Win2k system(8) Listening to port 1028

[someone92]

Hi,
I just used netstat -an to see what are the open port on one of my
win2k system and I saw this strange open port 1028:

TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING

Using TCPview I saw that the port is used by system(8). And it's is
always listening to this port. Last week I saw that port 1029 and 1032
were also used instead.

I have another win2k machine and this port is closed.

I didn't find any standard services that used this port. except:
Microsoft Local Security Authority (LSA) but it's supposed to be
listening using the udp protocol.

I find it strange that system(8) is using TCP on that port and that
this port is closed on my other system (I have disabled many services
on both machines, so there can be some differences on the
configuration). Anyway is this a normal behavior? any information will
be welcome.

Thanks in advance

 

[Steven L Umbach]

It is not unusual to see ports in the under 1030 and over 1025 range to be
used or listening as they are often used for services installed on your
computer. What will help is to download TCPView, Process Explorer, and
Autoruns from SysInternals to find out more information. TCPView for
instance will display the associated executable for the listening port which
may help you determine what is going on. Process Explorer and Autoruns are
also very helpful in tracking down processes and can show the publisher of
an executable and if the file is digitally signed or not. Of course routine
malware and spyware scans can help identify and remove rouge applications
that may be using unexplained ports. --- Steve

http://www.sysinternals.com/Utilities/TcpView.html --- TCPView and link to
SysInternals.