|
A. M. Software Services, Inc. - Knowledge
Base
Network Ports
Used by Key Microsoft Server Products
Microsoft Server Product
Ports
This section provides a description of
each system service, includes the logical name that corresponds to
the system service, and displays the ports and the protocols
required by each service.
Application Layer Gateway (ALG)
Service
This subcomponent of the Internet
Connection Sharing (ICS)/Internet Connection Firewall (ICF) service
provides support for plug-ins that allow network protocols to pass
through the firewall and work behind ICS. Application Layer Gateway
plug-ins have the power to open ports and change data (such as ports
and IP addresses) embedded in packets. File Transfer Protocol (FTP)
is the only network protocol with a plug-in that is released with
Windows Server 2003, Standard Edition, and Windows Server 2003,
Enterprise Edition.
The ALG FTP plug—in is designed to
support active FTP sessions through the network address translation
(NAT) engine used by these components. The ALG FTP plug—in does this
by redirecting all traffic passing through the NAT destined for port
21 to a private listening port in the 3000-5000 range on the
loopback adapter. The ALG FTP plug-in then monitors and updates FTP
control channel traffic so that the FTP plug-in can plumb port
mappings through the NAT for the FTP data channels. The FTP plug-in
will also update ports in the FTP control channel stream.
System Service Name ALG
| Application protocol |
Protocol |
Port |
FTP control
|
TCP
|
21
|
ASP.NET State
Service
The ASP.NET State service provides
support for ASP.NET out-of-process session states. The ASP.NET State
service stores session data out-of-process. The service communicates
with ASP.NET running on a Web server using sockets.
System Service Name
aspnet_state
| Application protocol |
Protocol |
Port |
ASP.Net Session State
|
TCP
|
42424
|
Certificate
Services
Certificate Services is part of the
core operating system that enables a business to act as its own
certification authority (CA). In this way, the business can issue
and manage digital certificates for applications and protocols such
as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure
Sockets Layer (SSL), Encrypting File System (EFS), IPSec, and smart
card log on. Certificate Services relies on RPC and DCOM to
communicate with clients using random TCP ports greater than
1024.
System Service Name
CertSvc
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Cluster Service
The Cluster service controls server
cluster operations and manages the cluster database. A cluster is a
collection of independent computers that is as easy to use as a
single computer. Managers, programmers, and users see the cluster as
a single system. The software distributes data among the nodes of
the cluster. If a node fails, other nodes provide the services and
data formerly provided by the missing node. When a node is added or
repaired, the cluster software migrates some data to that node.
System Service Name
ClusSvc
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Cluster Services
|
UDP
|
3343
|
Computer Browser
The Computer Browser system service
maintains an up-to-date list of computers on your network and
supplies the list to programs that request it. The Computer Browser
service is used by Windows-based computers enabled to view network
domains and resources. Computers designated as browsers maintain
browse lists, which contain all shared resources used on the
network. Earlier versions of Windows applications, such as My
Network Places, the NET VIEW command, and Microsoft Windows NT®
Explorer, all require browsing capability. For example, opening My
Network Places on a computer running Windows XP displays a list of
domains and computers, which is accomplished by the computer
obtaining a copy of the browse list from a computer designated as a
browser.
System Service Name
Browser
| Application protocol |
Protocol |
Port |
NetBIOS Datagram Service
|
UDP
|
138
|
NetBIOS Name Resolution
|
UDP
|
137
|
NetBIOS Session Service
|
TCP
|
139
|
DHCP Server
Using the Dynamic Host Configuration
Protocol (DHCP), the DHCP Server service automatically allocates IP
addresses and enables advanced configuration of network settings,
such as Domain Name System (DNS) servers and Windows Internet Name
Service (WINS) servers to DHCP clients. The network administrator
establishes one or more DHCP servers that maintain TCP/IP
configuration information and provide it to clients.
System Service Name
DHCPServer
| Application protocol |
Protocol |
Port |
DHCP Server
|
UDP
|
67
|
MADCAP
|
UDP
|
2535
|
Distributed File
System
The Distributed File System (DFS)
service manages logical volumes distributed across a local or wide
area network (LAN or WAN) and is required for the Microsoft® Active
Directory® SYSVOL share. DFS is a distributed service that
integrates disparate file shares into a single logical
namespace.
System Service Name Dfs
| Application protocol |
Protocol |
Port |
NetBIOS Datagram Service
|
UDP
|
138
|
NetBIOS Session Service
|
TCP
|
139
|
LDAP Server
|
TCP
|
389
|
LDAP Server
|
UDP
|
389
|
SMB
|
TCP
|
445
|
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
NetBIOS Datagram Service
|
UDP
|
138
|
Distributed Link Tracking
Server
The Distributed Link Tracking Server
system service stores information so that files moved between
volumes can be tracked to each volume in the domain. The Distributed
Link Tracking Server service runs on each domain controller in a
domain. This service enables the Distributed Link Tracking Server
Client service to track linked documents that have been moved to a
location in another NTFS file system volume in the same domain.
