I know the SMB service use the 445 port on the server side to share the folder.
Therefore , in the server side it has the LanmanServer service to handle the SMB.
But when i use TCPView or netstat these tools always show the 445 port is used by PID 4, and
PID 4 is SYSTEM process (ntoskrnl.exe) which the key process to be the bridge between the user mode process and kernel mode driver.
Even disable the Lanmanserver service , the 445 port still belong to PID 4 (System).
Because i want to monitor the process use the 445 port , it seems to the kenerl driver open the 445 port ? Does it mean LanmanServer service has the driver to listening the 445 port ?
You need to sign in to view this answers
Leave feedback about this