It was interesting during one of our Vulnerability Scanning. There are lots of machines listening on port 12345, and it does has lots of connection on it. Also, PID is 4, which is system process or service.
Same thing also found on http port 80. Here are netstat command outputs.
Symptoms
C:\Windows\system32>netstat -tabno | find “:80”
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 10.20.153.50:55183 12.23.1.11:80 ESTABLISHED 4848
TCP 10.20.153.50:56844 12.21.2.153:8014 ESTABLISHED 4848
TCP 10.20.153.50:56916 12.21.2.153:8014 ESTABLISHED 4360
TCP 10.20.153.50:65423 12.23.1.11:80 ESTABLISHED 4360
TCP [::]:80 [::]:0 LISTENING 4
C:\Windows\system32>netstat -tabno | find “:12345”
TCP 0.0.0.0:12345 0.0.0.0:0 LISTENING 4
TCP 10.20.153.50:12345 12.21.2.77:38782 TIME_WAIT 0
TCP [::]:12345 [::]:0 LISTENING 4
TCP [::1]:12345 [::1]:57035 ESTABLISHED 4
TCP [::1]:12345 [::1]:60795 ESTABLISHED 4
TCP [::1]:12345 [::1]:63369 ESTABLISHED 4
TCP [::1]:57035 [::1]:12345 ESTABLISHED 8760
TCP [::1]:60795 [::1]:12345 ESTABLISHED 11252
TCP [::1]:63369 [::1]:12345 ESTABLISHED 14776
Fix Solutions
After a google research, I found there are many services in windows 7 or windows 10 system, which can listen port 80. Basically, you need to disable the HTTP.sys driver which is started on demand by another service, such as Windows Remote Management or Print Spooler on Windows 7 or 2008.
Luckily you can detect and stop them all running simple console command:
NET stop HTTP
When you’ll start it, you will get list first: 
Other Solutions
There are a couple of other ways to disable this service or fix it :
1. Registry change
-
Launch RegEdit.
-
Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP -
Change the value of “start” to 4, which means disabled.
-
Reboot your computer.
2. Change the binded IP address for HTTP.SYS
netsh http add iplisten ipaddress=::