Contribution: Service in WinXP

Discussion in 'Port Explorer' started by Ben, Aug 5, 2003.

Thread Status:
Not open for further replies.
  1. Ben

    Ben Registered Member

    Aug 4, 2003
    Los Angeles, CA
    Services overview:

    *term: svchost.exe
    A Description of Svchost.exe In Windows XP;en-us;q314056

    Without a doubt the most asked question is what is svchost.exe and why is it running so many times at once. That's a fair question, especially if you've looked in Task Manager and seen it listed three or four times, each instance gobbling up memory. The official answer, straight from the mouth of Microsoft is:

    "Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs)."

    (personal note: Unfortunately, I am running myself XP Home edition and the command line : tasklist /svc does not work on this version. Here is where PE comes to the rescue)

    *term: SERVICE:
    A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level.

    When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication service, and Routing and Remote Access service.

    Use caution when changing default settings.
    Changing the default settings for services might prevent key services from running correctly. It is especially important to use caution when changing the
    Startup Type and Log On As settings of services that are configured to start automatically.

    If you enable or disable a service and you encounter a problem starting the computer, you might be able to start the computer in safe mode. Then you can change the service configuration or restore the default configuration.

    Another solution, Create A Restore Point with the Restore Program so if you are messing badly you can restore the system back to the way it was before you started changing settings.

    How to access Services area:
    Start > Settings > Control Panel > click on Administrative Tools > click Services.

    Get to know them: Click Help, then Help Topics.
    You can also click once (highlight) each one and a brief description will show in the left panel.
    Clicking twice, it will bring up its property panel, and the Dependency tab will show you which other services are hooked on it, or on which other services it
    is hooked itself.

    Application Layer Gateway Service : ALG

    Provides support for 3rd party protocol plug-ins for Internet Connection Sharing

    (ICS) and the Internet Connection Firewall (ICF).

    Depends on: nothing
    Dependees: ICF / ICS

    On a standalone computer (not networked) set this to Manual, on a network (2 or more computers sharing one connection, one IP number (set to Automatic).

    If you are using your computer as a gateway, read down, if you are using a router as anyways..for general info.


    Internet Connection Sharing and Internet Connection Firewall :
    ICS / ICF

    Pretty explanatory there:
    ICS is an application running on a Windows OS-based computer that serves as main gateway for the other computers hooked on same network and sharing same internet connection.

    If you use a router to perform a sharing connection you do not need to use the ICS application. The router will become the main gateway serving the other
    computers hooked to it.

    What ICS does:

    In networking terms, ICS combines several elements: a proxy server, a router and a DHCP server.
    ICS uses Network Address Translation (NAT), which is also known as "IP masquerading". In NAT, the identity of the client submitting a request is hidden: Instead, the request appears to come from the host.

    Network Address Translation : NAT

    Network address translation (NAT), an Internet Engineering Task Force (IETF) standard, is an immediate but temporary solution to the problem of 32-bit IPv4 addresses becoming exhausted.
    NAT allows an Internet Protocol version 4 (IPv4) gateway device to provide devices on a network with access to a public network or the Internet while sharing a single, globally routable IPv4 address
    provided by an Internet Service Provider (ISP). (read the rest in the link above).

    There's a problem occuring with NAT:
    Say you have two computers hooked to a router, Computer A , Computer B, Router X.

    Computer A will get access to the internet through Router X, Computer B as well.
    But Computer A will not be able to communicate with Computer B because they cannot see each other through the NAT router X.

    Windows XP fixes this problem, letting you communicate across two NAT routers, from one inside box to another inside box.
    I assume that both boxes, A and B should be using WinXP for this.

    Start > Settings > Network Connections > Right click the connection you are actually using > chose Properties > Advanced tab > Select Allow Other
    Network Users to Connect through This Computer's Internet Connection - check box.

    If you want other computers to be able to cause ICS to start up the network connection when it's not running, make sure Establish a Dial-up Connection
    whenever a Computer on My Network Attempts to Access the Internet check box is selected. Clear this check box if you want only the computer with the
    connection to be able to start the connection.

