Home / server / Questions / 169705
In Process
Gennady Vanin Геннадий Ванин
Asked: 2010-08-13 02:01:33 +0800 CST

which Windows component establishes remote network sessions (with workgrup computers)?

  • 772

My workgroup Windows XP Pro SP3 permits (or establishes itself) a hundred of network sessions with workgroup computers, see the result of "net sessions" below [1]. NetBT (NetBIOS over TCP/IP) is disabled.

I tried to detect which service is responsible for it by disabling one service by one in services.msc, then disabling/enabling my NIC network connection, checking (by netstat -a and net view) after each disabling that sessions were being reestablished (after restarting network connection, the session list [2] is empty and then is filled up). See the list of services I disabled in [2].

After rebooting the local workgroup sessions stopped reappearing in the "net session" [1] and netstat list.

What is/are service(s) responsible for establishing sessions with workgrup computers?

Why did rebooting stopped recovering of sessions but disabling/enabling of NIC network connection NOT?!

Sure, I could have run "netstat -nb", showing executables involved in connection creation, but the names of system dll/exe do not tell me much. Anyway, what should I do - r-enable all services back and reboot computer just to see "netstat -nb" or what?

----------

[2] Disabled services:

  • Acronis Scheduler Service
  • Computer Browser
  • Fast User Switching
  • Human Interface Device Access
  • Peer Name Resolution Protocol
  • Peer Networking
  • Peer Networking Group Authentication
  • Peer Networking Identity Manager
  • Print Spooler
  • Remote Access Auto Connection Manager
  • Remote Access Connection Manager
  • Remote Desktop Help Session Manager
  • RIP Listener
  • Routing and Remote Access
  • Secondary Logon
  • TCP/IP NetBIOS Helper
  • Universal Plug and Play Device Host

[1]

D:\Documents and Settings\Administrator>net sessions

Computer               User name            Client Type       Opens Idle time
------------------------------------------------------------------------------
\\10.204.27.14                              Windows 2000 2195     1 07:07:29
\\10.204.27.14                              Windows 2000 2195     1 04:52:29
\\10.204.27.14                              Windows 2000 2195     1 04:19:29
\\10.204.27.14                              Windows 2000 2195     1 06:16:29
\\10.204.39.50                              Windows 2000 2195     1 00:10:29
\\10.204.43.23                              Windows 2000 2195     1 05:37:29
\\10.204.43.23                              Windows 2000 2195     1 05:04:29
\\10.204.43.23                              Windows 2000 2195     1 00:04:29
\\10.204.43.23                              Windows 2000 2195     1 01:37:29
\\10.204.43.23                              Windows 2000 2195     1 04:28:29
\\10.204.43.23                              Windows 2000 2195     1 01:10:29
\\10.204.43.23                              Windows 2000 2195     1 01:07:29
\\10.204.43.23                              Windows 2000 2195     1 02:16:29
\\10.204.43.23                              Windows 2000 2195     1 03:55:29
\\10.204.43.23                              Windows 2000 2195     1 02:49:29
\\10.204.43.23                              Windows 2000 2195     1 03:22:29
\\10.204.45.102                             Windows 2000 2195     1 03:01:29
\\10.204.45.102                             Windows 2000 2195     1 03:31:29
\\10.204.52.121                             Windows 2000 2195     1 01:34:29
\\10.204.55.88                              Windows 2000 2195     1 00:25:29
\\10.204.56.25                              Windows 2000 2195     1 02:37:29
\\10.204.56.25                              Windows 2000 2195     1 04:19:29
\\10.204.56.25                              Windows 2000 2195     1 02:04:29
\\10.204.56.25                              Windows 2000 2195     1 04:52:29
\\10.204.56.25                              Windows 2000 2195     1 03:13:29
\\10.204.56.25                              Windows 2000 2195     1 01:25:29
\\10.204.56.25                              Windows 2000 2195     1 05:25:29
\\10.204.56.25                              Windows 2000 2195     1 06:31:29
\\10.204.56.25                              Windows 2000 2195     1 07:04:29
\\10.204.56.25                              Windows 2000 2195     1 06:55:29
\\10.204.56.25                              Windows 2000 2195     1 00:25:29
\\10.204.56.25                              Windows 2000 2195     1 03:46:29
\\10.204.57.105                             Windows 2000 2195     1 00:16:29
\\10.204.57.105                             Windows 2000 2195     1 00:10:29
\\10.204.57.105                             Windows 2000 2195     1 00:34:29
\\10.204.57.105                             Windows 2000 2195     1 00:04:29
\\10.204.57.105                             Windows 2000 2195     1 00:40:29
\\10.204.57.105                             Windows 2000 2195     1 00:01:29
\\10.204.57.105                             Windows 2000 2195     1 00:25:29
The command completed successfully.
connection windows-xp network-monitoring workgroup

2 Answers

  1. The "net session" command shows incoming connections (sessions established TO your machine). The Server service is responsible for advertising and allowing these incoming connections. Shared files and printers will make use of the Server service. NetBIOS over TCP\IP isn't required for file and printer sharing to work so disabling it isn't going to stop these incoming connections. Do you have shared folders or printers on your machine?

    • 1

  2. If you're looking to turn the output from netstat -nb into something useful, the "Process Explorer" tool from System Internals (link) is very good at that. Once you've identified the process, you can look it up in Process Explorer, right-click on it to get properties, and the Service it belongs to (if service it is) will be shown.

    If it is System[4], then the traffic is part of the operating system in some way. The 'Server' service is one such service that is served out of System[4].

    • 0