TIP: Click on subject to list as thread! ANSI
echo: nthelp
to: Hrvoje Mesing
from: Hrvoje Mesing
date: 2005-01-06 18:04:48
subject: Re: UDP port 445

From: "Hrvoje Mesing" 

Sorry ...

.. [cut] ..

Process ID: 4 (System)

System Process

PID Port  Local IP State   Remote IP:Port
4 TCP 445   0.0.0.0  LISTENING  0.0.0.0:41142
4 UDP 445   0.0.0.0     *:*

Port Statistics

TCP mappings: 1
UDP mappings: 1

TCP ports in a LISTENING state:  1 = 100.00%


Could not access module information for this process

.. [cut] ..


From :
http://www.microsoft.com/france/entrepreneur/solutions/sgc/articles/sec_iis_6_0
.mspx

.. [cut] ..
SMB utilise les ports suivants :

      . Port TCP 139

      . Port TCP et UDP 445 (SMB Direct Host)


NetBIOS utilise les ports suivants :

      . Port TCP et UDP (User Datagram Protocol) 137 (service de noms
NetBIOS)

      . Port TCP et UDP 138 (service de datagrammes NetBIOS)

      . Port TCP et UDP 139 (service de sessions NetBIOS)



.. [cut] ..

Also, should check: http://www.iana.org/assignments/port-numbers, do not
just check for 445, first read the entry, then check the comments.

Nice (!!): http://vabo1.jp.apan.net/flow/, will show You the example of
port consuming, which is more used in our example TCP or UDP on
"some" server.

From: http://support.microsoft.com/default.aspx?scid=kb;en-us;832017:

      445 TCP SMB Fax Service
      445 TCP SMB Print Spooler
      445 TCP SMB Server
      445 TCP SMB Remote Procedure Call Locator
      445 TCP SMB Distributed File System
      445 TCP SMB License Logging Service
      445 TCP SMB Net Logon


.. no one talking 'bout UDP :)

.. this is just a 5 min. Quich Peak in the whole Question. Also, there is a
problem in quereying System process ("Could not access module
information for this process"), so, the only good way to find out
which processes are using the 445 UDP and what is coming and going over it
is to use Port mapper like portqry with -local -wport* switches and
something like NetMon to capture the traffic then anaylze - Snort and
tcpdump could come in handy.

Also, MS should document stuff better (revisited KB pages), as registry and
hidden registry values (alternative is to use RegMon and check for missed
values) to find out how in the Hell to controll this system, WinXP or
Win2K3 ...

Goto eat something.

Enjoy All + Best in New 2005 to everyone.


-+-
M.

--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267 270 5030/786
@PATH: 379/45 1 106/2000 633/267

SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.