Epmap Connectionn Problem

Guest · Aug 17, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

There is one PC (WindowsXP installed) alway try to establish epmap
connection with our DNS/DHCP/VPN server(Windows2000 server installed). I use
command "netstat -ab" to see the result as below. I found this connection
established by Windows system services. I don't understand what and why this
happened.

C:\Documents and Settings\czhang>netstat -ab

Active Connections

Proto Local Address Foreign Address State PID

TCP christinezhang:epmap christinezhang.actuate.com:0 LISTENING
952

c:\windows\system32\WS2_32.dll

C:\WINDOWS\system32\RPCRT4.dll

c:\windows\system32\rpcss.dll

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ADVAPI32.dll

[svchost.exe]

TCP christinezhang:microsoft-ds christinezhang.actuate.com:0
LISTENING 4

[System]

TCP christinezhang:5225 christinezhang.actuate.com:0 LISTENING
904

[javaw.exe]

TCP christinezhang:5226 christinezhang.actuate.com:0 LISTENING
904

[javaw.exe]

TCP christinezhang:8008 christinezhang.actuate.com:0 LISTENING
904

[javaw.exe]

TCP christinezhang:1046 christinezhang.actuate.com:0 LISTENING
2684

[alg.exe]

TCP christinezhang:8005 christinezhang.actuate.com:0 LISTENING
904

[javaw.exe]

TCP christinezhang:netbios-ssn christinezhang.actuate.com:0 LISTENING
4

[System]

TCP christinezhang:1063 christinezhang.actuate.com:5226 ESTABLISHED
1896

[StatusClient.exe]

TCP christinezhang:5226 christinezhang.actuate.com:1063 ESTABLISHED
904

[javaw.exe]

TCP christinezhang:1056 baym-cs65.msgr.hotmail.com:1863 ESTABLISHED
2000

[msnmsgr.exe]

TCP christinezhang:1344 baym-sb24.msgr.hotmail.com:1863 ESTABLISHED
2000

[msnmsgr.exe]

TCP christinezhang:1348 207.68.178.61:http ESTABLISHED 2000

[msnmsgr.exe]

TCP christinezhang:1350 207.68.178.61:http ESTABLISHED 2000

[msnmsgr.exe]

TCP christinezhang:1352 192.168.218.145:netbios-ssn ESTABLISHED
4

[System]

TCP christinezhang:1353 shanghai.actuate.com:epmap ESTABLISHED
952

c:\windows\system32\WS2_32.dll

C:\WINDOWS\system32\RPCRT4.dll

c:\windows\system32\rpcss.dll

[svchost.exe]

TCP christinezhang:1318 shanghai.actuate.com:epmap TIME_WAIT
0

TCP christinezhang:1319 shanghai.actuate.com:microsoft-ds TIME_WAIT

0

TCP christinezhang:1321 shanghai.actuate.com:epmap TIME_WAIT
0

TCP christinezhang:1322 shanghai.actuate.com:microsoft-ds TIME_WAIT

0

TCP christinezhang:1324 shanghai.actuate.com:epmap TIME_WAIT
0

TCP christinezhang:1341 shanghai.actuate.com:microsoft-ds TIME_WAIT

0

TCP christinezhang:1343 shanghai.actuate.com:epmap TIME_WAIT
0

TCP christinezhang:1345 shanghai.actuate.com:microsoft-ds TIME_WAIT

0

TCP christinezhang:1347 shanghai.actuate.com:epmap TIME_WAIT
0

UDP christinezhang:microsoft-ds *:*
4

[System]

UDP christinezhang:1349 *:* 1172

C:\WINDOWS\system32\mswsock.dll

c:\windows\system32\WS2_32.dll

c:\windows\system32\DNSAPI.dll

c:\windows\system32\dnsrslvr.dll

C:\WINDOWS\system32\RPCRT4.dll

[svchost.exe]

UDP christinezhang:isakmp *:* 708

[lsass.exe]

UDP christinezhang:4500 *:* 708

[lsass.exe]

UDP christinezhang:1027 *:* 1172

C:\WINDOWS\system32\mswsock.dll

c:\windows\system32\WS2_32.dll

c:\windows\system32\DNSAPI.dll

c:\windows\system32\dnsrslvr.dll

C:\WINDOWS\system32\RPCRT4.dll

[svchost.exe]

UDP christinezhang:ntp *:* 1048

c:\windows\system32\WS2_32.dll

c:\windows\system32\w32time.dll

ntdll.dll

C:\WINDOWS\system32\kernel32.dll

[svchost.exe]

