If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
What are these ports?
Hello,
I was wondering if someone might be able to help me with a few netstat questions. Doing netstat I get this: Proto Local Address Foreign Address State TCP earth:1043 localhost:2042 TIME_WAIT TCP earth:1043 localhost:2043 TIME_WAIT TCP earth:2041 localhost:1043 TIME_WAIT Doing netstat -a I get this Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:3389 earth:0 LISTENING TCP earth:1028 earth:0 LISTENING TCP earth:1043 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:isakmp *:* UDP earth:1026 *:* UDP earth:1287 *:* UDP earth:3434 *:* UDP earth:4500 *:* UDP earth:1773 *:* UDP earth:1850 *:* UDP earth:1900 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* UDP earth:1900 *:* I understand that what Proto mean s and local address and the state mean. Except what is time_wait and the *.* More importently what are the ports? What's running on what and what does it do? How do I close them, stop them, stealth them out and all that fun things. I've looked some things up and I'm not finding to much info besides that such and such might use it but the such and such are trogens and warms and all the fun nasties. but these ports have been open since relinstalling XP Pro. ANy thoughts? Thank you, TC |
Ads |
#2
|
|||
|
|||
What are these ports?
TC,
Take a look at www.grc.com and snoop around a bit. Do the port probe test "Shields Up" then when you see the results screen you can scroll down and see any vulnerabilities plus read about all the ports. A simple search on Google for "TCP Ports" will get you about a gazillion hits. Bob S. "TC" wrote in message ... Hello, I was wondering if someone might be able to help me with a few netstat questions. Doing netstat I get this: Proto Local Address Foreign Address State TCP earth:1043 localhost:2042 TIME_WAIT TCP earth:1043 localhost:2043 TIME_WAIT TCP earth:2041 localhost:1043 TIME_WAIT Doing netstat -a I get this Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:3389 earth:0 LISTENING TCP earth:1028 earth:0 LISTENING TCP earth:1043 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:isakmp *:* UDP earth:1026 *:* UDP earth:1287 *:* UDP earth:3434 *:* UDP earth:4500 *:* UDP earth:1773 *:* UDP earth:1850 *:* UDP earth:1900 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* UDP earth:1900 *:* I understand that what Proto mean s and local address and the state mean. Except what is time_wait and the *.* More importently what are the ports? What's running on what and what does it do? How do I close them, stop them, stealth them out and all that fun things. I've looked some things up and I'm not finding to much info besides that such and such might use it but the such and such are trogens and warms and all the fun nasties. but these ports have been open since relinstalling XP Pro. ANy thoughts? Thank you, TC |
#3
|
|||
|
|||
What are these ports?
Bob,
Thank you for the info. I have taken a look at grc.com but with the ports I have listed it didn't seem to help to much at most it had a name. Do you or anyone else have any other infomation? Thank you, TC On Wed, 24 Nov 2004 20:23:59 -0500, "Bob S." wrote: TC, Take a look at www.grc.com and snoop around a bit. Do the port probe test "Shields Up" then when you see the results screen you can scroll down and see any vulnerabilities plus read about all the ports. A simple search on Google for "TCP Ports" will get you about a gazillion hits. Bob S. "TC" wrote in message .. . Hello, I was wondering if someone might be able to help me with a few netstat questions. Doing netstat I get this: Proto Local Address Foreign Address State TCP earth:1043 localhost:2042 TIME_WAIT TCP earth:1043 localhost:2043 TIME_WAIT TCP earth:2041 localhost:1043 TIME_WAIT Doing netstat -a I get this Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:3389 earth:0 LISTENING TCP earth:1028 earth:0 LISTENING TCP earth:1043 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:isakmp *:* UDP earth:1026 *:* UDP earth:1287 *:* UDP earth:3434 *:* UDP earth:4500 *:* UDP earth:1773 *:* UDP earth:1850 *:* UDP earth:1900 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* UDP earth:1900 *:* I understand that what Proto mean s and local address and the state mean. Except what is time_wait and the *.* More importently what are the ports? What's running on what and what does it do? How do I close them, stop them, stealth them out and all that fun things. I've looked some things up and I'm not finding to much info besides that such and such might use it but the such and such are trogens and warms and all the fun nasties. but these ports have been open since relinstalling XP Pro. ANy thoughts? Thank you, TC |
#4
|
|||
|
|||
What are these ports?