System Service Name
TrkSvr
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Distributed Transaction
Coordinator
The Distributed Transaction Coordinator
(DTC) system service is responsible for coordinating transactions
that are distributed across multiple computer systems and resource
managers, such as databases, message queues, file systems, or other
transaction-protected resource managers. The DTC system service is
necessary if transactional components will be configured through
COM+. It is also required for transactional queues in Message
Queuing (MSMQ) and SQL Server operations that span multiple
systems.
System Service Name MSDTC
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
DNS Server
The DNS Server system service enables
DNS name resolution by answering queries and update requests for DNS
names. The presence of DNS servers is crucial for locating devices
and services identified using DNS names and domain controllers in
the Active Directory directory service.
System Service Name DNS
| Application protocol |
Protocol |
Port |
DNS
|
UDP
|
53
|
DNS
|
TCP
|
53
|
Event Log
This system service logs event messages
issued by programs and the Windows operating system. Event Log
reports contain information that can be useful in diagnosing
problems. Reports are viewed in Event Viewer. The Event Log service
writes events sent by applications, services, and the operating
system to log files. The events contain diagnostic information in
addition to errors specific to the source application, service, or
component. The logs can be viewed programmatically through the Event
Log application programming interfaces (APIs) or through the Event
Viewer in an MMC (Microsoft Management Console) snap-in.
System Service Name
Eventlog
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Exchange Server
Microsoft Exchange Server includes
several system services. When a MAPI client such as Microsoft
Outlook® connects to an Exchange server, the client first connects
to the RPC endpoint mapper (the RPC Locator Service) on TCP port
135. The RPC endpoint mapper tells the client which ports to use to
connect to the Exchange Server service, which are dynamically
assigned. Exchange Server 5.5 uses two ports, one each for the
information store and the directory. Microsoft Exchange 2000 Server
and Exchange Server 2003 use three ports, one for the information
store and two for the system attendant, respectively. Alternatively,
Microsoft Outlook 2003 can use RPC over HTTP to connect to servers
running Exchange Server 2003. Exchange can also provide support for
other protocols, such as SMTP, POP3, and IMAP.
| Application protocol |
Protocol |
Port |
IMAP
|
TCP
|
143
|
IMAP over SSL
|
TCP
|
993
|
POP3
|
TCP
|
110
|
POP3 over SSL
|
TCP
|
995
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
RPC
|
TCP
|
135
|
RPC over HTTP
|
TCP
|
593
|
SMTP
|
TCP
|
25
|
SMTP
|
UDP
|
25
|
Fax Service
The Fax service, a Telephony
Application Programming Interface (TAPI)—compliant system service,
provides fax capabilities from your computer. The Fax service allows
users to send and receive faxes from their desktop applications
using either a local fax device or a shared network fax device.
System Service Name Fax
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
NetBIOS Session Service
|
TCP
|
139
|
SMB
|
TCP
|
445
|
File Replication
The File Replication system service
allows files to be automatically copied and maintained
simultaneously on multiple servers. File Replication service (FRS)
is the automatic file replication service in Windows 2000 and the
Microsoft Windows Server™ 2003 family. Its function is to replicate
the Sysvol on all domain controllers. In addition, FRS can be
configured to replicate files among alternate targets associated
with the fault-tolerant DFS.
System Service Name NtFrs
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
File Server for
Macintosh
The File Server for Macintosh system
service enables Macintosh computer users to store and access files
on a computer running Windows Server 2003. If this service is turned
off or blocked, Macintosh clients cannot access or store files on
your computer.
System Service Name
MacFile
| Application protocol |
Protocol |
Port |
File Server for Macintosh
|
TCP
|
548
|
FTP Publishing
Service
The File Transfer Protocol (FTP)
Publishing service provides FTP connectivity. The FTP control port
is 21 by default, but you can configure this system service through
the Internet Information Services (IIS) Manager (a snap-in). The
default data port (used for active mode FTP) is automatically set to
one less than the control port, so if you configure the control port
to 4131, the default data port will be 4130. Most FTP clients use
passive mode, which means that the client initially connects to the
FTP server through the control port; the FTP server assigns a high
TCP port between 1025 and 5000; and the client opens a second
connection to the FTP server for transferring data. The range of
high ports can be configured through the IIS metabase.
