 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Applications / Mac Applications / February 2005Microsoft Word X opens a listening TCP port
In reviewing the listening ports on my system to ensure that I don't have any rogue processes running of which I am not aware, I noticed (using "netstat -ta | grep LISTEN") that anytime I launch Microsoft Word a new TCP port is opened in a listening state. I have verified that this is definitely linked to Word using the following procedure: - "netstat -ta | grep LISTEN" before launching Word, shows pretty standard list of listening ports - Launch Word - "netstat -ta | grep LISTEN" after launching Word shows new port in listening state - "lsof | grep <port>" shows the process ID (PID) of the associated process - "ps -axw | grep <pid>" shows the command line for that process, which is Microsoft Word So...anyone have any idea why Microsoft Word is opening a new TCP port whenever it launches? TIA.  SignatureScott Lowe > In reviewing the listening ports on my system to ensure that I don't > have any rogue processes running of which I am not aware, I noticed [quoted text clipped - 3 lines] > So...anyone have any idea why Microsoft Word is opening a new TCP port > whenever it launches? Would you care to tell us what port? ["Followup-To:" header set to comp.sys.mac.apps.] > In reviewing the listening ports on my system to ensure that I don't > have any rogue processes running of which I am not aware, I noticed > (using "netstat -ta | grep LISTEN") that anytime I launch Microsoft > Word a new TCP port is opened in a listening state. What interface is it listening on? If it's localhost/loopback, ignore it, it's using it as a form of interprocess communication. If it isn't, it could be trying to detect multiple copies of Word running on the same subnet with the same license. OmniWeb appears to do this, though with udp rather than tcp. > In reviewing the listening ports on my system to ensure that I don't > have any rogue processes running of which I am not aware, I noticed [quoted text clipped - 15 lines] > So...anyone have any idea why Microsoft Word is opening a new TCP port > whenever it launches? I understand that Office uses a range of UDP and TCP ports to check for other copies in the local net using the same license. Couldn't find a nice link, but here is a discussion of a hint to get around this lame check (sorry for the ugly link): <http://www.macosxhints.com/comment.php?mode=display&sid=20020406142423494&title= Doesn%5C't+work%3F&pid=0> >> In reviewing the listening ports on my system to ensure that I don't >> have any rogue processes running of which I am not aware, I noticed [quoted text clipped - 22 lines] > around this lame check (sorry for the ugly link): > <http://www.macosxhints.com/comment.php?mode=display&sid=20020406142423494&title= Doesn%5C't+work%3F&pid=0> Ah..that Ah..that provided the missing piece of information I lacked. I knew about port 2222 (UDP), but what I didn't know is that Office X also opened a TCP port between 3000 and 3999. This is definitely linked to the anti-piracy scheme in Office X, then. I am running ipfw to provide firewall protection, so I'll just adjust my rules accordingly. Sorry to take up everyone's time! SignatureScott Lowe >>> In reviewing the listening ports on my system to ensure that I don't >>> have any rogue processes running of which I am not aware, I noticed [quoted text clipped - 31 lines] >firewall protection, so I'll just adjust my rules accordingly. Sorry >to take up everyone's time! Note that you *don't* have to open ports to accomodate this behavior. I have the traffic blocked and have noticed no ill effects to my Office X usage. I get entries in the log that the traffic is denied, and that's it. YMMV Claude > Note that you *don't* have to open ports to accomodate this behavior. > I have the traffic blocked and have noticed no ill effects to my Office X > usage. I get entries in the log that the traffic is