Hi
You did not indicate the nature of your system. In a network setting ports might be open locally for Network and application purposes. Nothing is wrong with it. However if ports are open to the Internet it might be a problem. The GRC site has a page that scans your system through the Internet and let you know the status of the ports as reflects to the Internet. More he Cable/DSL Routers, NAT & Ports - http://www.ezlan.net/routers1.html Internet -Basic protection: http://www.ezlan.net/firewall.html Internet Infestation: http://www.ezlan.net/infestation.html Basic Steps in cleaning Internet "Junk" - http://www.ezlan.net/clean.html Jack (MVP-Networking). "TC" wrote in message ... Hello, I was wondering if someone might be able to help me with a few netstat questions. Doing netstat I get this: Proto Local Address Foreign Address State TCP earth:1043 localhost:2042 TIME_WAIT TCP earth:1043 localhost:2043 TIME_WAIT TCP earth:2041 localhost:1043 TIME_WAIT Doing netstat -a I get this Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:3389 earth:0 LISTENING TCP earth:1028 earth:0 LISTENING TCP earth:1043 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:isakmp *:* UDP earth:1026 *:* UDP earth:1287 *:* UDP earth:3434 *:* UDP earth:4500 *:* UDP earth:1773 *:* UDP earth:1850 *:* UDP earth:1900 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* UDP earth:1900 *:* I understand that what Proto mean s and local address and the state mean. Except what is time_wait and the *.* More importently what are the ports? What's running on what and what does it do? How do I close them, stop them, stealth them out and all that fun things. I've looked some things up and I'm not finding to much info besides that such and such might use it but the such and such are trogens and warms and all the fun nasties. but these ports have been open since relinstalling XP Pro. ANy thoughts? Thank you, TC |
#5
|
|||
|
|||
What are these ports?
Hi Jack,
Well, I'm running XP Pro with Nortan Anti-Virus and using it's equivalent to MS Firewall instead of MS Firewall. The Computer is behind a router/firewall which does NAT and PSI. I have run GRC and several others who say ports are stealth. While, my understandng is that these are probally ports open for local things but it still bugs me that MS has these ports open and doesn't make it easy to find out what they do and all the ins and outs of them or how to shut them off and the ramafications. The other reason is while admitidly it's ona home network not everyone here keeps smart about what they are downloading so I want to secury my system to protect myself from there stupidity. I'll take a look at the sites you provided but I am looking for a bit more insight. Thank you again. BTW: What is MVP-Networking? TC On Thu, 25 Nov 2004 17:20:36 -0500, "Jack" wrote: Hi You did not indicate the nature of your system. In a network setting ports might be open locally for Network and application purposes. Nothing is wrong with it. However if ports are open to the Internet it might be a problem. The GRC site has a page that scans your system through the Internet and let you know the status of the ports as reflects to the Internet. More he Cable/DSL Routers, NAT & Ports - http://www.ezlan.net/routers1.html Internet -Basic protection: http://www.ezlan.net/firewall.html Internet Infestation: http://www.ezlan.net/infestation.html Basic Steps in cleaning Internet "Junk" - http://www.ezlan.net/clean.html Jack (MVP-Networking). "TC" wrote in message .. . Hello, I was wondering if someone might be able to help me with a few netstat questions. Doing netstat I get this: Proto Local Address Foreign Address State TCP earth:1043 localhost:2042 TIME_WAIT TCP earth:1043 localhost:2043 TIME_WAIT TCP earth:2041 localhost:1043 TIME_WAIT Doing netstat -a I get this Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:3389 earth:0 LISTENING TCP earth:1028 earth:0 LISTENING TCP earth:1043 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:isakmp *:* UDP earth:1026 *:* UDP earth:1287 *:* UDP earth:3434 *:* UDP earth:4500 *:* UDP earth:1773 *:* UDP earth:1850 *:* UDP earth:1900 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* UDP earth:1900 *:* I understand that what Proto mean s and local address and the state mean. Except what is time_wait and the *.* More importently what are the ports? What's running on what and what does it do? How do I close them, stop them, stealth them out and all that fun things. I've looked some things up and I'm not finding to much info besides that such and such might use it but the such and such are trogens and warms and all the fun nasties. but these ports have been open since relinstalling XP Pro. ANy thoughts? Thank you, TC |
#6
|
|||
|
|||
What are these ports?