System Service Name
MSFtpsvc
| Application protocol |
Protocol |
Port |
FTP control
|
TCP
|
21
|
FTP default data
|
TCP
|
20
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
HTTP SSL
The HTTP SSL system service enables IIS
to perform SSL functions. SSL is an open standard for establishing a
secure communications channel to prevent the interception of
critical information, such as credit card numbers. Primarily, this
service enables secure electronic financial transactions on the Web,
although it is designed to work on other Internet services as well.
You can configure the ports for this service through IIS
Manager.
System Service Name
HTTPFilter
| Application protocol |
Protocol |
Port |
HTTPS
|
TCP
|
443
|
Internet Authentication
Service
The Internet Authentication Service
(IAS) performs centralized authentication, authorization, auditing,
and accounting of users connecting to a network ? either LAN or
remote ? using VPN equipment, Remote Access Equipment (RAS), or
802.1X Wireless and Ethernet/Switch Access Points. IAS implements
the Internet Engineering Task Force (IETF) standard RADIUS protocol,
which enables heterogeneous network access equipment.
System Service Name IAS
| Application protocol |
Protocol |
Port |
Legacy RADIUS
|
UDP
|
1645
|
Legacy RADIUS
|
UDP
|
1646
|
RADIUS Accounting
|
UDP
|
1813
|
RADIUS Authentication
|
UDP
|
1812
|
ICF/ICS
This system service provides NAT,
addressing and name resolution services for all computers on your
home or small-office network. When ICS is enabled, your computer
becomes an "Internet gateway" on the network, enabling other client
computers to share one connection to the Internet; such as a dial-up
or broadband connection. This service provides basic DHCP and DNS
services, but will work with the full-featured Windows DHCP or DNS
services.
When ICF/ICS is acting as a gateway for
the rest of the computers on your network, it provides DHCP and DNS
services to the private network on the internal network interface.
It does not provide these services on the externally-facing
interface.
System Service Name
SharedAccess
| Application protocol |
Protocol |
Port |
DHCP Server
|
UDP
|
67
|
DNS
|
UDP
|
53
|
DNS
|
TCP
|
53
|
Kerberos Key Distribution
Center
The Kerberos Key Distribution Center
(KDC) system service enables users to log on to the network using
the Kerberos version 5 authentication protocol. As in other
implementations of the Kerberos protocol, the KDC is a single
process that provides two services: the Authentication Service,
which issues ticket-granting tickets, and the Ticket-Granting
Service, which issues tickets for connections to computers in its
own domain.
System Service Name Kdc
| Application protocol |
Protocol |
Port |
Kerberos
|
TCP
|
88
|
Kerberos
|
UDP
|
88
|
License Logging
Service
License Logging Service (LLS) is a tool
that was originally designed to help customers manage licenses for
Microsoft server products that are licensed in the Server Client
Access License (CAL) model. LLS was introduced with Windows NT
Server 3.51. By default, LLS is disabled in Windows Server 2003.
Because of original design constraints and evolving license terms
and conditions, LLS cannot provide an accurate view of the total
number of CALs that are purchased as compared to the total number of
CALs that are used on a single server or across the enterprise. The
CALs that are reported by LLS may conflict with the interpretation
of the End User License Agreement (EULA) and with Product Usage
Rights (PUR). LLS will not be included in future versions of the
Windows operating system. (Only users of Small Business Server
should enable this service on their servers.)
System Service Name
LicenseService
| Application protocol |
Protocol |
Port |
NetBIOS Datagram Service
|
UDP
|
138
|
NetBIOS Session Service
|
TCP
|
139
|
SMB
|
TCP
|
445
|
Local Security
Authority
The Local Security Authority (LSASS)
service provides core operating system security mechanisms. It uses
random TCP ports assigned through the RPC service for domain
controller replication.
Although LSASS can use all of the
following protocols, it may only use a subset of them. For example,
if you are configuring a VPN gateway that lies behind a filtering
router, you might use L2TP with IPSec. If so, then you must allow
IPSec ESP (IP protocol 50), NAT-T (TCP on port 4500), and IPSec
ISAKMP (TCP on port 500) through the router. Although IPSec ESP is
required for L2TP, it is actually monitored by the Routing and
Remote Access service.
System Service Name LSASS
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Global Catalog Server
|
TCP
|
3269
|
Global Catalog Server
|
TCP
|
3268
|
LDAP Server
|
TCP
|
389
|
LDAP Server
|
UDP
|
389
|
LDAP SSL
|
UDP
|
636
|
LDAP SSL
|
TCP
|
636
|
IPSec ISAKMP
|
UDP
|
500
|
NAT-T
|
UDP
|
4500
|
Message Queuing
The Message Queuing system service is a
messaging infrastructure and development tool for creating
distributed messaging applications for Windows. Such applications
can communicate across heterogeneous networks and send messages
between computers that may be temporarily unable to connect to each
other. Message Queuing provides guaranteed message delivery,
efficient routing, security, support for sending messages within
transactions, and priority-based messaging.
