In TCPView, why does the svchost.exe process need to listen on so many TCP and UDP ports

Looking at TCPView I can see over 25 svchost processes using TCP and UDP ports. If these svchost processes are the various services required by Windows, then why would so many be using the network?

Solution 1:

According to wikipedia:

In the Windows NT family of operating systems, svchost.exe (Service Host, or SvcHost) is a system process which hosts multiple Windows services. Its executable image, %SystemRoot%\System32\Svchost.exe or %SystemRoot%\SysWOW64\Svchost.exe (for 32-bit services running on 64-bit systems) runs in multiple instances, each hosting one or more services. It is essential in the implementation of so-called shared service processes, where a number of services can share a process in order to reduce resource consumption.

So, is expected that you have a lot of Windows processes running over a svhost.exe. Many of them just use TCP/IP ports(sockets) to inter-processes comunication over localhost. That's why you can see a lot of network traffic over svhost.exe.

Additionally you could also find which Windows Service is running over svhost. I run "tasklist /svc" command on my computer and it returned me the dependencies between svhost and some running Windows Services: