Hi

What I have described should also work on Win2k machines.

- via the registry, as described in the above reference [0], you identify
the services running under the context svchost oder lsass, and in
addition the corresponding DLL/EXE name. You also can use Sysinternals
ProcessExplorer via "Properties.Services".

- you assign the ports for example via ProcessExplorer "Properties.TcpIp"
as a first step of information gathering, start/stop services or take an
educated guess. If dynamically assigned, it may be needed or helpful,
maybe not, to use rpcdump and identify the IfId's.

If you have a specific problem, don't hesitate to send me a pm. We can
resolve the issue in a dialog and then post a note here, if needed.
In a long term view, it might be interesting to enhance the functionality
of the currently available "port mapper"-tools (fport, vision, PE, ...) to resolve
for the corresponding exe/dll/service. If such a tool does not exist (I never
actually checked), I may work on this in December or January


Cheers