denied, and that's > it. Now I'm an honest guy. But I'm also an engineer with great curiosity on these subjects so I have to ask this question: Does this mean that in some circumstances (i.e., too many copies of the same Microsoft Office on the home network), blocking the traffic on those ports would actually allow M.O. to run where it might not normally do so? - Jeff >> Note that you *don't* have to open ports to accomodate this behavior. >> I have the traffic blocked and have noticed no ill effects to my Office X [quoted text clipped - 8 lines] >traffic on those ports would actually allow M.O. to run where it >might not normally do so? Possibly. I only have one Mac and one legal copy of Office so I've never tried it. VPC also tries to phone home via UDP. I feel no obligation to let legally purchased software perform actions that I do not specifically instigate, especially outbound communication of a suspicious nature. I've been meaning temporarily allow it at some point and capture the traffic with Ethereal and have a closer look at it, but I have other pressing issues. I have a default deny in/out ipfw ruleset that only allows traffic that I set up a specific "allow" rule for. Outbound UDP or TCP traffic on random ports at random times is not something that I particularly wish to have happening. I also regulate outbound traffic with the most excellent "Little Snitch" but it evidently doesn't trigger on this type of traffic. Claude Entity claudel spoke thus: > Possibly. I only have one Mac and one legal copy of Office so > I've never tried it. Blocking port 2222 only works if ALL the machines on the LAN are blocked. Any unblocked machine can still communicate on a range of ports and will halt Office apps. See this page to set up GUI firewall: http://home.earthlink.net/~gnarlodious/OfficeAnti-AntiPiracy.png Or if you prefer the StartupItem IPFW see installer at: http://home.earthlink.net/~gnarlodious/%20OfficeBlock.sit Note that you cannot run IPFW and GUI Firewall at the same time, however for really tight firewalling you should not trust the GUI. Little Snitch, besides costing way too much, makes P2P impossible. I don't like it. -- Gnarlie >Entity claudel spoke thus: > [quoted text clipped - 3 lines] >Any unblocked machine can still communicate on a range of ports and will >halt Office apps. As I said. I only have one Mac on my lan. I block all outbound traffic from my machine except what I need as a matter of habit. I *do* notice Office-trying-to-call-out rejected traffic in my log, but I don't notice any ill effect from disallowing it. YMMV. >See this page to set up GUI firewall: No thanks, I don't use the GUI. >http://home.earthlink.net/~gnarlodious/OfficeAnti-AntiPiracy.png > >Or if you prefer the StartupItem IPFW see installer at: >http://home.earthlink.net/~gnarlodious/%20OfficeBlock.sit I'm quite happy with my current firewall configuration, but thanks anyway. >Note that you cannot run IPFW and GUI Firewall at the same time, however for >really tight firewalling you should not trust the GUI. The GUI Firewall control panel is dangerous, IMO. It provides a delusion of actually being secure. >Little Snitch, besides costing way too much, makes P2P impossible. I don't >like it. Suit yourself. I'm pleased with it and don't consider it to be overpriced. Claude > VPC also tries to phone home via UDP. [...] > I also > regulate outbound traffic with the most excellent "Little Snitch" > but it evidently doesn't trigger on this type of traffic. So -- which port(s) does VPC use for this? Billy Y.. In comp.sys.mac.system Jeff Wiseman <wisemanja@earthlink.net> exponit: > Now I'm an honest guy. But I'm also an engineer with great > curiosity on these subjects so I have to ask this question: [quoted text clipped - 3 lines] > traffic on those ports would actually allow M.O. to run where it > might not normally do so? Yes. Through my academic department, we received a 5-CPU license for Office X with a single