Port 8081 mystery

["Mat Benwell" <mjbenny1 () gmail com>]

Hi Wali,
Try Process Explorer
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

Double click on the process and select the TCP/IP tab. That will tell
you what ports a process has open

Cheers
Mat


WALI wrote:
> HI list...
>
> I ran a nmap scan on quite a few machines on my internal subnet and one port that appears on all those scans, 
> especially the machines that are still running adequately patched but older Windows 2000 workstations, is tcp 8081. 
> Though nmap shows this as blackice-icecap port I do not find any such application running in task manager neither is 
> this installed.
>
> nestat-a just lists this port as 'Listening' and does not list any application name assigned to it, so why is this port 
> there? Who is using this? I have ran antivirus scan and spybot checker just to rule out any malware possibilities.
>
> Nessus Scan (tis weeks plugin feed) does not show this port listed amongst any vulnerability.
>
> Here is the nmap output:
>
> SuSE101:/home/root # nmap -O 192.168.126.245 --osscan-guess
> Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2007-01-23 11:10 GST
> Interesting ports on 192.168.126.245:
> (The 1667 ports scanned but not shown below are in state: closed)
> PORT     STATE SERVICE
> 135/tcp  open  msrpc
> 139/tcp  open  netbios-ssn
> 445/tcp  open  microsoft-ds
> 2030/tcp open  device2
> 8081/tcp open  blackice-icecap
> Device type: general purpose
> Running: Microsoft Windows NT/2K/XP
> OS details: Microsoft Windows 2000 SP4 or XP SP1
>
> Nmap finished: 1 IP address (1 host up) scanned in 1.107 seconds