October 23, 2024
Chicago 12, Melborne City, USA
OiO.lk Blog security Why windows SMB 445 port always belong to PID 4?
security

Why windows SMB 445 port always belong to PID 4?

  • by
  • October 23, 2024
  • 0 Comments
  • Less than a minute
  • 1 View
  • 5 hours ago


I know the SMB service use the 445 port on the server side to share the folder.

Therefore , in the server side it has the LanmanServer service to handle the SMB.
But when i use TCPView or netstat these tools always show the 445 port is used by PID 4, and
PID 4 is SYSTEM process (ntoskrnl.exe) which the key process to be the bridge between the user mode process and kernel mode driver.

LanmanServer service

Even disable the Lanmanserver service , the 445 port still belong to PID 4 (System).

Because i want to monitor the process use the 445 port , it seems to the kenerl driver open the 445 port ? Does it mean LanmanServer service has the driver to listening the 445 port ?



You need to sign in to view this answers

Share This Post:

Leave feedback about this

  • Quality
  • Price
  • Service

PROS

+
Add Field

CONS

+
Add Field
Choose Image
Choose Video

Related Post

GPL

Free GPL WordPress eCommerce Notification

October 23, 2024
javascript

Prevent Chrome location reload warning banner

October 23, 2024
security

Any security risk using browser JSON viewers to display

October 23, 2024
SQL

SQL Join type needed

October 23, 2024
CSS

textarea inside a “ element is not responding to

October 23, 2024
HTML

Making background-color “slide” nicely between table cells using pure

October 23, 2024