Hall of Fame

1. oBdA72,189
2. Chris-Dent15,466
3. MikeKane12,750
4. ChiefIT11,525
5. demazter10,600
6. giltjr10,400
7. dariusg8,060
8. mkline717,500
9. Shift-36,422
10. bbao6,352
11. dstewartjr5,890
12. johnb67675,363
13. Qlemo5,000
13. Mestha5,000
15. PriceD4,800
16. jhyiesla4,700
17. leew4,650
18. rindi4,500
19. RobWill4,400
20. aktharcho...4,375
21. from_exp4,200
22. PeteJTho...4,002
23. lanboyo4,000
23. mutahir4,000
23. tigermatt4,000
23. greenhacks4,000
23. Darr2474,000
23. zelron224,000
23. DCMBS4,000
23. farazhkhan4,000

1. bbao710,118
2. oBdA484,297
3. masterbaker311,712
4. SysExpert206,332
5. nazirahmed182,113
6. leew175,592
7. lrmoore148,785
8. dimante114,018
9. tim_holman107,795
10. PeteLong97,563
11. Chris-Dent90,132
12. JammyPak78,793
13. andyalder75,351
14. TooKoolKris73,117
15. sirbounty71,369
16. rhandels71,325
17. RobWill68,740
18. rindi67,974
19. hstiles62,579
20. diggisaur61,811
21. MikeKane58,020
22. meverest57,612
23. jhance52,120
24. KCTS41,784
25. snimmaga39,640

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

5.8

TCP Port Identification

Asked by kdicus in Windows NT Networking

Tags: port, tcp

I don't know why, but I have recently gotten it into my head that I absolutely must figure out what is coming in and going out of my Windows XP Professional machine.

Could some one who REALLY knows what they're talking about please give me their thoughts.
Here is the exact information from Essential Nettools showing the TCP ports that are currently active:
TCP 0.0.0.0 port 135 Listen c:\windows\system32\svchost.exe
TCP 0.0.0.0 port 445 Listen System
TCP 0.0.0.0 port 1025 Listen c:\windows\system32\svchost.exe
TCP 0.0.0.0 port 1033 Listen System
TCP 0.0.0.0 port 1052 Listen c:\program files\messenger\msmsgs.exe
TCP 192.168.0.4 port 139 Listen System
TCP 192.168.0.4 port 1052 Established c:\program files\messenger\msmsgs.exe
TCP 192.168.0.4 port 9147 Listen c:\program files\messenger\msmsgs.exe

I am relatively experienced at networking, but not an expert. Here is my analysis along with a couple of specific questions.

My laptop is connected to a Windows 2003 domain controller and I am logged in. Focusing on TCP first. I have turned off all the services that I possibly can.

I know that the entry 192.168.0.4 port 139 and port 9147 are for the DHCP client.
192.168.0.4 and 0.0.0.0 port 1052 is my connection from Outlook Express to the newsgroup.

That leaves the following entries.

port 135
port 445
port 1025
port 1033

Most times, there is also a port 1027, but it wasn't there when I did the screen shot.

Also, these are the services that are running on my machine with notes.

****Event Log****
No option to stop this service

****Plug and Play****
No option to stop this service

****Remote Access Connection Manager****
Get the message, "Could not stop the Remote Access Connection Manager service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, contact your system administrator."

****Remote Procedure Call (RPC)****
No option to stop this service

****Security Accounts Manager****
No option to stop this service

****Telephony****
Message says that the Remote Access Connection Manager will also stop.

****Terminal Services****
No option to stop this service

****Windows Audio****
No option to stop this service

Every other service is turned off.

From my reading, it seems that ports 135 and 445 are very deeply rooted in Windows networking. But, I'm really interested in what is *really* going on through these ports. What kind of traffic moves in and out?

I don't have any idea what is going on with the other ports.

I'm not worried about the UDP ports at this point. I want to figure out the TCP first, then I'll move on.

Any help would be appreciated.

--
Kurt Dicus

View the Solution FREE for 30 Days

TCP Port Identification

Asked by kdicus in Windows NT Networking

Tags: port, tcp

About this solution