System Service Name msmq
| Application protocol |
Protocol |
Port |
MSMQ
|
UDP
|
1801
|
MSMQ
|
TCP
|
1801
|
MSMQ-DCs
|
TCP
|
2101
|
MSMQ-Mgmt
|
TCP
|
2107
|
MSMQ-Ping
|
UDP
|
3527
|
MSMQ-RPC
|
TCP
|
2105
|
MSMQ-RPC
|
TCP
|
2103
|
RPC
|
TCP
|
135
|
Messenger
The Messenger system service sends
messages to or receives messages from users and computers,
administrators, and the Alerter service. This service is not related
to Microsoft Windows Messenger or MSN® Messenger. When this service
is disabled, the NET SEND and NET NAME shell commands will no longer
function. Messenger notifications sent to computers or users
currently logged on the network will not be received.
System Service Name
Messenger
| Application protocol |
Protocol |
Port |
NetBIOS Datagram Service
|
UDP
|
138
|
Microsoft Exchange MTA
Stacks
In Exchange 2000 Server and Exchange
Server 2003, Message Transfer Agent (MTA Stacks) is frequently used
to provide backward-compatible message transfer services between
Exchange 2000 Server-based servers and Exchange Server 5.5-based
servers in a mixed-mode environment.
| Application protocol |
Protocol |
Port |
X.400
|
TCP
|
102
|
Microsoft Operations Manager
2000
Microsoft Operations Manager 2000 (MOM)
delivers enterprise-class operations management by providing
comprehensive event management, proactive monitoring and alerting,
reporting, and trend analysis. After installing Service Pack 1, MOM
will stop using the clear-text communications channel, and all
traffic between the MOM agent and the MOM server will be encrypted
over TCP port 1270. The MOM Administrator console uses DCOM to
connect to the server. This means that administrators managing the
MOM server over the network must have access to random high TCP
ports, too.
System Service Name one
point
| Application protocol |
Protocol |
Port |
MOM-Clear
|
TCP
|
51515
|
MOM-Encrypted
|
TCP
|
1270
|
Microsoft POP3
Service
The Microsoft POP3 Service provides
e-mail transfer and retrieval services. Administrators can use this
service to store and manage e-mail accounts on the mail server. When
you install Microsoft POP3 Service on the mail server, users can
connect to the mail server and retrieve e-mail using an e-mail
client that supports the POP3 protocol, such as Microsoft
Outlook.
System Service Name
POP3SVC
| Application protocol |
Protocol |
Port |
POP3
|
TCP
|
110
|
Microsoft SQL
Server
Microsoft SQL Server 2000 provides a
powerful and comprehensive data management platform. The ports used
by each instance of SQL Server can be configured through the Server
Network Utility.
System Service Name
SQLSERVR
| Application protocol |
Protocol |
Port |
SQL over TCP
|
TCP
|
1433
|
SQL Probe
|
UDP
|
1434
|
MSSQL$UDDI
This system service installs during the
installation of the Universal Description, Discovery, and
Integration (UDDI) feature of the Windows Server 2003 family of
operating systems, which provides UDDI capabilities within an
enterprise. The SQL Server database engine is the core component of
this feature.
System Service Name
SQLSERVR
| Application protocol |
Protocol |
Port |
SQL over TCP
|
TCP
|
1433
|
SQL Probe
|
UDP
|
1434
|
Net Logon
The Net Logon system service maintains
a secure channel between your computer and the domain controller to
authenticate users and services. It passes the user's credentials
through a secure channel to a domain controller and returns the
domain security identifiers and user rights for the user. This is
commonly referred to as pass-through authentication. Net Logon
starts automatically when the computer is a member of a domain. In
the Windows 2000 Server and Windows 2003 Server families, the Net
Logon service publishes service resource records in the DNS. Net
Logon service is enabled only on computers that belong to a domain.
When it is running, it relies on the Server and Local Security
Authority services to listen for incoming requests. On domain member
computers, it uses RPC over named pipes; on domain controllers, it
uses RPC over named pipes, RPC over TCP/IP, mailslots, and LDAP.
