OiO.lk Blog security Why windows SMB 445 port always belong to PID 4?
security

Why windows SMB 445 port always belong to PID 4?

  • By admin
  • October 23, 2024
  • 0 Comments
  • Less than a minute
  • 1 View
  • 3 hours ago


I know the SMB service use the 445 port on the server side to share the folder.

Therefore , in the server side it has the LanmanServer service to handle the SMB.
But when i use TCPView or netstat these tools always show the 445 port is used by PID 4, and
PID 4 is SYSTEM process (ntoskrnl.exe) which the key process to be the bridge between the user mode process and kernel mode driver.

Even disable the Lanmanserver service , the 445 port still belong to PID 4 (System).

Because i want to monitor the process use the 445 port , it seems to the kenerl driver open the 445 port ? Does it mean LanmanServer service has the driver to listening the 445 port ?



You need to sign in to view this answers

Leave a Comment

Related Post

C#

Problem with least squares rational approximation to `asin(x)+ sqrt(1-x^2)`

October 23, 2024
java

Is there a difference between null does not equal

October 23, 2024
python

What is the equivalent of np.polyval in the new

October 23, 2024
GPL

Free GPL Intense – Shortcodes and Site Builder for

October 23, 2024
javascript

Returning undefined and NaN

October 23, 2024
SQL

Can i retrieve the existing Roots of a view

October 23, 2024
Exit mobile version