Mombu the Microsoft Forum sponsored links

Go Back   Mombu the Microsoft Forum > Microsoft > Somebody Know This, Please Explain!
User Name
Password
REGISTER NOW! Mark Forums Read

sponsored links


Reply
 
1 24th April 09:42
ben
External User
 
Posts: 1
Default Somebody Know This, Please Explain!


Hi,
I am using "Active Ports" to monitor the access from/to my Win 2000 Pro.
I got the fallowing report - It is kind of some thing abnormal to my
computer:

Process: TCP svchost.exe
PID : 472
Local IP: 192.167.1.5
Local Port: 2572
Remote IP : 67.114.XX.XX
Remote Port: 80
State : CLOSE_WAIT
Protocol : TCP
Path : C:\WINNT\System32\svchost.exe

+What is svchost.exe for?
+In this case, what is this process doing?
+What dose the State CLOSE_WAIT mean? There must be some state was passing
before ending up with this state?
+Which request will cause the svchost.exe open the port 2572? or it is
normally open? How can the remote be able to gain this access?

It could be too much to answer, but I guess there is the main answer to
these question.
Please explain to me. It may clear my concern.

Very appreciated and thanks in advance,

Ben
  Reply With Quote


  sponsored links


2 24th April 09:42
david robbins
External User
 
Posts: 1
Default Somebody Know This, Please Explain!


svchost is a generic process for services run from a dll. to find out what
it was you might try to browse to the ip address that it was connected to
and see what it was. it could be something like the windows update site, an
antivirus auto update download site, or even a spy site for some malware
installed on your system... there is no way to tell from what you supplied.

this connection was made FROM your machine TO port 80 on 67.114.xx.xx which
would be a normal web server type of connection. the local port number in
this case doesn't really mean anything, typically when making an outgoing
connection a program will request to open a connection from the tcp/ip stack
and just get assigned the next sequential free port, so you can't really
close that port since it is a one time use only in most cases.

close_wait means that the connection is done transfering data and is just
waiting for the tcp connection to finish closing.
  Reply With Quote
Reply


Thread Tools
Display Modes




Copyright 2006 SmartyDevil.com - Dies Mies Jeschet Boenedoesef Douvema Enitemaus -
666