TIME_WAIT is a TCP thing. Basically when a computer closes a connection
properly it keeps the connection around long enough to make sure the close handshaking goes through. I think it's like two minutes. *.*. Unlike TCP, UDP doesn't maintain an active connection, it's either open or closed. So there is no remote address to supply, the packets can come from anywhere. It would be nice if there was a master list of what each port was for, but it would just be a convention. Nothing guarantees that I'm talking SSDP on port 1900. netstat -o will give you the process id of the module owning the socket. That's probably more interesting. -- Ken Wickes [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "TC" wrote in message ... Hi Jack, Well, I'm running XP Pro with Nortan Anti-Virus and using it's equivalent to MS Firewall instead of MS Firewall. The Computer is behind a router/firewall which does NAT and PSI. I have run GRC and several others who say ports are stealth. While, my understandng is that these are probally ports open for local things but it still bugs me that MS has these ports open and doesn't make it easy to find out what they do and all the ins and outs of them or how to shut them off and the ramafications. The other reason is while admitidly it's ona home network not everyone here keeps smart about what they are downloading so I want to secury my system to protect myself from there stupidity. I'll take a look at the sites you provided but I am looking for a bit more insight. Thank you again. BTW: What is MVP-Networking? TC On Thu, 25 Nov 2004 17:20:36 -0500, "Jack" wrote: Hi You did not indicate the nature of your system. In a network setting ports might be open locally for Network and application purposes. Nothing is wrong with it. However if ports are open to the Internet it might be a problem. The GRC site has a page that scans your system through the Internet and let you know the status of the ports as reflects to the Internet. More he Cable/DSL Routers, NAT & Ports - http://www.ezlan.net/routers1.html Internet -Basic protection: http://www.ezlan.net/firewall.html Internet Infestation: http://www.ezlan.net/infestation.html Basic Steps in cleaning Internet "Junk" - http://www.ezlan.net/clean.html Jack (MVP-Networking). "TC" wrote in message . .. Hello, I was wondering if someone might be able to help me with a few netstat questions. Doing netstat I get this: Proto Local Address Foreign Address State TCP earth:1043 localhost:2042 TIME_WAIT TCP earth:1043 localhost:2043 TIME_WAIT TCP earth:2041 localhost:1043 TIME_WAIT Doing netstat -a I get this Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:3389 earth:0 LISTENING TCP earth:1028 earth:0 LISTENING TCP earth:1043 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:isakmp *:* UDP earth:1026 *:* UDP earth:1287 *:* UDP earth:3434 *:* UDP earth:4500 *:* UDP earth:1773 *:* UDP earth:1850 *:* UDP earth:1900 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* UDP earth:1900 *:* I understand that what Proto mean s and local address and the state mean. Except what is time_wait and the *.* More importently what are the ports? What's running on what and what does it do? How do I close them, stop them, stealth them out and all that fun things. I've looked some things up and I'm not finding to much info besides that such and such might use it but the such and such are trogens and warms and all the fun nasties. but these ports have been open since relinstalling XP Pro. ANy thoughts? Thank you, TC |
#7
|
|||
|
|||
What are these ports?
On Mon, 29 Nov 2004 14:07:47 -0800, "Ken Wickes [MSFT]"
wrote: TIME_WAIT is a TCP thing. Basically when a computer closes a connection properly it keeps the connection around long enough to make sure the close handshaking goes through. I think it's like two minutes. *.*. Unlike TCP, UDP doesn't maintain an active connection, it's either open or closed. So there is no remote address to supply, the packets can come from anywhere. It would be nice if there was a master list of what each port was for, but it would just be a convention. Nothing guarantees that I'm talking SSDP on port 1900. netstat -o will give you the process id of the module owning the socket. That's probably more interesting. Ken, Thank you for the reply. I hope you have some extra time to answer a follow question or more But more importently THANK YOU for telling me about netstat -o that has helped me track down more information so I can ask more directed questions. First I have seen the Time Wait sit there forever or till I shut down my computer what comes first. I usually need to block it at an external firewall or play with my host file to that it can't ever connect in the first place. Why is that? Ok, The only protocol I am running right now is the TCP/IP suite. I got rid of the client for file/printer sharing. I have no simple network services (or however MS words it) from the compontents on the CD. So I am trying to figure out why daytime, time, and ntp are there. I do have MS NTP client turned off. What is epmap? what is microsoft-ds? netbios-ssn? netbios-dgm? netbios-ns? Since I am not using NetBios why does it seem that the ports are open? I'm trying to figure out port 1026 and 1030. 1026 seems to be alg.exe 1030 seems to be ccApp.exe Anyone have any idea what these are? ports 1034 and 1455 are svchost.exe port 3434 is ddusrv.exe that I bleive is a client that I use and I'm going to be E-mailing the aurther that now. Now, as far as XP is concerned is there a way to shot down (stealth or close) these ports? If so and can you point me in the right direction of the ramafacations? Thank you, TC Active Connections Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:1026 earth:0 LISTENING TCP earth:1030 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:1034 *:* UDP earth:1455 *:* UDP earth:3434 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* |
#8
|
|||
|
|||
What are these ports?