System Service Name
Netlogon
| Application protocol |
Protocol |
Port |
NetBIOS Datagram Service
|
UDP
|
138
|
NetBIOS Name Resolution
|
UDP
|
137
|
NetBIOS Session Service
|
TCP
|
139
|
SMB
|
TCP
|
445
|
NetMeeting Remote Desktop
Sharing
The NetMeeting Remote Desktop Sharing
system service allows authorized users to remotely access your
Windows desktop from another personal computer over a corporate
intranet by using Microsoft® NetMeeting®. You must explicitly enable
this service in NetMeeting. You also can disable or shut down
through an icon in the Windows notification area.
System Service Name
mnmsrvc
| Application protocol |
Protocol |
Port |
Terminal Services
|
TCP
|
3389
|
Network News Transfer
Protocol
The Network News Transfer Protocol
(NNTP) system service allows computers running Windows Server 2003
to act as news servers. Clients can use a news client such as the
Microsoft Outlook Express messaging client to retrieve newsgroups
from the server and read headers or bodies of the articles in each
newsgroup.
System Service Name
NntpSvc
| Application protocol |
Protocol |
Port |
NNTP
|
TCP
|
119
|
NNTP over SSL
|
TCP
|
563
|
Performance Logs and
Alerts
The Performance Logs and Alerts system
service collects performance data from local or remote computers
based on preconfigured schedule parameters, then writes the data to
a log or triggers an alert. The Performance Logs and Alerts service
starts and stops each named performance data collection based on the
information contained in the named log collection setting. This
service runs only if at least one performance data collection is
scheduled.
System Service Name
SysmonLog
| Application protocol |
Protocol |
Port |
NetBIOS Session Service
|
TCP
|
139
|
Print Spooler
The Print Spooler system service
manages all local and network print queues and controls all print
jobs. The print spooler is the center of the Windows printing
subsystem and controls all printing jobs. It manages the print
queues on the system and communicates with printer drivers and
input/output (I/O) components, for example, the USB port and the
TCP/IP protocol suite.
System Service Name
Spooler
| Application protocol |
Protocol |
Port |
NetBIOS Session Service
|
TCP
|
139
|
SMB
|
TCP
|
445
|
Remote
Installation
The Remote Installation system service
provides the ability to install Windows 2000, Windows XP, and
Windows Server 2003 on Pre Execution Environment (PXE) remote
boot-enabled client computers. The Boot Information Negotiation
Layer (BINL) service, the primary component of Remote Installation
Services (RIS), answers PXE client requests, checks Active Directory
for client validation, and passes client information to and from the
server. The BINL service is installed when you either add the RIS
component from Add/Remove Windows Components, or select it when
initially installing the operating system.
System Service Name
BINLSVC
| Application protocol |
Protocol |
Port |
BINL
|
UDP
|
4011
|
Remote Procedure
Call
The Microsoft Remote Procedure Call
(RPC) system service is a secure inter-process communication (IPC)
mechanism that enables data exchange and invocation of functionality
residing in a different process. The different process can be on the
same computer, on the LAN, or across the globe through a WAN or VPN
connection. RPC service serves as the RPC endpoint mapper and
Component Object Model (COM) Service Control Manager (SCM). Many
services depend on the RPC service to start successfully.
System Service Name RpcSs
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
RPC over HTTP
|
TCP
|
593
|
Remote Procedure Call
Locator
The Remote Procedure Call Locator
system service enables RPC clients using the RpcNs family of
application programming interfaces (APIs) to locate RPC servers and
manages the RPC name service database. This service is turned off by
default.
System Service Name
RpcLocator
| Application protocol |
Protocol |
Port |
NetBIOS Session Service
|
TCP
|
139
|
SMB
|
TCP
|
445
|
Remote Storage
Notification
The Remote Storage Notification system
service notifies users when they read from or write to files that
are available only from a secondary storage media. If this service
is stopped, notification does not occur.
System Service Name
Remote_Storage_User_Link
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Remote Storage
Server
The Remote Storage Server system
service stores infrequently used files in a secondary storage
medium. Stopping this service prevents users from moving or
retrieving files from the secondary storage media.
System Service Name
Remote_Storage_Server
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Routing and Remote
Access
The Routing and Remote Access (RRAS)
system service provides multiprotocol LAN-to-LAN, LAN-to-WAN, VPN,
and NAT routing services. In addition, the RRAS service also
provides dial-up and VPN remote access services.
Although RRAS can use all of the
following protocols, typically it will only use a subset of them.
For example, if you are configuring a VPN gateway that lies behind a
filtering router, you will probably only use one technology. If you
use L2TP with IPSec, then you must allow IPSec ESP (IP protocol 50),
NAT-T (TCP on port 4500), and IPSec ISAKMP (TCP on port 500) through
the router. Although NAT-T and IPSec ISAKMP are required for L2TP,
these ports are actually monitored by the Local Security Authority.
For more information, see "Related Topics" later in this
document.
