Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: netstat -aon

  1. #11
    Join Date
    Nov 2003
    When running the tasklist | findstr "PID" for the one listenning on port 1025 it gave me the following.

    winlogon.exe 460 0 1,516 K
    lsass.exe 516 0 4,192 K

    Thanks again

  2. #12
    Senior Member
    Join Date
    Mar 2004

    The winlogon.exe you can forget. The match was due to "1,516 K".

    Which OS have you running (XP home/pro SP1 or SP2, 2000, ...)? They apparently
    handle RPC-things differently (svchost/lsass listening).

    A reminder: Port 1025 is the first dynamically assigned port on a windows
    machine. Usually, this port is used by the RPC "environment". RPC opens, if
    needed, further ports (>1025).
    The RPC port mapper (on 135) enables the communication with RPC services.,
    ie. a client asks the RPC port mapper about the endpoints of the server
    (e.g. for the task scheduler this usually is 1025).

    I would not be overly concerned about it, if you have a patched system and/or
    a decent configured firewall. But maybe I missed something, and someone else
    could clarify further.

    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.