Closing ports I see when I nmap ...

When I run nmap on my enterprise box I get a list of ports (see below). Sunrpc I presume is used for an NFS mount I have to another box, ncd-pref is also related to caching of the mount (I'm guessing) ... but what is sometimes-rpc3 and do I need it open? Also ... why is X11 open like that twice when I run X on another box and use it with vnc etc without having to leave a port open specifically for X11 or X11:4.

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on pblade2 (127.0.0.1):
(The 1593 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
443/tcp open https
5977/tcp open ncd-pref-tcp
6000/tcp open X11
6004/tcp open X11:4
32770/tcp open sometimes-rpc3

I do appreciate your time and advice.

Thanks.

What operating system are you using?

If it's a BSD variant, try running:
sockstat -4

If it's a Linux machine, try:
netstat -e --program

documentation only:

first: any port on 127.0.0.1 can ONLY be accessed from within your system.
Nothing on the internet can access this IP address.

Port 111 is the original Portmap service for InterProcess communications and
system to systems service mapping. Unless you have specific software that
needs this port open, you should disable it in /etc/services

If you're running a Desktop like GNU, KDE, you need X11 to be running.

Port 80 says you have a webserver active and port 22 is the SAFE
alternative to Telnet and FTP. Again, close these services unless you need them.