System Service Name
RemoteAccess
| Application protocol |
Protocol |
Port |
GRE (IP protocol 47)
|
GRE
|
n/a
|
IPSec AH (IP protocol 51)
|
AH
|
n/a
|
IPSec ESP (IP protocol 50)
|
ESP
|
n/a
|
L2TP
|
UDP
|
1701
|
PPTP
|
TCP
|
1723
|
Server
The Server system service provides RPC
support, and file, print, and named pipe sharing over the network.
The Server service allows the sharing of local resources, such as
disks and printers, so that other users on the network can access
them. It also allows named pipe communication between applications
running on other computers and your computer, which is used for RPC.
Named pipe communication is memory reserved for the output of one
process to be used as input for another process. The input-accepting
process does not have to be local to the computer.
System Service
Namelanmanserver
| Application protocol |
Protocol |
Port |
NetBIOS Datagram Service
|
UDP
|
138
|
NetBIOS Name Resolution
|
UDP
|
137
|
NetBIOS Session Service
|
TCP
|
139
|
SMB
|
TCP
|
445
|
SharePoint Portal
Server
The SharePoint Portal Server system
service enables enterprises to develop an intelligent portal that
seamlessly connects users, teams, and knowledge so that people can
take advantage of relevant information across business processes to
help them work more efficiently. Microsoft Office SharePoint™ Portal
Server 2003 provides an enterprise business solution that integrates
information from various systems into one solution through single
sign-on and enterprise application integration capabilities, with
flexible deployment options and management tools.
| Application protocol |
Protocol |
Port |
HTTP
|
TCP
|
80
|
HTTPS
|
TCP
|
443
|
Simple Mail Transfer
Protocol
The Simple Mail Transfer Protocol
(SMTP) system service is an e-mail submission and relay agent. It
can accept and queue e-mail for remote destinations and retry at
specified intervals. Windows domain controllers use the SMTP service
for intersite e-mail-based replication. The Collaboration Data
Objects (CDO) for the Windows Server 2003 COM component can use the
SMTP service to submit and queue outbound e-mail.
System Service Name
SMTPSVC
| Application protocol |
Protocol |
Port |
SMTP
|
TCP
|
25
|
SMTP
|
UDP
|
25
|
Simple TCP/IP
Services
Simple TCP/IP Services implements
support for the following protocols:
● Echo, port 7,
RFC 862
● Discard, port
9, RFC 863
● Character
Generator, port 9, RFC 864
● Daytime, port
3, RFC 867
● Quote of the
Day, port 7, RFC 865
System Service Name
SimpTcp
| Application protocol |
Protocol |
Port |
Chargen
|
TCP
|
19
|
Chargen
|
UDP
|
19
|
Daytime
|
TCP
|
13
|
Daytime
|
UDP
|
13
|
Discard
|
TCP
|
9
|
Discard
|
UDP
|
9
|
Echo
|
UDP
|
7
|
Echo
|
TCP
|
7
|
Quotd
|
UDP
|
17
|
Quotd
|
TCP
|
17
|
SMS Remote Control
Agent
Systems Management Server (SMS) 2003
provides a comprehensive solution for change and configuration
management for the Microsoft platform, enabling organizations to
provide relevant software and updates to users quickly and
cost-effectively.
| Application protocol |
Protocol |
Port |
SMS Remote Chat
|
UPD
|
2703
|
SMS Remote Chat
|
TCP
|
2703
|
SMS Remote Control (control)
|
UDP
|
2701
|
SMS Remote Control (control)
|
TCP
|
2701
|
SMS Remote Control (data)
|
TCP
|
2702
|
SMS Remote Control (data)
|
UDP
|
2702
|
SMS Remote File Transfer
|
UDP
|
2704
|
SMS Remote File Transfer
|
TCP
|
2704
|
SNMP Service
The SNMP Service system service allows
incoming Simple Network Management Protocol (SNMP) requests to be
serviced by the local computer. The SNMP service includes agents
that monitor activity in network devices and report to the network
console workstation. SNMP service provides a method of managing
network hosts, such as workstation or server computers, routers,
bridges, and hubs from a centrally-located computer running network
management software. SNMP performs management services by using a
distributed architecture of management systems and agents.
System Service Name SNMP
| Application protocol |
Protocol |
Port |
SNMP
|
UDP
|
161
|
SNMP Trap Service
The SNMP Trap Service receives trap
messages generated by local or remote SNMP agents and forwards the
messages to SNMP management programs running on your computer. The
SNMP Trap Service, when configured for an agent, generates trap
messages if any specific events occur. These messages are sent to a
trap destination. For example, an agent can be configured to
initiate an authentication trap if an unrecognized management system
sends a request for information. Trap destinations consist of the
computer name, or the IP address, or IPX address of the management
system. The trap destination must be a network-enabled host that is
running SNMP management software.
