNS server.
I have tried other versions of VNC before trying Ultra so I took your suggestion and uninstalled Ultra and removed all keys for any version I found in the registry. I also searched my entire computer for any stray copies of winvnc.exe and found none. After reinstalling Ultra, I still found the same behavior. ZoneAlarm detected packets from winvnc.exe to the default DNS server but the capture program detected no packets. One interesting point is that ZoneAlarm did not immediately start detecting the packets after installation even though the VNC Server service was started. It wasn't until after a reboot that Zone Alarm started logging the packets.
I got my copy of UltraVNC from Sourceforge.
By the way, I did figure out that the reason the "Close VNC" function of the service helper wasn't working was because ZoneAlarm was blocking a loopback. The service helper does successfully stop the VNC Server service when Zone Alarm is shut down. It looks like your instincts about ZoneAlarm are correct and it is the culprit in all of this. It is puzzling behavior.
Strangely, the capture program I tried did not find packets to correspond to the packets being detected by ZoneAlarm. To make sure ZoneAlarm wasn't preventing detection, I shut it down temporarily and still no UDP packets to the DNS server.
I have tried other versions of VNC before trying Ultra so I took your suggestion and uninstalled Ultra and removed all keys for any version I found in the registry. I also searched my entire computer for any stray copies of winvnc.exe and found none. After reinstalling Ultra, I still found the same behavior. ZoneAlarm detected packets from winvnc.exe to the default DNS server but the capture program detected no packets. One interesting point is that ZoneAlarm did not immediately start detecting the packets after installation even though the VNC Server service was started. It wasn't until after a reboot that Zone Alarm started logging the packets.
I got my copy of UltraVNC from Sourceforge.
By the way, I did figure out that the reason the "Close VNC" function of the service helper wasn't working was because ZoneAlarm was blocking a loopback. The service helper does successfully stop the VNC Server service when Zone Alarm is shut down. It looks like your instincts about ZoneAlarm are correct and it is the culprit in all of this. It is puzzling behavior.