Security Basics mailing list archives

Re: Port TCP/8000

From: James Lee Bell <nuclear-cowboy () cox net>
Date: Fri, 01 Nov 2002 14:09:04 -0700

Use activeports or fportng to figure out which processes/programs areattached to which ports. Some quickies from your list:111: RPC; 135: Windows networking equivalent of RPC; 445: ActiveDirectory listener; 1025-1046 probably windows networking things likemessenger and such, which the process behind 135 knows about and willdistribute requests to this group.


Carl R Diliberto wrote:

I got such great responses to my last questions, thanks to all those who
responded, I got brownie points with the boss! :o)

I have a newly built Dell PowerEdge Server and now have ports open I can't
explain clearly to government management.  .

Results of Netstat -an below:

Active Connections
     Proto  Local Address          Foreign Address        State
     TCP    0.0.0.0:111            0.0.0.0:0              LISTENING
     TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
     TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1032           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1041           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1044           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1045           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1046           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:1311           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:3372           0.0.0.0:0              LISTENING
     TCP    0.0.0.0:8000           0.0.0.0:0              LISTENING
     TCP    127.0.0.1:1043         0.0.0.0:0              LISTENING
     TCP    127.0.0.1:1043         127.0.0.1:1044         ESTABLISHED
     TCP    127.0.0.1:1044         127.0.0.1:1043         ESTABLISHED
     TCP    127.0.0.1:1045         127.0.0.1:1046         ESTABLISHED
     TCP    127.0.0.1:1046         127.0.0.1:1045         ESTABLISHED
     UDP    0.0.0.0:111            *:*
     UDP    0.0.0.0:135            *:*
     UDP    0.0.0.0:445            *:*
     UDP    0.0.0.0:1036           *:*
     UDP    0.0.0.0:1038           *:*
     UDP    0.0.0.0:2148           *:*

Any ideas?

Thanks
Carl

Current thread:

Port TCP/8000 Carl R Diliberto (Nov 01)
- RE: Port TCP/8000 Golden_Eternity (Nov 01)
- RE: Port TCP/8000 Optrics Engineering - Shaun Sturby, MCSE (Nov 01)
- Re: Port TCP/8000 James Lee Bell (Nov 01)
- Re: Port TCP/8000 Richard H. Cotterell (Nov 04)
- <Possible follow-ups>
- RE: Port TCP/8000 Floura, Ranvir (NIH/CIT) (Nov 01)
- RE: Port TCP/8000 Naman Latif (Nov 01)
- Port TCP/8000 landgraf (Nov 01)
- RE: Port TCP/8000 Hay,Daniel (Nov 01)
- RE: Port TCP/8000 Ye, Wilson (Nov 04)