Found this, and it might be of some help, since many peoples ask about svchost.exe and services.exe, like why they’re connecting to some ports. So here’s what Windows service that uses what port:
Summary:
This article discusses the essential network ports, protocols and services that are used by Microsoft client and server operating systems, server-based programs and their subcomponents in the Microsoft Windows server system. Administrators and support professionals may use this Microsoft Knowledge Base article as a road-map to determine what ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network.
The port information in this article should not be used to configure Windows Firewall. For information about configuring Windows Firewall, see the Windows Firewall Settings Technical Reference.
The Windows server system includes a comprehensive and integrated infrastructure that is designed to meet the requirements of developers and of information technology (IT) professionals. This system is designed to run programs and solutions that information workers can use to obtain, to analyze, and to share information quickly and easily. These Microsoft client, server and server program products use a variety of network ports and protocols to communicate with client systems and with other server systems over the network. Dedicated firewalls, host-based firewalls, and Internet Protocol security (IPsec) filters are other important components that are required to help secure your network. However, if these technologies are configured to block ports and protocols that are used by a specific server, that server will no longer respond to client requests.
Applies to the following operating systems:
• Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
• Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
• Microsoft Windows Server 2003, Standard Edition (32-bit x86)
• Microsoft Windows Server 2003, Web Edition
• Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
• Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
• Microsoft Windows 2000 Server
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Professional Edition
• Microsoft Windows 2000 Datacenter Server
• Microsoft SQL Server 2000 Standard Edition
• Microsoft SQL Server 2000 Enterprise Edition
• Microsoft Exchange 2000 Enterprise Server
• Microsoft Exchange 2000 Server Standard Edition
• Microsoft Internet Security and Acceleration Server 2000 Standard Edition
• Microsoft Windows XP Professional for Itanium-based systems
• Microsoft Windows XP Home Edition
• Microsoft Windows XP Professional
• Microsoft SharePoint Portal Server 2001
• Microsoft Systems Management Server 2003
• Microsoft Systems Management Server 2.0 Standard Edition
• Microsoft Systems Management Server 2003
• Microsoft Operations Manager 2000 Service Pack 1
• Microsoft Windows XP Tablet PC Edition
• Microsoft Application Center 2000 Standard Edition
I don’t use Windows 7, but I assume it should be the same for Windows 7 as for Vista. Go to All Programs → Accessories and right-click Command Prompt. From the context menu, choose Run as administrator. You should now be able to use commands that require administrator privileges.
Thanks Ragwing, that did the trick: Funny, I tried my admin account the other day with no success?
I get the feeling I’m about to ask a “can of worms” question for myself: If I have only 5 ports open through the “my ports sets” facilities in Comodo Firewall - which I must add, apprears to have kept my system clean for the last couple of years - how can there be so many ports still open on my system? I count 41, nearly 30 of which are for Firefox.
Sorry for the green questions but I don’t think I’ll be mastering in network science somehow - although, as I learned through using some Linux systems, it is good to have an interest in your system security. I think my greatest security, apart from Comodo, is that I enjoy wiping my system on a regular basis to keep my hand in.
I was visiting this forum to make a question but I ran into this thread and it is very enlighting (I am Spanish, sorry for my English).
I checked all the links you placed here, and apparently the ports from 49152 to 65365 are random, and my question was about that:
When I execute as an Admin (Windows Vista) netstat -anb -p tcp I see some ports: 49152,49153…49156 and I see that all belong to system stuff such as: wininit.exe, Eventlog,nsi,schedule, lsass.exe and services.exe
For what I have read in the links, I would say I shoudn´t be worried about that, because, even if these port are listening, they have to …don´t they? . I mean, I am not so sure about it.
Anyway, when I go to “Comodo Internet Security Premium” to the section “Active Connections” in the Firewall area, I don´t see these ports named above, so, I think I can be reassured, but still not sure.
In short: Is it normal that such services are listening in those ports?