UDP christinezhang:1222 *:* 1928

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\kernel32.dll

[rundll32.exe]

UDP christinezhang:1066 *:* 2000

[msnmsgr.exe]

UDP christinezhang:1900 *:* 1216

c:\windows\system32\WS2_32.dll

c:\windows\system32\ssdpsrv.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\kernel32.dll

[svchost.exe]

UDP christinezhang:netbios-ns *:* 4

[System]

UDP christinezhang:1900 *:* 1216

c:\windows\system32\WS2_32.dll

c:\windows\system32\ssdpsrv.dll

C:\WINDOWS\system32\ADVAPI32.dll

C:\WINDOWS\system32\kernel32.dll

[svchost.exe]

UDP christinezhang:netbios-dgm *:*
4

[System]

UDP christinezhang:ntp *:* 1048

c:\windows\system32\WS2_32.dll

c:\windows\system32\w32time.dll

ntdll.dll

C:\WINDOWS\system32\kernel32.dll

[svchost.exe]

I also use command "netstat -a" on server Shanghai, the result as below:

C:\Documents and Settings\jzhou>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP shanghai:echo shanghai.actuate.com:0 LISTENING
TCP shanghai:discard shanghai.actuate.com:0 LISTENING
TCP shanghai:daytime shanghai.actuate.com:0 LISTENING
TCP shanghai:qotd shanghai.actuate.com:0 LISTENING
TCP shanghai:chargen shanghai.actuate.com:0 LISTENING
TCP shanghai:smtp shanghai.actuate.com:0 LISTENING
TCP shanghai:nameserver shanghai.actuate.com:0 LISTENING
TCP shanghai:domain shanghai.actuate.com:0 LISTENING
TCP shanghai:http shanghai.actuate.com:0 LISTENING
TCP shanghai:epmap shanghai.actuate.com:0 LISTENING
TCP shanghai:https shanghai.actuate.com:0 LISTENING
TCP shanghai:microsoft-ds shanghai.actuate.com:0 LISTENING
TCP shanghai😛rinter shanghai.actuate.com:0 LISTENING
TCP shanghai:548 shanghai.actuate.com:0 LISTENING
TCP shanghai:1025 shanghai.actuate.com:0 LISTENING
TCP shanghai:1031 shanghai.actuate.com:0 LISTENING
TCP shanghai:1036 shanghai.actuate.com:0 LISTENING
TCP shanghai:1040 shanghai.actuate.com:0 LISTENING
TCP shanghai:1042 shanghai.actuate.com:0 LISTENING
TCP shanghai:1047 shanghai.actuate.com:0 LISTENING
TCP shanghai:1049 shanghai.actuate.com:0 LISTENING
TCP shanghai:1059 shanghai.actuate.com:0 LISTENING
TCP shanghai:1667 shanghai.actuate.com:0 LISTENING
TCP shanghai😛ptp shanghai.actuate.com:0 LISTENING
TCP shanghai:1755 shanghai.actuate.com:0 LISTENING
TCP shanghai:1801 shanghai.actuate.com:0 LISTENING
TCP shanghai:2103 shanghai.actuate.com:0 LISTENING
TCP shanghai:2105 shanghai.actuate.com:0 LISTENING
TCP shanghai:2107 shanghai.actuate.com:0 LISTENING
TCP shanghai:2401 shanghai.actuate.com:0 LISTENING
TCP shanghai:2402 shanghai.actuate.com:0 LISTENING
TCP shanghai:3372 shanghai.actuate.com:0 LISTENING
TCP shanghai:3389 shanghai.actuate.com:0 LISTENING
TCP shanghai:6666 shanghai.actuate.com:0 LISTENING
TCP shanghai:7007 shanghai.actuate.com:0 LISTENING
TCP shanghai:7778 shanghai.actuate.com:0 LISTENING
TCP shanghai:8001 shanghai.actuate.com:0 LISTENING
TCP shanghai:epmap CHRISTINEZHANG:952 ESTABLISHED
TCP shanghai:netbios-ssn shanghai.actuate.com:0 LISTENING
TCP shanghai:netbios-ssn LIONELWANG:1826 ESTABLISHED
TCP shanghai:netbios-ssn YLI:1866 ESTABLISHED
TCP shanghai:netbios-ssn SISSIZHU:1532 ESTABLISHED
TCP shanghai:3389 JIANZHOU:4543 ESTABLISHED
UDP shanghai:echo *:*
UDP shanghai:discard *:*
UDP shanghai:daytime *:*
UDP shanghai:qotd *:*
UDP shanghai:chargen *:*
UDP shanghai:nameserver *:*
UDP shanghai:bootpc *:*
UDP shanghai:epmap *:*
UDP shanghai:snmp *:*
UDP shanghai:microsoft-ds *:*
UDP shanghai:1027 *:*
UDP shanghai:1033 *:*
UDP shanghai:1039 *:*
UDP shanghai:1048 *:*
UDP shanghai:1050 *:*
UDP shanghai:1060 *:*
UDP shanghai:1645 *:*
UDP shanghai:1646 *:*
UDP shanghai:l2tp *:*
UDP shanghai:1755 *:*
UDP shanghai:radius *:*
UDP shanghai:radacct *:*
UDP shanghai:3456 *:*
UDP shanghai:3527 *:*
UDP shanghai:domain *:*
UDP shanghai:bootps *:*
UDP shanghai:bootpc *:*
UDP shanghai:isakmp *:*
UDP shanghai:2535 *:*
UDP shanghai:domain *:*
UDP shanghai:1029 *:*
UDP shanghai:1030 *:*
UDP shanghai:1038 *:*
UDP shanghai:1041 *:*
UDP shanghai:domain *:*
UDP shanghai:bootps *:*
UDP shanghai:bootpc *:*
UDP shanghai:netbios-ns *:*
UDP shanghai:netbios-dgm *:*
UDP shanghai:isakmp *:*
UDP shanghai:2535 *:*