System Service Name
SNMPTRAP
| Application protocol |
Protocol |
Port |
SNMP Traps Outbound
|
UDP
|
162
|
SQL Analysis
Server
The SQL Analysis Server system service
is a component of SQL Server 2000. It can be used to create and
manage OLAP cubes and data mining models. The analysis server may
access local or remote data sources for the purposes of creating and
storing cubes or data mining models.
| Application protocol |
Protocol |
Port |
SQL Analysis Services
|
TCP
|
2725
|
SQL Server: Downlevel OLAP
Client Support
This system service is used by SQL
Server 2000 when the SQL Analysis Server service must support
connections from downlevel (OLAP Services 7.0) clients.
Default Ports for OLAP Services Used
by SQL Server 7.0
| Application protocol |
Protocol |
Port |
OLAP Services 7.0
|
TCP
|
2393
|
OLAP Services 7.0
|
TCP
|
2394
|
SSDP Discovery
Service
The SSDP Discovery service implements
the Simple Service Discovery Protocol (SSDP) as a Windows service.
The SSDP Discovery service manages receipt of device presence
announcements, updating its cache and passing these notifications
along to clients with outstanding search requests. The SSDP
Discovery service also accepts registration of event callbacks from
clients, turns these into subscription requests, and monitors for
event notifications, passing them along to the registered callbacks.
This system service also provides hosted devices with periodic
announcements.
Currently, the SSDP event notification
service uses TCP port 5000. In Windows XP Service Pack 2, it relies
on TCP port 2869.
System Service Name
SSDPRSRV
| Application protocol |
Protocol |
Port |
SSDP
|
UDP
|
1900
|
SSDP event notification
|
TCP
|
2869
|
SSDP legacy event notification
|
TCP
|
5000
|
Systems Management
Server
Systems Management Server (SMS) 2003
provides a comprehensive solution for change and configuration
management for the Microsoft platform, enabling organizations to
provide relevant software and updates to users quickly and
cost-effectively.
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
NetBIOS Datagram Service
|
UDP
|
138
|
NetBIOS Name Resolution
|
UDP
|
137
|
NetBIOS Session Service
|
TCP
|
139
|
TCP/IP Print
Server
The TCP/IP Print Server system service
enables TCP/IP—based printing using the Line Printer Daemon
protocol. The Line Printer Daemon Service (LPDSVC) on the server
receives documents from native Line Printer Remote (LPR) utilities
running on UNIX computers.
System Service Name
LPDSVC
| Application protocol |
Protocol |
Port |
LPD
|
TCP
|
515
|
Telnet
The Telnet system service for Windows
provides ASCII terminal sessions to Telnet clients. Telnet Server
supports two types of authentication and supports four types of
terminals: American National Standards Institute (ANSI), VT-100,
VT-52, and VTNT.
System Service Name
TlntSvr
| Application protocol |
Protocol |
Port |
Telnet
|
TCP
|
23
|
Terminal Services
Terminal Services provides a
multisession environment that allows client devices to access a
virtual Windows desktop session and Windows-based programs running
on the server. Terminal Services allows multiple users to be
connected interactively to a computer.
System Service Name
TermService
| Application protocol |
Protocol |
Port |
Terminal Services
|
TCP
|
3389
|
Terminal Services
Licensing
The Terminal Services Licensing system
service installs a license server and provides registered client
licenses when connecting to a Terminal Server. The Terminal Services
Licensing service is a low-impact service that stores the client
licenses that have been issued for a Terminal Server, and then
tracks the licenses that have been issued to client computers or
terminals.
System Service
NameTermServLicensing
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Terminal Services Session
Directory
The Terminal Services Session Directory
system service allows clusters of load-balanced Terminal Servers to
route a user's connection request to the server where the user
already has a session running. Users will be routed to the
first-available Terminal Server, regardless of whether they've got a
running session elsewhere in the cluster. Load Balancing pools the
processing resources of several servers using the TCP/IP networking
protocol. You can use this service with a cluster of terminal
servers to scale the performance of a single terminal server by
distributing sessions across multiple servers. Session Directory
keeps track of disconnected sessions on the cluster, and ensures
that users are reconnected to those sessions.
