Re: Why is MS listening

Giganews Newsgroups
Subject: Re: Why is MS listening
Posted by:  Christophe Vandeplas (christopheSP…
Date: Sun, 29 Jul 2007

Intuitive wrote:
> Microsoft is not spying on you.
> Nice observation; but they have better things to do with their time
> ...honestly, they do.
> "microsoft-ds" is the recent(ish) name given to the new rendition of the
>  old Server Message Blocks (SMB), which is Common Internet File System
> (CIFS).
> What runs on UDP port 4500? I have no idea.

That's also for IPsec. Port 4500/udp is used for passing trough NAT devices.
The data packets will not be encapsulated in ESP but in udp packets ofer
that port.

More info in:
RFC 3715 IPsec-Network Address Translation (NAT) Compatibility Requirements
RFC 3947 Negotiation of NAT-Traversal in IKE
RFC 3948 UDP Encapsulation of IPsec ESP Packets

> What runs on UDP port 500(isakmp)? Well, it's the ISAKMP service which
> is run by IPSec on your Windows machine.
> NoSpam wrote:
>> Dear Group,
>> I am wondering about several lines in the return to a
>>                                  netstat -a
>> command on my pc!
>> They show that microsoft is listening. Is this legitimate and which
>> program is served by these connections?
>>  TCP    x-xxxxxxxxxxx:microsoft-ds  g-xxxxxxxxxxx:0      LISTENING
>>  UDP    x-xxxxxxxxxxx:microsoft-ds  *:*
>> There are two more lines which I do not know what they could refer to
>>  UDP    x-almjf4iscdqrx:isakmp  *:*
>>  UDP    x-almjf4iscdqrx::4500  *:*
>> What do they refer to?
>> I dont know whether it is worth is, but I changed by PC name to all xs.
>> Is there a document which explains the meaning of these lines?
>> Thanks for any helpful replies.
>> GR.




In response to

Re: Why is MS listening posted by Intuitive on Mon, 23 Jul 2007