PDA

View Full Version : why is svchost.exe actively monitoring these ports

Robert R
December 5th 03, 07:36 PM
svchost.exe found listening at the following ports:

WELL KNOWN PORTS 0 TO 1023

0123 udp ntp Network Time Protocol
0135 udp epmap DCE endpoint resolution
0135 tcp epmap DCE endpoint resolution

REGISTERED PORTS 1024 TO 49151

1025 tcp blackjack network blackjack
1026 udp cap Calender Access Protocol
1038 udp Unassigned port (1037-1039)
1043 udp Unassigned port (1041-1044)
1149 ??? Unassigned port (1124-1154)
1900 udp ssdp SSDP
2869 tcp icslap ICSLAP
3002 tcp remoteware-srv RemoteWare Server
3003 tcp cgms CGMS
3004 udp csoftragent Csoft Agent
3005 udp geniuslm Genius License Manager
3006 udp ii-admin Instant Internet Admin
3011 udp trusted-web Trusted Web
3017 udp event_listener Event Listener
3018 udp srvc_registry Service Registry
3051 udp galaxy-server Galaxy Server
3328 udp egptlm Eaglepoint License Manager
5000 tcp commplex-main
Roger Abell {MVP}
December 5th 03, 07:42 PM
named service mappings for ports above 1024 are=20
(mostly) irrelevant and misleading. Ephemeral ports=20
are used on an as needed basis, usually to shift the=20
connection being established from the well-known=20
port which is thus kept open for establishing an=20
initial contact with the bound listener.
The ones you list below 1024 are for the time service=20
and RPC services. You would need to do more work=20
to track down what is bound to all those open above=20
1024. Take a look first thing after a reboot.

--=20
Roger Abell
MS MVP (Security, Windows), MCDBA, MCSE both
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone

"Robert R" > wrote in message =
...
> svchost.exe found listening at the following ports:
>=20
> WELL KNOWN PORTS 0 TO 1023
>=20
> 0123 udp ntp Network Time Protocol
> 0135 udp epmap DCE endpoint resolution
> 0135 tcp epmap DCE endpoint resolution
>=20
> REGISTERED PORTS 1024 TO 49151
>=20
> 1025 tcp blackjack network blackjack
> 1026 udp cap Calender Access Protocol
> 1038 udp Unassigned port (1037-1039)
> 1043 udp Unassigned port (1041-1044)
> 1149 ??? Unassigned port (1124-1154)
> 1900 udp ssdp SSDP
> 2869 tcp icslap ICSLAP
> 3002 tcp remoteware-srv RemoteWare Server
> 3003 tcp cgms CGMS
> 3004 udp csoftragent Csoft Agent
> 3005 udp geniuslm Genius License Manager
> 3006 udp ii-admin Instant Internet Admin
> 3011 udp trusted-web Trusted Web
> 3017 udp event_listener Event Listener
> 3018 udp srvc_registry Service Registry
> 3051 udp galaxy-server Galaxy Server
> 3328 udp egptlm Eaglepoint License Manager
> 5000 tcp commplex-main
>
Google