| Why is port 5000 listening? Zone alarm says Process 896 listening to TCP:port 5000 and UDP:1900 I have had an ex employer try to access port 5000 and I am wondering why port 5000 is now listening? Isn't this a backdoor port?
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
TCP 192.168.1.100:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1028 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:2234 *:*
UDP 192.168.1.100:123 *:*
UDP 192.168.1.100:137 *:*
UDP 192.168.1.100:138 *:*
UDP 192.168.1.100:1900 *:*
UDP 192.168.1.100:2234 *:* |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 | What program was running in process 896? The name of the program might be a good clue as to why it was listening
--
dave
|
|
 DSL987
join:2000-03-22
Helotes, TX
| reply to Kameleon36
I show the same thing on my XP machine and I think it is either Norton or Microsoft Update listening for updates.
It doesnt show the process belonging to any program except svchost.
[text was edited by author 2001-11-13 19:32:27] |
|
| reply to dave
How do I find out what process 896 is? |
|
 SYNACKJust Firewall ItPremium,Mod
join:2001-03-05
Venice, CA | UPnP!
e.g. look at the bottom of:
»Need Help Bad...... |
|
DSL987
join:2000-03-22
Helotes, TX | reply to Kameleon36
said by Sassycat:
How do I find out what process 896 is?
Start up MS Info by going to the Run command on the Start button, you will need to type in msinfo32 and then it should fire right up.
Go to the section labeled "Software Environment" and then to the subsection labeled "Running Tasks". This will show all programs and services that are running and their process ID's.
I'd bet $5 that it says 896 belongs to svchost.exe and that the path is listed as not available. |
|
|
|
| reply to Kameleon36
Here ya go....$5.00.lol.....you were right. Thanks, now I know how to look up and see what tasks each of those numbers belong to.  |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
 ·Verizon FiOS
 ·Verizon Online DSL
| reply to Kameleon36
said by Sassycat:
How do I find out what process 896 is?
Easier way: type ctrl+shift+esc to bring up the task manager. Select the processes tab. Locate the process id in the pid column.
(I assume ctrl+shift+esc works on all flavours of XP, I don't know for sure though).
--
dave
|
|
 WildcatboyPremium,Mod
join:2000-10-30
Toronto, ON
kudos:2
Security Product V..
Security
| reply to Kameleon36
Both ports 5000 and 1900 are opened by UPnP (Universal Plug and Play). It's a useless service since I don't know of any application that supports it, not to mention that the MS version of UPnP doesn't even support all the features recommended by UPnP standards.
Follow this procedure backwards and you'll be uninstalling it in no time and both of those ports will close. In Windows ME it can be shut down by going to Add/Remove Programs --> Windows Setup --> Communications. and unchecking "Universal Plug and Play" and rebooting.
As for finding out about a process and the application that starts it and the ports it opens, you can use this little program by the name Active Ports. It shows you all the information about listening ports and what application opened them with an extra bonus. You can close the port with one click. It only works on NT/W2K/XP machines. |
|
DSL987
join:2000-03-22
Helotes, TX | Thanks for the tip Wildcat. The only trouble is I don't have UPnP installed, so now I'm at a loss to understand what the heck is going on. |
|
 cjsmithPremium
join:2000-11-03
Villa Rica, GA
| Do you have Yahoo Messenger installed?
[text was edited by author 2001-11-14 06:55:25] |
|
| reply to Wildcatboy
Excellent little program. I could go right in there and close port 5000 with just a mouse click. Thanks for the great info. |
|
DSL987
join:2000-03-22
Helotes, TX
| reply to cjsmith
said by cjsmith:
Do you have Yahoo Messenger installed?
[text was edited by author 2001-11-14 06:55:25]
No instant messaging programs installed on my machine. |
|
| reply to Kameleon36
I looked all the Service and it appears SSDP Discovery Service listens on port 5000. I stopped the service and like 4 ports stop listening. The service is set to manual, but at bootup it keeps starting it up. Guess I need to disabled it? |
|
WildcatboyPremium,Mod
join:2000-10-30
Toronto, ON
kudos:2 | reply to DSL987
My understanding is that UPnP is installed by default when you install XP or ME. If you have both 5000 and 1900 listening, you can bet UPnP is running. Are you saying that you can't find it in add/remove section? |
|
| said by Wildcatboy:
My understanding is that UPnP is installed by default when you install XP or ME.
Not so with ME.
This MS article states...
"Windows ME includes a native UPnP capability, but it is neither installed nor running by default."
... though I think some manufacturers may install it.
|
|
| reply to Wildcatboy
said by Wildcatboy:
If you have both 5000 and 1900 listening, you can bet UPnP is running. Are you saying that you can't find it in add/remove section?
I'll second that. Looks like UPnP by the look of that netstat extract. |
|
 HG Fegen$Johnny B. GoodePremium
join:2001-06-28
Scotland. UK | Hi!
I took a quick look at through my ME and found several Application Extensions; ie UPNP.DLL - is this what you guys talking about?
HG |
|
| yes
and HG if you want to know more about the issue that sissycat and others have with it, see this thread.
»Open port 5000.. anyone have any idea what uses it
[text was edited by author 2001-11-15 18:45:55] |
|