System Service Name
Tssdis
| Application protocol |
Protocol |
Port |
RPC
|
TCP
|
135
|
Randomly allocated high TCP ports
|
TCP
|
RANDOM
|
Trivial FTP Daemon
Service
The Trivial FTP (TFTP) Daemon system
service does not require a user name or password and is an integral
part of the Remote Installation Services (RIS). The Trivial FTP
Daemon service implements support for the TFTP protocol defined by
the following RFCs:
● RFC 350 —
TFTP
● RFC 2347 —
Option extension
● RFC 2348 —
Block size option
● RFC 2349 —
Timeout interval, and transfer size options
Trivial File Transfer Protocol is
designed to support diskless boot environments. TFTP Daemons listen
on UDP port 69, but respond from a randomly allocated high port.
Therefore, enabling this port will allow the TFTP service to receive
incoming TFTP requests, but will not allow the selected server to
respond to those requests. Allowing the selected server to respond
to inbound TFTP requests cannot be accomplished unless the TFTP
server is configured to respond from port 69.
System Service Name tftpd
| Application protocol |
Protocol |
Port |
TFTP
|
UDP
|
69
|
Universal Plug and Play Device
Host
The UPnP Host discovery system service
implements all of the components required for device registration,
control, and responding to events for hosted devices. The
information registered pertaining to a device (description,
lifetimes, containers) are optionally persisted to disk and
announced on the network after registration or on system restart.
The service also includes the Web server, which serves the device,
as well as service descriptions and a presentation page.
System Service Name
UPNPHost
| Application protocol |
Protocol |
Port |
UPNP
|
TCP
|
2869
|
Windows Internet Name
Service
The Windows Internet Name Service
(WINS) enables NetBIOS name resolution. The presence of WINS servers
is crucial for locating network resources that can be identified
using NetBIOS names. WINS servers are required unless all domains
have been upgraded to Active Directory, and all computers on the
network are running Windows 2000 Server or later. WINS servers
communicate with network clients using NetBIOS Name Resolution. WINS
Replication is required between WINS servers only.
System Service Name WINS
| Application protocol |
Protocol |
Port |
NetBIOS Name Resolution
|
UDP
|
137
|
WINS Replication
|
TCP
|
42
|
WINS Replication
|
UDP
|
42
|
Windows Media
Services
Windows Media Service in Windows Server
2003 replaces the four separate services that comprised Windows
Media Services versions 4.0 and 4.1: Windows Media Monitor Service,
Windows Media Program Service, Windows Media Station Service, and
Windows Media Unicast Service.
The Windows Media Service system
service is now a single service that runs on Windows Server 2003,
Standard Edition, Enterprise Edition, and Datacenter Edition. Its
core components were developed using COM, creating a flexible
architecture that is easily customized for specific applications. It
supports a greater variety of control protocols, including Real Time
Streaming Protocol (RTSP), Microsoft Media Server (MMS) protocol,
and HTTP.
System Service Name
WMServer
| Application protocol |
Protocol |
Port |
HTTP
|
TCP
|
80
|
MMS
|
TCP
|
1755
|
MMS
|
UDP
|
1755
|
MS Theater
|
UDP
|
2460
|
RTCP
|
UDP
|
5005
|
RTP
|
UDP
|
5004
|
RTSP
|
TCP
|
554
|
Windows Time
For computers running Windows XP and
Windows Server 2003, the Windows Time system service maintains date
and time synchronization on all computers running on a Microsoft
Windows network. The service uses the Network Time Protocol (NTP) to
synchronize computer clocks so that an accurate clock value, or
timestamp, is assigned for network validation and resource access
requests.
The implementation of NTP and the
integration of time providers make Windows Time a reliable and
scalable time service for enterprise administrators. For computers
not joined to a domain, you can configure Windows Time to
synchronize time with an external time source. If this service is
turned off, the time setting for local computers will not be
synchronized with any time service in the Windows domain, or an
externally configured time service.
Windows Server 2003 uses NTP, which
runs on UDP port 123. The Windows 2000 version of this service uses
the Simple Network Time Protocol (SNTP), which also runs on UDP port
123.
System Service Name
W32Time
| Application protocol |
Protocol |
Port |
NTP
|
UDP
|
123
|
SNTP
|
UDP
|
123
|
World Wide Web Publishing
Service
The World Wide Web Publishing Service
provides the infrastructure necessary to register, manage, monitor,
and serve Web sites and applications registered with IIS. The system
service contains a process manager and a configuration manager. The
process manager controls the processes in which custom applications
and Web sites reside. The configuration manager reads the stored
system configuration for the W3SVC, and ensures that HTTP.sys is
configured to route HTTP requests to the appropriate application
pools or operating system processes. The ports used by this service
can be configured through IIS Manager.
If the administrative Web site is
enabled, a virtual Web site will be created that uses HTTP traffic
on TCP port 8098.
System Service Name W3SVC
| Application protocol |
Protocol |
Port |
HTTP
|
TCP
|
80
|
HTTPS
|
TCP
|
443
| |