Thanks,

James

Savage · Aug 17, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

I can only offer my theory , but is it possible you may have a network
protocol on your machine trying to obtain an IP address ?

Or possibly an application trying to resolve a host name via the DNS server ?

Typically if one machine starts misbehaving , I'd look at malware.
Possibly install a local firewall , the likes of SP2 or third party like
zonealarm etc.
This might pinch off unwanted network traffic , you can confirure the
windows firewall to log successful connections and dropped packets.

See what you can find...
--
________
NIC
----------
Savage
________

"Charms Zhou" wrote:

> There is one PC (WindowsXP installed) alway try to establish epmap
> connection with our DNS/DHCP/VPN server(Windows2000 server installed). I use
> command "netstat -ab" to see the result as below. I found this connection
> established by Windows system services. I don't understand what and why this
> happened.
>
>
>
>
>
> C:\Documents and Settings\czhang>netstat -ab
>
>
>
> Active Connections
>
>
>
> Proto Local Address Foreign Address State PID
>
> TCP christinezhang:epmap christinezhang.actuate.com:0 LISTENING
> 952
>
> c:\windows\system32\WS2_32.dll
>
> C:\WINDOWS\system32\RPCRT4.dll
>
> c:\windows\system32\rpcss.dll
>
> C:\WINDOWS\system32\svchost.exe
>
> C:\WINDOWS\system32\ADVAPI32.dll
>
> [svchost.exe]
>
>
>
> TCP christinezhang:microsoft-ds christinezhang.actuate.com:0
> LISTENING 4
>
> [System]
>
>
>
> TCP christinezhang:5225 christinezhang.actuate.com:0 LISTENING
> 904
>
> [javaw.exe]
>
>
>
> TCP christinezhang:5226 christinezhang.actuate.com:0 LISTENING
> 904
>
> [javaw.exe]
>
>
>
> TCP christinezhang:8008 christinezhang.actuate.com:0 LISTENING
> 904
>
> [javaw.exe]
>
>
>
> TCP christinezhang:1046 christinezhang.actuate.com:0 LISTENING
> 2684
>
> [alg.exe]
>
>
>
> TCP christinezhang:8005 christinezhang.actuate.com:0 LISTENING
> 904
>
> [javaw.exe]
>
>
>
> TCP christinezhang:netbios-ssn christinezhang.actuate.com:0 LISTENING
> 4
>
> [System]
>
>
>
> TCP christinezhang:1063 christinezhang.actuate.com:5226 ESTABLISHED
> 1896
>
> [StatusClient.exe]
>
>
>
> TCP christinezhang:5226 christinezhang.actuate.com:1063 ESTABLISHED
> 904
>
> [javaw.exe]
>
>
>
> TCP christinezhang:1056 baym-cs65.msgr.hotmail.com:1863 ESTABLISHED
> 2000
>
> [msnmsgr.exe]
>
>
>
> TCP christinezhang:1344 baym-sb24.msgr.hotmail.com:1863 ESTABLISHED
> 2000
>
> [msnmsgr.exe]
>
>
>
> TCP christinezhang:1348 207.68.178.61:http ESTABLISHED 2000
>
> [msnmsgr.exe]
>
>
>
> TCP christinezhang:1350 207.68.178.61:http ESTABLISHED 2000
>
> [msnmsgr.exe]
>
>
>
> TCP christinezhang:1352 192.168.218.145:netbios-ssn ESTABLISHED