license key. Apparently due to some irresolvable deficiency in how M$ implemented the license checking (or perhaps incompetence in how the local IT people distribute the software), we were never able to use more than one copy at a time. In spite of re-installing several different releases of Office X, it was only when we all turned on the firewalls on our Macs that the problem went away. My conclusion is that you can use a single copy of Office X, regardless of license, on as many firewalled Macs as your scruples allow. Don't know about Office 2004, though--we have no need to upgrade and so it isn't something I've looked into. Greg Shenaut > Ah..that provided the missing piece of information I lacked. I knew > about port 2222 (UDP), but what I didn't know is that Office X also > opened a TCP port between 3000 and 3999. This is definitely linked to > the anti-piracy scheme in Office X, then. I am running ipfw to provide > firewall protection, so I'll just adjust my rules accordingly. Sorry to > take up everyone's time! Not at all! Please keep posting. I'm learning from this! :-) - Jeff > Ah..that provided the missing piece of information I lacked. I knew > about port 2222 (UDP), but what I didn't know is that Office X also > opened a TCP port between 3000 and 3999. This is definitely linked to > the anti-piracy scheme in Office X, then. I am running ipfw to provide > firewall protection, so I'll just adjust my rules accordingly. Sorry > to take up everyone's time! FWIW, my copy of Office 2004 doesn't appear to be listening on any UDP or TCP port. Here's the output of `netstat -p tcp -an | grep LISTEN` tcp4 0 0 *.3689 *.* LISTEN tcp4 0 0 *.3128 *.* LISTEN tcp4 0 0 *.427 *.* LISTEN tcp4 0 0 *.548 *.* LISTEN tcp46 0 0 *.548 *.* LISTEN tcp4 0 0 *.497 *.* LISTEN tcp4 0 0 127.0.0.1.631 *.* LISTEN tcp46 0 0 *.22 *.* LISTEN tcp4 0 0 *.139 *.* LISTEN tcp4 0 0 127.0.0.1.1033 *.* LISTEN The 3689 is iTunes (daap), and 3128 is squid. The others are self-evident. Same for UDP. `netstat -p udp -an` udp4 0 0 *.3130 *.* udp4 0 0 *.56923 *.* udp4 0 0 127.0.0.1.64280 127.0.0.1.1023 udp4 0 0 *.* *.* udp4 0 0 *.427 *.* udp4 0 0 *.* *.* udp4 0 0 *.* *.* udp4 0 0 *.497 *.* udp4 0 0 *.631 *.* udp4 0 0 165.124.253.17.138 *.* udp4 0 0 165.124.253.17.137 *.* udp4 0 0 *.138 *.* udp4 0 0 *.137 *.* udp4 0 0 127.0.0.1.49162 127.0.0.1.1022 udp4 0 0 127.0.0.1.49161 127.0.0.1.1022 udp4 0 0 127.0.0.1.1022 *.* udp4 0 0 127.0.0.1.1023 *.* udp4 0 0 165.124.253.17.123 *.* udp4 0 0 127.0.0.1.123 *.* udp4 0 0 *.123 *.* udp4 0 0 *.5353 *.* udp4 0 0 127.0.0.1.1033 *.* udp4 0 0 *.514 *.* udp6 0 0 *.514 *.* 3130 and 56923 are squid. And I'm definitely running Word right now. `ps awwx | grep -i word` 24803 ?? S 0:02.95 /Applications/Microsoft Office 2004/Microsoft \ Word /Applications/Microsoft Office 2004/Microsoft Word -psn_0_5636097 Beverly SignatureMany a smale maketh a grate -- Geoffrey Chaucer > So...anyone have any idea why Microsoft Word is opening a new TCP port > whenever it launches? It looks for other copies of itself running with the same serial number on the local network. SignatureJeremy | jeremy@exit109.com >> So...anyone have any idea why Microsoft Word is opening a new TCP port >> whenever it launches? > > It looks for other copies of itself running with the same serial number on > the local network. Yes, another posted pointed in the direction of a Mac OS X Hints article that laid out the relationship between the UDP 2222 broadcast and the open TCP port between 3000 and 3999. I knew about the UDP stuff, but didn't know about the other. Thanks for your response! SignatureScott Lowe Followups set to: comp.sys.mac.apps > So...anyone have any idea why Microsoft Word is opening a new TCP port > whenever it launches? > > TIA. It's looking for another machine on your LAN that's running Office under the same serial number. SignatureMT - Diagonally parked in a parallel universe. 101010
|
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.