Why is MS listening

Dear Group,

I am wondering about several lines in the return to a netstat -a command on my pc!

They show that microsoft is listening. Is this legitimate and which program is served by these connections?

TCP x-xxxxxxxxxxx:microsoft-ds g-xxxxxxxxxxx:0 LISTENING UDP x-xxxxxxxxxxx:microsoft-ds *:*

There are two more lines which I do not know what they could refer to UDP x-almjf4iscdqrx:isakmp *:* UDP x-almjf4iscdqrx::4500 *:*

What do they refer to?

I dont know whether it is worth is, but I changed by PC name to all xs.

Is there a document which explains the meaning of these lines?

Thanks for any helpful replies.

GR.

Reply to
NoSpam
Loading thread data ...

You might find tcpview useful a GUI with same info

John

Reply to
John Mason Jr

Am Sun, 15 Jul 2007 15:36:23 +0000 schrieb NoSpam:

Microsoft shares via Nebios (seee network environment on your desktop), the printer stuff is afaik a standard share, the same is $C if I remember correctely.

M$ IPSec implementation, port 500 is IPSec without NAT traversal 4500 is (mostly) behind a firewall (NAT),

It doesn't matter.

google.com look for ipsec windows and microsoft data shares or similar

Reply to
Burkhard Ott

Nope. microsoft-ds is short for Microsoft DirectSMB (port 445), which is an alternative method to access shares. NetBIOS uses different ports:

135/tcp RPC portmapper 137/udp NetBIOS name service 138/udp netbios datagram service 139/tcp NetBIOS session service

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

John,

Thanks for your reply and the links.

As far as the links are concerned:

I had looked at TCPView for Windows v2.4 in link

formatting link
found no location for a download of the program. Where can I find one?

Unfortunately many of the useful features of netstat are not accessible to me because they are available only in WinXP and in Winserver 2003. My system in Win2000.

I still dont know why and what MS is listening to.

Thank you GR.

Reply to
NoSpam

You can download the entire suite

Reply to
John Mason Jr

NetBIOS doesn't use DCE-RPC at all.

137/tcp and 139/udp might be used as well.
Reply to
Sebastian G.

Dear Helpers,

Thank you all for your help. Some of it is above my head and some is very helpful.

There is one additonal question which came up in the meantime. When I do a netstat -e 10 I get a large amount of bytes tarnsferred each ten seconds for received and sent. This number keeps increasing even though I lock the firewall and there can't be any in- or ourflow of data. Same happens when I pull the phone plug. Any explanation???

Thanks GR.

Reply to
NoSpam

The FW/packet filter running locally on the machine stops traffic between machines or programs running on the machine like a host program running locally on the machine that's communicating with its client program running on a remote machine or a client program running locally on the machine with its communications to its host program running on a remote machine, whether that be the LAN or WAN.

IE browser program the client machine in commutations with the Web server program the server on the WAN.

A Remote Desktop client program in commutations and controlling the remote host/server program running on the remote machine on the LAN.

That's traffic that's going to be stopped by the FW/packet filter running locally on the machine.

Reply to
Mr. Arnold

Ummm... "netstat -e 10" shows you network statistics every ten seconds. It should not generate traffic by itself. At least AFAICS.

Anyway, if you want to know what that traffic is, netstat is not the appropriate tool. You need a protocol analyzer (e.g. Wireshark [1]) and some understanding of network protocols for that.

[1]
formatting link
cu 59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Am Sun, 15 Jul 2007 20:35:43 +0200 schrieb Ansgar -59cobalt- Wiechers:

Yes I know what you mean, M$ calls that microsoft data share (AFAIK).

Reply to
Burkhard Ott

^^^^^^^^^

Read again.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Am Mon, 16 Jul 2007 18:45:46 +0200 schrieb Ansgar -59cobalt- Wiechers:

yup, I've found it on microsofts sites, I was pretty sure its called data-share, but you're right.

Reply to
Burkhard Ott

Microsoft is not spying on you.

Nice observation; but they have better things to do with their time ...honestly, they do.

"microsoft-ds" is the recent(ish) name given to the new rendition of the old Server Message Blocks (SMB), which is Common Internet File System (CIFS).

What runs on UDP port 4500? I have no idea.

What runs on UDP port 500(isakmp)? Well, it's the ISAKMP service which is run by IPSec on your Windows machine.

NoSpam wrote:

Reply to
Intuitive

That's also for IPsec. Port 4500/udp is used for passing trough NAT devices. The data packets will not be encapsulated in ESP but in udp packets ofer that port.

More info in: RFC 3715 IPsec-Network Address Translation (NAT) Compatibility Requirements RFC 3947 Negotiation of NAT-Traversal in IKE RFC 3948 UDP Encapsulation of IPsec ESP Packets

Reply to
Christophe Vandeplas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.