> 4
>
> [System]
>
>
>
> TCP christinezhang:1353 shanghai.actuate.com:epmap ESTABLISHED
> 952
>
> c:\windows\system32\WS2_32.dll
>
> C:\WINDOWS\system32\RPCRT4.dll
>
> c:\windows\system32\rpcss.dll
>
> [svchost.exe]
>
>
>
> TCP christinezhang:1318 shanghai.actuate.com:epmap TIME_WAIT
> 0
>
> TCP christinezhang:1319 shanghai.actuate.com:microsoft-ds TIME_WAIT
>
> 0
>
> TCP christinezhang:1321 shanghai.actuate.com:epmap TIME_WAIT
> 0
>
> TCP christinezhang:1322 shanghai.actuate.com:microsoft-ds TIME_WAIT
>
> 0
>
> TCP christinezhang:1324 shanghai.actuate.com:epmap TIME_WAIT
> 0
>
> TCP christinezhang:1341 shanghai.actuate.com:microsoft-ds TIME_WAIT
>
> 0
>
> TCP christinezhang:1343 shanghai.actuate.com:epmap TIME_WAIT
> 0
>
> TCP christinezhang:1345 shanghai.actuate.com:microsoft-ds TIME_WAIT
>
> 0
>
> TCP christinezhang:1347 shanghai.actuate.com:epmap TIME_WAIT
> 0
>
> UDP christinezhang:microsoft-ds *:*
> 4
>
> [System]
>
>
>
> UDP christinezhang:1349 *:* 1172
>
> C:\WINDOWS\system32\mswsock.dll
>
> c:\windows\system32\WS2_32.dll
>
> c:\windows\system32\DNSAPI.dll
>
> c:\windows\system32\dnsrslvr.dll
>
> C:\WINDOWS\system32\RPCRT4.dll
>
> [svchost.exe]
>
>
>
> UDP christinezhang:isakmp *:* 708
>
> [lsass.exe]
>
>
>
> UDP christinezhang:4500 *:* 708
>
> [lsass.exe]
>
>
>
> UDP christinezhang:1027 *:* 1172
>
> C:\WINDOWS\system32\mswsock.dll
>
> c:\windows\system32\WS2_32.dll
>
> c:\windows\system32\DNSAPI.dll
>
> c:\windows\system32\dnsrslvr.dll
>
> C:\WINDOWS\system32\RPCRT4.dll
>
> [svchost.exe]
>
>
>
> UDP christinezhang:ntp *:* 1048
>
> c:\windows\system32\WS2_32.dll
>
> c:\windows\system32\w32time.dll
>
> ntdll.dll
>
> C:\WINDOWS\system32\kernel32.dll
>
> [svchost.exe]
>
>
>
> UDP christinezhang:1222 *:* 1928
>
> C:\WINDOWS\system32\WS2_32.dll
>
> C:\WINDOWS\system32\WININET.dll
>
> C:\WINDOWS\system32\kernel32.dll
>
> [rundll32.exe]
>
>
>
> UDP christinezhang:1066 *:* 2000
>
> [msnmsgr.exe]
>
>
>
> UDP christinezhang:1900 *:* 1216
>
> c:\windows\system32\WS2_32.dll
>
> c:\windows\system32\ssdpsrv.dll
>
> C:\WINDOWS\system32\ADVAPI32.dll
>
> C:\WINDOWS\system32\kernel32.dll
>
> [svchost.exe]
>
>
>
> UDP christinezhang:netbios-ns *:* 4
>
> [System]
>
>
>
> UDP christinezhang:1900 *:* 1216
>
> c:\windows\system32\WS2_32.dll
>
> c:\windows\system32\ssdpsrv.dll
>
> C:\WINDOWS\system32\ADVAPI32.dll
>
> C:\WINDOWS\system32\kernel32.dll
>
> [svchost.exe]
>
>
>
> UDP christinezhang:netbios-dgm *:*
> 4
>
> [System]
>
>

Guest · Aug 18, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

1. The problem is still here after I change the machine's DNS server;
2. The machine is with SP2 and fire wall is on;
3. The port number connect to server's epmap port is protean.