"TC" wrote in message ... On Mon, 29 Nov 2004 14:07:47 -0800, "Ken Wickes [MSFT]" wrote: TIME_WAIT is a TCP thing. Basically when a computer closes a connection properly it keeps the connection around long enough to make sure the close handshaking goes through. I think it's like two minutes. *.*. Unlike TCP, UDP doesn't maintain an active connection, it's either open or closed. So there is no remote address to supply, the packets can come from anywhere. It would be nice if there was a master list of what each port was for, but it would just be a convention. Nothing guarantees that I'm talking SSDP on port 1900. netstat -o will give you the process id of the module owning the socket. That's probably more interesting. Ken, Thank you for the reply. I hope you have some extra time to answer a follow question or more But more importently THANK YOU for telling me about netstat -o that has helped me track down more information so I can ask more directed questions. First I have seen the Time Wait sit there forever or till I shut down my computer what comes first. I usually need to block it at an external firewall or play with my host file to that it can't ever connect in the first place. Why is that? Ok, The only protocol I am running right now is the TCP/IP suite. I got rid of the client for file/printer sharing. I have no simple network services (or however MS words it) from the compontents on the CD. So I am trying to figure out why daytime, time, and ntp are there. I do have MS NTP client turned off. What is epmap? what is microsoft-ds? netbios-ssn? netbios-dgm? netbios-ns? Since I am not using NetBios why does it seem that the ports are open? I'm trying to figure out port 1026 and 1030. 1026 seems to be alg.exe 1030 seems to be ccApp.exe Anyone have any idea what these are? ports 1034 and 1455 are svchost.exe port 3434 is ddusrv.exe that I bleive is a client that I use and I'm going to be E-mailing the aurther that now. Now, as far as XP is concerned is there a way to shot down (stealth or close) these ports? If so and can you point me in the right direction of the ramafacations? Thank you, TC Active Connections Proto Local Address Foreign Address State TCP earth:daytime earth:0 LISTENING TCP earth:time earth:0 LISTENING TCP earth:epmap earth:0 LISTENING TCP earth:microsoft-ds earth:0 LISTENING TCP earth:1026 earth:0 LISTENING TCP earth:1030 earth:0 LISTENING TCP earth:netbios-ssn earth:0 LISTENING UDP earth:daytime *:* UDP earth:time *:* UDP earth:ntp *:* UDP earth:microsoft-ds *:* UDP earth:1034 *:* UDP earth:1455 *:* UDP earth:3434 *:* UDP earth:netbios-ns *:* UDP earth:netbios-dgm *:* Not sure about the time_wait forever thing. It may be that the app is forgetting to close the socket. Searching google will probably give better descriptions for the protocols than I can give. Alg.exe supports the windows firewall and ICS. ccApp is not part of Windows as far as I know. You will still be using NetBIOS locally even if you aren't using it over the network. I wouldn't worry too much about the ports as long as the owning process is legit. Running the firewall should provide adequate protection. -- Ken Wickes [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
USB (additional ports) question... | pawhe | Hardware and Windows XP | 1 | October 29th 04 08:32 PM |
How to check what uses COM ports | pjs2004 | Hardware and Windows XP | 1 | September 21st 04 03:59 PM |
break in msn 6.2 voice conversation | Shirley | Microsoft Messenger | 22 | September 21st 04 11:39 AM |
HI-SPEED USB Device Plugged into non-HI-SPEED USB Hub | DmsTech | Windows XP Help and Support | 14 | September 12th 04 02:55 AM |
HI-SPEED USB Device Plugged into non-HI-SPEED USB Hub | DmsTech | General XP issues or comments | 29 | September 12th 04 02:55 AM |