dreded newbie message! :)

Discussion in 'Port Explorer' started by Ean, Jan 31, 2005.

Thread Status:
Not open for further replies.
  1. Ean

    Ean Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    23
    Location:
    LA, CA
    Hello PE community!

    I'm very impressed by you all and I'm on my PE trial now, and will likely be buying as soon as I can, even better if a good deal for a package with some of the other DCS products could save me some bucks!

    Long time Engineer, and computer dabbler in various capactities, but new to learning about inner workings of ports, TCP, etc.

    My first question is now that we have this wonderful PE that shows all the connections, aside from obvious hidden connections from strange trojan-like things, etc., how do I start to learn what is "OK" or not?

    I have a superb Task Manager utility (TaskInfo if anyone else has heard of that), which I have used for years now and so I am perpahps more familiar than most with processes that run, what they do or what service they are attacted to, etc. But the PORT aspect of things is new to me.

    So my first questionable things I see on PE are:

    1. There is a SYSTEM process with PID = 0 listening on 0.0.0.0:1025 (I've attached a text file with two text listings of my PE top window display). First of all, did not know a PID could even BE = 0! SYSTEM Task shows with PID = 8 on Task Manager.

    2. At first there were SEVERAL system processes with PID = 0 listening on ports 137-139, and 445, and because of those particular ports being mentioned in some of the trojan/worm usage lists I was wondering if these are normal, if any of you might have experience with them.

    3. Then lower in my text file you can see how things changed after some time. All the SYSTEM processes there now have the expected PID = 8, except for that one listening on port 1025.

    My computer is Win2000 P4 1.8Ghz 512MB RAM, with all the lastest updates.

    I am running the Zone Alarm most recent firewall 5.1.033.000, behind a Netgear RP614 router (not wireless), and 1.5MB DSL. If that info matters. The vsmon process clearly is part of the ZoneAlarm somehow.

    This setup passes ALL the grc.com ShieldsUP tests, as well as those on auditmypc.com. And several Spyware versions have been run with none showing (AdAware, SpyBot, XSoftSpy, YahooAnitSpy, etc.).

    Sorry for the glut of info. Just thought some similar Win2000Pro users like myself might have gone through what I am at the beginning of their exploration with PE and could guide me to if my results here look OK, or if those SYSTEM processes are indicating a possible problem in some way.

    Look forward to hearing from you!

    Ean
     

    Attached Files:

  2. BourgePD

    BourgePD Registered Member

    Joined:
    Sep 5, 2004
    Posts:
    75
    Greetings, Ean!

    Just caught your question as I'm running out the door and the wifey is waiting so I must be real quick to toss a link at you for your perusal (good information):

    http://www.firewallleaktester.com/wwdc.htm

    I see nothing untoward in the log text file you provided excepting possibly a couple of open ports open on your local system that you may not need to have open. No doubt someone else will come along very soon and provide you with more assistance.

    Take care and have fun... :D
     
  3. Ean

    Ean Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    23
    Location:
    LA, CA
    OK, thanks Bourge!

    The GRC leaktest on that WWDC link I have fully used and it finds NO leaks at all. And other GRC tests find no ports open exterally at all.

    I also saw a thread where Jason told some other newbie like myself about the "hide netstat sockets" setting. When I do that, then ALL o these SYSTEM 8 or 0 entries I wrote about get hidden. However, does that tell me that those netstat sockets are all OK to have there?

    I'm a little leery of the WWDC utility, because when I used it, then I could NOT seem to get a download to run any more, plus I think I got some "page not found" when browsing that I knew were there. Plus, even with the WWDC changes made, I still showed these same sockets open in PE, even after reboot. So even though WWDC had "disabled NetBIOS, I still have that SYSTEM8 sockets open on port 137, 138, 139.

    Besides, I had already run Steve Gibson's disable DCOM (DCOMbobulator) and UPNP and Messenger utilities, so I'm not sure what else WWDC wants to do in "disabling DCOM and RPC". But I know when I used it that something broke, so I put it back the way it was. I'll take that up with the WWDC author.

    But I still would like to hear other Win2000Pro users experiences and if they have the same sockets showing, etc.
     
    Last edited: Feb 1, 2005
  4. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    SPAM trash removed; carry on :cool:
     
  5. Ean

    Ean Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    23
    Location:
    LA, CA
    Thanks Detox! And for those who can't see it longer, it was not MY offense here...someone else posted spam in my thread.
     
Thread Status:
Not open for further replies.