"Savage" <Savage@discussions.microsoft.com> wrote in message
news:CDE4C6E0-3F18-4E33-B7D1-4E6C40B530B5@microsoft.com...
>I can only offer my theory , but is it possible you may have a network
> protocol on your machine trying to obtain an IP address ?
>
> Or possibly an application trying to resolve a host name via the DNS
> server ?
>
> Typically if one machine starts misbehaving , I'd look at malware.
> Possibly install a local firewall , the likes of SP2 or third party like
> zonealarm etc.
> This might pinch off unwanted network traffic , you can confirure the
> windows firewall to log successful connections and dropped packets.
>
> See what you can find...
> --
> ________
> NIC
> ----------
> Savage
> ________
>
>
> "Charms Zhou" wrote:
>
>> There is one PC (WindowsXP installed) alway try to establish epmap
>> connection with our DNS/DHCP/VPN server(Windows2000 server installed). I
>> use
>> command "netstat -ab" to see the result as below. I found this connection
>> established by Windows system services. I don't understand what and why
>> this
>> happened.
>>
>>
>>
>>
>>
>> C:\Documents and Settings\czhang>netstat -ab
>>
>>
>>
>> Active Connections
>>
>>
>>
>> Proto Local Address Foreign Address State
>> PID
>>
>> TCP christinezhang:epmap christinezhang.actuate.com:0 LISTENING
>> 952
>>
>> c:\windows\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> c:\windows\system32\rpcss.dll
>>
>> C:\WINDOWS\system32\svchost.exe
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> TCP christinezhang:microsoft-ds christinezhang.actuate.com:0
>> LISTENING 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:5225 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:5226 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:8008 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:1046 christinezhang.actuate.com:0 LISTENING
>> 2684
>>
>> [alg.exe]
>>
>>
>>
>> TCP christinezhang:8005 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:netbios-ssn christinezhang.actuate.com:0
>> LISTENING
>> 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:1063 christinezhang.actuate.com:5226
>> ESTABLISHED
>> 1896
>>
>> [StatusClient.exe]
>>
>>
>>
>> TCP christinezhang:5226 christinezhang.actuate.com:1063
>> ESTABLISHED
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:1056 baym-cs65.msgr.hotmail.com:1863
>> ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1344 baym-sb24.msgr.hotmail.com:1863
>> ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1348 207.68.178.61:http ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1350 207.68.178.61:http ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1352 192.168.218.145:netbios-ssn ESTABLISHED
>> 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:1353 shanghai.actuate.com:epmap ESTABLISHED
>> 952
>>
>> c:\windows\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> c:\windows\system32\rpcss.dll
>>
>> [svchost.exe]
>>
>>
>>
>> TCP christinezhang:1318 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1319 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1321 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1322 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1324 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1341 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1343 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1345 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1347 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> UDP christinezhang:microsoft-ds *:*
>> 4
>>
>> [System]
>>
>>
>>
>> UDP christinezhang:1349 *:*
>> 1172
>>
>> C:\WINDOWS\system32\mswsock.dll
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\DNSAPI.dll
>>
>> c:\windows\system32\dnsrslvr.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:isakmp *:*
>> 708
>>
>> [lsass.exe]
>>
>>
>>
>> UDP christinezhang:4500 *:*
>> 708
>>
>> [lsass.exe]
>>
>>
>>
>> UDP christinezhang:1027 *:*
>> 1172
>>
>> C:\WINDOWS\system32\mswsock.dll
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\DNSAPI.dll
>>
>> c:\windows\system32\dnsrslvr.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:ntp *:*
>> 1048
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\w32time.dll
>>
>> ntdll.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:1222 *:*
>> 1928
>>
>> C:\WINDOWS\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\WININET.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [rundll32.exe]
>>
>>
>>
>> UDP christinezhang:1066 *:*
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> UDP christinezhang:1900 *:*
>> 1216
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\ssdpsrv.dll
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:netbios-ns *:*
>> 4
>>
>> [System]
>>
>>
>>
>> UDP christinezhang:1900 *:*
>> 1216
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\ssdpsrv.dll
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:netbios-dgm *:*
>> 4
>>
>> [System]
>>
>>

Savage · Aug 18, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

I'm out , but hope this article helps.