    ((Personal note: you better start studying the new, upcoming in few years ipV6.
    Here is where you can find about it:
    But ofcourse, without getting a decent background on the actual TCP/IP system, you will not get too far.
    Here is a basic course (free for anyone to learn):

    (many thanks to all those who have worked and put together e-books, articles and classes online free of charge - the OPEN everything e-world).

    I will try to follow up this one with research on other Services.

    An Idea about how many services are there and their names:

    Application Layer Gateway Service
    Application Management
    Automatic Updates
    Background Intelligent Transfer Service
    COM+ Event System
    COM+ System Application
    Computer Browser
    Cryptographic Services
    DHCP Client
    Distributed Link Tracking Client
    Distributed Transaction Coordinator
    DNS Client
    Error Reporting Service
    Event Log
    Fast User Switching Compatibility
    Help and Support
    HID Input Service
    IMAPI CD-Burning COM Service
    Indexing Service
    Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
    IPSEC Services
    Logical Disk Manager
    Logical Disk Manager Administrative Service
    Machine Debug Manager
    MS Software Shadow Copy Provider
    Net Logon
    Network Connections
    Network DDE
    Network DDE DSDM
    Network Location Awareness (NLA)
    NetMeeting Remote Desktop Sharing
    NT LM Security Support Provider
    Performance Logs and Alerts
    Plug and Play
    Portable Media Serial Number
    Print Spooler
    Protected Storage
    QoS RSVP
    Remote Access Auto Connection Manager
    Remote Access Connection Manager
    Remote Desktop Help Session Manager
    Remote Procedure Call (RPC)
    Remote Procedure Call (RPC) Locator
    Remote Registry
    Removable Storage
    Routing and Remote Access
    ScriptBlocking Service
    Secondary Logon
    Security Accounts Manager
    Shell Hardware Detection
    Smart Card
    Smart Card Helper
    SSDP Discovery Service
    System Event Notification
    System Restore Service
    Task Scheduler
    TCP/IP NetBIOS Helper
    Terminal Services
    Uninterruptible Power Supply
    Universal Plug and Play Device Host
    Upload Manager
    Volume Shadow Copy
    Windows Audio
    Windows Image Acquisition (WIA)
    Windows Installer
    Windows Management Instrumentation
    Windows Management Instrumentation Driver Extensions
    Windows Time
    Wireless Zero Configuration
    WMI Performance Adapter
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Nov 20, 2002
    Another nice job Ben, you should be writing books !
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Nov 11, 2002
    Perth, Western Australia
    Kill the ALG ... EXE :) . Yes I look forward to your next writeups they are very good. I think most people who don't run servers (most home users) will benefit greatly from closing down unneeded and unwanted services. It will decrease loading time and give back a lot of resources.

  4. Ben

    Ben Registered Member

    Aug 4, 2003
    Los Angeles, CA
    Thanks, Dolphi and Jason.

    Well I am writing as I am testing.

    I think not everyone can just axe some services or disable them.

    I am having a small network myself, two boxes, this one with XP the other one with Debian.
    I can say, Linux is way simpler to configure and firewall at command line than is XP on a GUI interface.

    Now I use a firewalled router.
    If I dare to axe ALG I lose connection, since anyways, ALG is confined behind the router, I guess nothing bad could come from there.

    I guess ALG could be safely ignored on a stand alone computer.

    I was just playing with the Socket Spy on PE, its my first time on such tool.

    And I figured out why I have to keep the SSDP alive:
    I guess upnp has to find, read the router somehow, if I shut it down, I lose connection.

    So for everyone reading up there ^^^
    There are several different scenarios, depending on how your computer is hooked up.

    I am using a cheap little D-Link 604 / old model but the documentation and tech support are super, it has a firewall builtin and is flexible and very costumizable.

    Another thing that I lost after I stopped UpNP was the sound. XP was telling me it can't find a sound device in the system.

    Well, I will continue with issues as I test them. But I would not dare to personally recommend no one to apply this and that as I said, not everyone's system and connections are the same.
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Nov 20, 2002
    my system uses upnp to learn it's external IP-address from the router
Thread Status:
Not open for further replies.