Re: why is svchost.exe actively monitoring these ports

From: Roger Abell {MVP} (mvpNOSPAM_at_asu.edu)
Date: 04/27/03 

Date: Sat, 26 Apr 2003 16:55:48 -0700

named service mappings for ports above 1024 are
(mostly) irrelevant and misleading. Ephemeral ports
are used on an as needed basis, usually to shift the
connection being established from the well-known
port which is thus kept open for establishing an
initial contact with the bound listener.
The ones you list below 1024 are for the time service
and RPC services. You would need to do more work
to track down what is bound to all those open above
1024. Take a look first thing after a reboot. 

-- 
Roger Abell
MS MVP (Security, Windows), MCDBA,  MCSE both
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"Robert R" <captain_bob@sympatico.ca> wrote in message news:071501c309a6$d12c5330$a501280a@phx.gbl...
> svchost.exe found listening at the following ports:
> 
> WELL KNOWN PORTS 0 TO 1023
> 
> 0123 udp ntp             Network Time Protocol
> 0135 udp epmap           DCE endpoint resolution
> 0135 tcp epmap           DCE endpoint resolution
> 
> REGISTERED PORTS 1024 TO 49151
> 
> 1025 tcp blackjack       network blackjack
> 1026 udp cap             Calender Access Protocol
> 1038 udp Unassigned port (1037-1039)
> 1043 udp Unassigned port (1041-1044)
> 1149 ??? Unassigned port (1124-1154)
> 1900 udp ssdp SSDP
> 2869 tcp icslap ICSLAP
> 3002 tcp remoteware-srv  RemoteWare Server
> 3003 tcp cgms            CGMS
> 3004 udp csoftragent     Csoft Agent
> 3005 udp geniuslm        Genius License Manager
> 3006 udp ii-admin        Instant Internet Admin
> 3011 udp trusted-web     Trusted Web
> 3017 udp event_listener  Event Listener
> 3018 udp srvc_registry   Service Registry
> 3051 udp galaxy-server   Galaxy Server
> 3328 udp egptlm          Eaglepoint License Manager
> 5000 tcp commplex-main
>

Relevant Pages
Quantcast