How to Use Portqry to Troubleshoot Active Directory Connectivity Issues
http://support.microsoft.com/default.aspx?scid=kb;en-us;310456

--
________
NIC
----------
Savage
________

"Charms Zhou" wrote:

> 1. The problem is still here after I change the machine's DNS server;
> 2. The machine is with SP2 and fire wall is on;
> 3. The port number connect to server's epmap port is protean.
>
> "Savage" <Savage@discussions.microsoft.com> wrote in message
> news:CDE4C6E0-3F18-4E33-B7D1-4E6C40B530B5@microsoft.com...
> >I can only offer my theory , but is it possible you may have a network
> > protocol on your machine trying to obtain an IP address ?
> >
> > Or possibly an application trying to resolve a host name via the DNS
> > server ?
> >
> > Typically if one machine starts misbehaving , I'd look at malware.
> > Possibly install a local firewall , the likes of SP2 or third party like
> > zonealarm etc.
> > This might pinch off unwanted network traffic , you can confirure the
> > windows firewall to log successful connections and dropped packets.
> >
> > See what you can find...
> > --
> > ________
> > NIC
> > ----------
> > Savage
> > ________
> >
> >
> > "Charms Zhou" wrote:
> >
> >> There is one PC (WindowsXP installed) alway try to establish epmap
> >> connection with our DNS/DHCP/VPN server(Windows2000 server installed). I
> >> use
> >> command "netstat -ab" to see the result as below. I found this connection
> >> established by Windows system services. I don't understand what and why
> >> this
> >> happened.
> >>
> >>
> >>
> >>
> >>
> >> C:\Documents and Settings\czhang>netstat -ab
> >>
> >>
> >>
> >> Active Connections
> >>
> >>
> >>
> >> Proto Local Address Foreign Address State
> >> PID
> >>
> >> TCP christinezhang:epmap christinezhang.actuate.com:0 LISTENING
> >> 952
> >>
> >> c:\windows\system32\WS2_32.dll
> >>
> >> C:\WINDOWS\system32\RPCRT4.dll
> >>
> >> c:\windows\system32\rpcss.dll
> >>
> >> C:\WINDOWS\system32\svchost.exe
> >>
> >> C:\WINDOWS\system32\ADVAPI32.dll
> >>
> >> [svchost.exe]
> >>
> >>
> >>
> >> TCP christinezhang:microsoft-ds christinezhang.actuate.com:0
> >> LISTENING 4
> >>
> >> [System]
> >>
> >>
> >>
> >> TCP christinezhang:5225 christinezhang.actuate.com:0 LISTENING
> >> 904
> >>
> >> [javaw.exe]
> >>
> >>
> >>
> >> TCP christinezhang:5226 christinezhang.actuate.com:0 LISTENING
> >> 904
> >>
> >> [javaw.exe]
> >>
> >>
> >>
> >> TCP christinezhang:8008 christinezhang.actuate.com:0 LISTENING
> >> 904
> >>
> >> [javaw.exe]
> >>
> >>
> >>
> >> TCP christinezhang:1046 christinezhang.actuate.com:0 LISTENING
> >> 2684
> >>
> >> [alg.exe]
> >>
> >>
> >>
> >> TCP christinezhang:8005 christinezhang.actuate.com:0 LISTENING
> >> 904
> >>
> >> [javaw.exe]
> >>
> >>
> >>
> >> TCP christinezhang:netbios-ssn christinezhang.actuate.com:0
> >> LISTENING
> >> 4
> >>
> >> [System]
> >>
> >>
> >>
> >> TCP christinezhang:1063 christinezhang.actuate.com:5226
> >> ESTABLISHED
> >> 1896
> >>
> >> [StatusClient.exe]
