tasklist | findstr <PID> Legitimate owners will be svchost.exe (with WSD-related flags) or a printer driver process.
In the landscape of network administration and cybersecurity, unfamiliar open ports often raise red flags. One such port that frequently appears on Windows machines is TCP port 5357 . While it might look suspicious to the untrained eye, this port serves a specific and legitimate function in modern networking environments.
nmap -p 5357 <target-IP> TCP port 5357 is a legitimate, useful port that powers seamless device discovery and printing on modern networks via the WSDAPI. For most users and small businesses, it poses no significant threat and disabling it will degrade the plug-and-play experience.
netstat -an | findstr :5357 Look for the process ID (PID) of the listening application, then:
However, on high-security networks or servers, it’s prudent to disable the WSD publishing service. As always, monitor open ports with a firewall and keep network devices (especially printers) updated—since printers are often the forgotten, vulnerable edge of enterprise security.
: Don’t panic if you see port 5357 open. Verify it’s associated with a printer or discovery service. If it’s open on a random workstation with no printers nearby and strange traffic patterns, investigate further.
This article explores what TCP port 5357 is, why it’s open, how it works, and when you should be concerned about its activity. TCP port 5357 is officially registered by the Internet Assigned Numbers Authority (IANA) for use by WSDAPI (Web Services Dynamic Discovery API) and specifically for WSDAPI Print Services .