Re: What are these ports?
From: Ken Wickes [MSFT] (kenwic_at_online.microsoft.com)
Date: 12/01/04
- Next message: Richard G. Harper: "Re: Logon Credentials set via logon script?"
- Previous message: Carey Holzman: "Re: Home Network access to SOME folders lost"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Nov 2004 16:20:23 -0800
"TC" <fake@fake.fak> wrote in message
news:5b3oq0ld13abr03rfnq9i7ob0a7c39t60u@4ax.com...
> On Mon, 29 Nov 2004 14:07:47 -0800, "Ken Wickes [MSFT]"
> <kenwic@online.microsoft.com> wrote:
>
>>TIME_WAIT is a TCP thing. Basically when a computer closes a connection
>>properly it keeps the connection around long enough to make sure the close
>>handshaking goes through. I think it's like two minutes.
>>
>>re: *.*. Unlike TCP, UDP doesn't maintain an active connection, it's
>>either open or closed. So there is no remote address to supply, the
>>packets
>>can come from anywhere.
>>
>>It would be nice if there was a master list of what each port was for, but
>>it would just be a convention. Nothing guarantees that I'm talking SSDP
>>on
>>port 1900. netstat -o will give you the process id of the module owning
>>the
>>socket. That's probably more interesting.
>
>
> Ken,
>
> Thank you for the reply. I hope you have some extra time to
> answer a follow question or more :)
>
> But more importently THANK YOU for telling me about netstat -o
> that has helped me track down more information so I can ask more
> directed questions.
>
> First I have seen the Time Wait sit there forever or till I
> shut down my computer what comes first. I usually need to block it at
> an external firewall or play with my host file to that it can't ever
> connect in the first place. Why is that?
>
> Ok,
>
> The only protocol I am running right now is the TCP/IP suite.
> I got rid of the client for file/printer sharing. I have no simple
> network services (or however MS words it) from the compontents on the
> CD.
> So I am trying to figure out why daytime, time, and ntp are
> there. I do have MS NTP client turned off.
> What is epmap?
> what is microsoft-ds?
> netbios-ssn?
> netbios-dgm?
> netbios-ns?
>
> Since I am not using NetBios why does it seem that the ports are open?
>
> I'm trying to figure out port 1026 and 1030.
> 1026 seems to be alg.exe
> 1030 seems to be ccApp.exe
>
> Anyone have any idea what these are?
>
> ports 1034 and 1455 are svchost.exe
> port 3434 is ddusrv.exe that I bleive is a client that I use and I'm
> going to be E-mailing the aurther that now.
>
>
> Now, as far as XP is concerned is there a way to shot down (stealth or
> close) these ports? If so and can you point me in the right direction
> of the ramafacations?
>
> Thank you,
>
> TC
>
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP earth:daytime earth:0 LISTENING
> TCP earth:time earth:0 LISTENING
> TCP earth:epmap earth:0 LISTENING
> TCP earth:microsoft-ds earth:0 LISTENING
> TCP earth:1026 earth:0 LISTENING
> TCP earth:1030 earth:0 LISTENING
> TCP earth:netbios-ssn earth:0 LISTENING
>
> UDP earth:daytime *:*
> UDP earth:time *:*
> UDP earth:ntp *:*
> UDP earth:microsoft-ds *:*
> UDP earth:1034 *:*
> UDP earth:1455 *:*
> UDP earth:3434 *:*
> UDP earth:netbios-ns *:*
> UDP earth:netbios-dgm *:*
Not sure about the time_wait forever thing. It may be that the app is
forgetting to close the socket.
Searching google will probably give better descriptions for the protocols
than I can give.
Alg.exe supports the windows firewall and ICS.
ccApp is not part of Windows as far as I know.
You will still be using NetBIOS locally even if you aren't using it over the
network.
I wouldn't worry too much about the ports as long as the owning process is
legit. Running the firewall should provide adequate protection.
-- Ken Wickes [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Richard G. Harper: "Re: Logon Credentials set via logon script?"
- Previous message: Carey Holzman: "Re: Home Network access to SOME folders lost"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