> >>
> >>
> >>
> >> TCP christinezhang:5226 christinezhang.actuate.com:1063
> >> ESTABLISHED
> >> 904
> >>
> >> [javaw.exe]
> >>
> >>
> >>
> >> TCP christinezhang:1056 baym-cs65.msgr.hotmail.com:1863
> >> ESTABLISHED
> >> 2000
> >>
> >> [msnmsgr.exe]
> >>
> >>
> >>
> >> TCP christinezhang:1344 baym-sb24.msgr.hotmail.com:1863
> >> ESTABLISHED
> >> 2000
> >>
> >> [msnmsgr.exe]
> >>
> >>
> >>
> >> TCP christinezhang:1348 207.68.178.61:http ESTABLISHED
> >> 2000
> >>
> >> [msnmsgr.exe]
> >>
> >>
> >>
> >> TCP christinezhang:1350 207.68.178.61:http ESTABLISHED
> >> 2000
> >>
> >> [msnmsgr.exe]
> >>
> >>
> >>
> >> TCP christinezhang:1352 192.168.218.145:netbios-ssn ESTABLISHED
> >> 4
> >>
> >> [System]
> >>
> >>
> >>
> >> TCP christinezhang:1353 shanghai.actuate.com:epmap ESTABLISHED
> >> 952
> >>
> >> c:\windows\system32\WS2_32.dll
> >>
> >> C:\WINDOWS\system32\RPCRT4.dll
> >>
> >> c:\windows\system32\rpcss.dll
> >>
> >> [svchost.exe]
> >>
> >>
> >>
> >> TCP christinezhang:1318 shanghai.actuate.com:epmap TIME_WAIT
> >> 0
> >>
> >> TCP christinezhang:1319 shanghai.actuate.com:microsoft-ds
> >> TIME_WAIT
> >>
> >> 0
> >>
> >> TCP christinezhang:1321 shanghai.actuate.com:epmap TIME_WAIT
> >> 0
> >>
> >> TCP christinezhang:1322 shanghai.actuate.com:microsoft-ds
> >> TIME_WAIT
> >>
> >> 0
> >>
> >> TCP christinezhang:1324 shanghai.actuate.com:epmap TIME_WAIT
> >> 0
> >>
> >> TCP christinezhang:1341 shanghai.actuate.com:microsoft-ds
> >> TIME_WAIT
> >>
> >> 0
> >>
> >> TCP christinezhang:1343 shanghai.actuate.com:epmap TIME_WAIT
> >> 0
> >>
> >> TCP christinezhang:1345 shanghai.actuate.com:microsoft-ds
> >> TIME_WAIT
> >>
> >> 0
> >>
> >> TCP christinezhang:1347 shanghai.actuate.com:epmap TIME_WAIT
> >> 0
> >>
> >> UDP christinezhang:microsoft-ds *:*
> >> 4
> >>
> >> [System]
> >>
> >>
> >>
> >> UDP christinezhang:1349 *:*
> >> 1172
> >>
> >> C:\WINDOWS\system32\mswsock.dll
> >>
> >> c:\windows\system32\WS2_32.dll
> >>
> >> c:\windows\system32\DNSAPI.dll
> >>
> >> c:\windows\system32\dnsrslvr.dll
> >>
> >> C:\WINDOWS\system32\RPCRT4.dll
> >>
> >> [svchost.exe]
> >>
> >>
> >>
> >> UDP christinezhang:isakmp *:*
> >> 708
> >>
> >> [lsass.exe]
> >>
> >>
> >>
> >> UDP christinezhang:4500 *:*
> >> 708
> >>
> >> [lsass.exe]
> >>
> >>
> >>
> >> UDP christinezhang:1027 *:*
> >> 1172
> >>
> >> C:\WINDOWS\system32\mswsock.dll
> >>
> >> c:\windows\system32\WS2_32.dll
> >>
> >> c:\windows\system32\DNSAPI.dll
> >>
> >> c:\windows\system32\dnsrslvr.dll
> >>
> >> C:\WINDOWS\system32\RPCRT4.dll
> >>
> >> [svchost.exe]
> >>
> >>
> >>
> >> UDP christinezhang:ntp *:*
> >> 1048
> >>
> >> c:\windows\system32\WS2_32.dll
> >>
> >> c:\windows\system32\w32time.dll
> >>
> >> ntdll.dll
> >>
> >> C:\WINDOWS\system32\kernel32.dll
> >>
> >> [svchost.exe]
> >>
> >>
> >>
> >> UDP christinezhang:1222 *:*
> >> 1928
> >>
> >> C:\WINDOWS\system32\WS2_32.dll
> >>
> >> C:\WINDOWS\system32\WININET.dll
> >>
> >> C:\WINDOWS\system32\kernel32.dll
> >>
> >> [rundll32.exe]

