# Vista - Listening Ports 49152-49157



## ironclaw (Feb 8, 2007)

Can anyone tell me which service/program is opening these ports?

Ports 49152, 49153, 49154, 49155, 49156, 49157.

The PID for each of these translates to a system process.

Thanks!


----------



## Alec§taar (Feb 8, 2007)

ironclaw said:


> Can anyone tell me which service/program is opening these ports?
> 
> Ports 49152, 49153, 49154, 49155, 49156, 49157.
> 
> ...



Well, I don't run VISTA here yet, currently, but since much of it's the SAME as 2000/XP/Server 2003 (this latter one's it's 'base code' it was built upon & this I use)? This ought to cut the mustard

From a DOS prompt window, type this command ->

netstat -a -b -n -o

The press ENTER...

It tells you a LOT more than netstat command issued alone can do, perhaps this will "shed more light on it" for you, helping you determine what is what, here.

(Incidentally - netstat /? gets you all of its commandline switches, so you can look @ more of them & see my point here!)



netstat -a -b

* That can do it as well, but I feel that first commandline is more "thorough"... I hope this helps @ least some.

APK

P.S.=> It's POSSIBLE these are "ephemeral ports" that Windows uses that are 'short lived' connections as well, OR "reserved ports" (which you CAN alter mind you)... see here for MORE about that:

http://www.microsoft.com/technet/community/columns/cableguy/cg1205.mspx

&

http://support.microsoft.com/default.aspx?scid=kb;en-us;812873

apk


----------



## ironclaw (Feb 8, 2007)

Alec§taar said:


> Well, I don't run VISTA here yet, currently, but since much of it's the SAME as 2000/XP/Server 2003 (this latter one's it's 'base code' it was built upon & this I use)? This ought to cut the mustard
> 
> From a DOS prompt window, type this command ->
> 
> ...




Thank you very much! Such a wealth of useful info. 

When I try the -b switch it tells me that I need elevation. Is there a way to use this switch without logging in as Admin?

According to their PIDs, all six of those ports translate to either wininit.exe, svchost.exe, lsass.exe, or services.exe.

By the way, I enjoyed reading your "Securing Windows 2000/XP/Server 2003 services" post!


----------



## cjoyce1980 (Feb 8, 2007)

after you type "cmd" instead of just hitting enter to start the dos prompt, hold down ctrl + shift then push enter, it will elevate the dos prompt to admin


----------



## Alec§taar (Feb 9, 2007)

Sorry first of all for the lag in my reply... when I posted that, it was VERY late last night, & I had things to do today... so, again, my apologies.



ironclaw said:


> Thank you very much! Such a wealth of useful info.



Well, you're welcome - you would have come across it eventually, from somebody other than myself most likely.



ironclaw said:


> When I try the -b switch it tells me that I need elevation. Is there a way to use this switch without logging in as Admin?



The poster before myself illustrates the "how" of doing that...



ironclaw said:


> According to their PIDs, all six of those ports translate to either wininit.exe, svchost.exe, lsass.exe, or services.exe.



That's indicative of various services using the ports you noted most likely (and the netstat commandline will indicate which ones, specifically as to the ports they are using as ephemerals in client-server type work, or as reserved ports)!

All, except iirc, wininit.exe (that's something that MAY be a "trojan horse", see the url below next):

http://www.pchell.com/virus/wininit.shtml

That shows you how to remove it.

http://support.microsoft.com/kb/299332

That's one from Microsoft indicating it is also a virus/malware/trojan process as well.



ironclaw said:


> By the way, I enjoyed reading your "Securing Windows 2000/XP/Server 2003 services" post!



Cool, glad you enjoyed it, & I hope you employed it + found it useful for making your system that much more secured.

APK


----------