Guest · Aug 18, 2005

Archived from groups: microsoft.public.windowsxp.general (More info?)

1. The problem is still here after I change the machine's DNS server;
2. The machine is with SP2 and fire wall is on;
3. The port number connect to server's epmap port is protean. I found the
client mathine's port number is difference every time I use command
"netstat" on server.
4. Only the machine establish epmap connection to the server in our LAN.

"Savage" <Savage@discussions.microsoft.com> wrote in message
news:CDE4C6E0-3F18-4E33-B7D1-4E6C40B530B5@microsoft.com...
>I can only offer my theory , but is it possible you may have a network
> protocol on your machine trying to obtain an IP address ?
>
> Or possibly an application trying to resolve a host name via the DNS
> server ?
>
> Typically if one machine starts misbehaving , I'd look at malware.
> Possibly install a local firewall , the likes of SP2 or third party like
> zonealarm etc.
> This might pinch off unwanted network traffic , you can confirure the
> windows firewall to log successful connections and dropped packets.
>
> See what you can find...
> --
> ________
> NIC
> ----------
> Savage
> ________
>
>
> "Charms Zhou" wrote:
>
>> There is one PC (WindowsXP installed) alway try to establish epmap
>> connection with our DNS/DHCP/VPN server(Windows2000 server installed). I
>> use
>> command "netstat -ab" to see the result as below. I found this connection
>> established by Windows system services. I don't understand what and why
>> this
>> happened.
>>
>>
>>
>>
>>
>> C:\Documents and Settings\czhang>netstat -ab
>>
>>
>>
>> Active Connections
>>
>>
>>
>> Proto Local Address Foreign Address State
>> PID
>>
>> TCP christinezhang:epmap christinezhang.actuate.com:0 LISTENING
>> 952
>>
>> c:\windows\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> c:\windows\system32\rpcss.dll
>>
>> C:\WINDOWS\system32\svchost.exe
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> TCP christinezhang:microsoft-ds christinezhang.actuate.com:0
>> LISTENING 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:5225 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:5226 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:8008 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:1046 christinezhang.actuate.com:0 LISTENING
>> 2684
>>
>> [alg.exe]
>>
>>
>>
>> TCP christinezhang:8005 christinezhang.actuate.com:0 LISTENING
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:netbios-ssn christinezhang.actuate.com:0
>> LISTENING
>> 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:1063 christinezhang.actuate.com:5226
>> ESTABLISHED
>> 1896
>>
>> [StatusClient.exe]
>>
>>
>>
>> TCP christinezhang:5226 christinezhang.actuate.com:1063
>> ESTABLISHED
>> 904
>>
>> [javaw.exe]
>>
>>
>>
>> TCP christinezhang:1056 baym-cs65.msgr.hotmail.com:1863
>> ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1344 baym-sb24.msgr.hotmail.com:1863
>> ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1348 207.68.178.61:http ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1350 207.68.178.61:http ESTABLISHED
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> TCP christinezhang:1352 192.168.218.145:netbios-ssn ESTABLISHED
>> 4
>>
>> [System]
>>
>>
>>
>> TCP christinezhang:1353 shanghai.actuate.com:epmap ESTABLISHED
>> 952
>>
>> c:\windows\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> c:\windows\system32\rpcss.dll
>>
>> [svchost.exe]
>>
>>
>>
>> TCP christinezhang:1318 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1319 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1321 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1322 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1324 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1341 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1343 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> TCP christinezhang:1345 shanghai.actuate.com:microsoft-ds
>> TIME_WAIT
>>
>> 0
>>
>> TCP christinezhang:1347 shanghai.actuate.com:epmap TIME_WAIT
>> 0
>>
>> UDP christinezhang:microsoft-ds *:*
>> 4
>>
>> [System]
>>
>>
>>
>> UDP christinezhang:1349 *:*
>> 1172
>>
>> C:\WINDOWS\system32\mswsock.dll
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\DNSAPI.dll
>>
>> c:\windows\system32\dnsrslvr.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:isakmp *:*
>> 708
>>
>> [lsass.exe]
>>
>>
>>
>> UDP christinezhang:4500 *:*
>> 708
>>
>> [lsass.exe]
>>
>>
>>
>> UDP christinezhang:1027 *:*
>> 1172
>>
>> C:\WINDOWS\system32\mswsock.dll
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\DNSAPI.dll
>>
>> c:\windows\system32\dnsrslvr.dll
>>
>> C:\WINDOWS\system32\RPCRT4.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:ntp *:*
>> 1048
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\w32time.dll
>>
>> ntdll.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:1222 *:*
>> 1928
>>
>> C:\WINDOWS\system32\WS2_32.dll
>>
>> C:\WINDOWS\system32\WININET.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [rundll32.exe]
>>
>>
>>
>> UDP christinezhang:1066 *:*
>> 2000
>>
>> [msnmsgr.exe]
>>
>>
>>
>> UDP christinezhang:1900 *:*
>> 1216
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\ssdpsrv.dll
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:netbios-ns *:*
>> 4
>>
>> [System]
>>
>>
>>
>> UDP christinezhang:1900 *:*
>> 1216
>>
>> c:\windows\system32\WS2_32.dll
>>
>> c:\windows\system32\ssdpsrv.dll
>>
>> C:\WINDOWS\system32\ADVAPI32.dll
>>
>> C:\WINDOWS\system32\kernel32.dll
>>
>> [svchost.exe]
>>
>>
>>
>> UDP christinezhang:netbios-dgm *:*
>> 4
>>
>> [System]
>>
>>

Search

Epmap Connectionn Problem

Guest

Guest

Savage

Distinguished

Guest

Guest

Savage

Distinguished

Guest

Guest

TRENDING THREADS

Latest posts

Moderators online

Share this page