Port 5120 would only be listening if you have the Shavlik Scheduler service on the target system. Generally it is put on target systems when you deploy patches, but you might also need to check if you are set to use the Shavlik scheduler or have it changed to the Microsoft task scheduler in Protect > Tools > Options > Scheduling.
You can tell if the Scheduler is on the system and running by going into services.msc and looking for the ST Remote Scheduler service, and check if it is started or stopped. This service needs to exist and be started for port 5120 to be listening.
Port 3122 is generally only used for internal calls back to the Shavlik Protect Console Service on the console system, so as long as you're not seeing problems with normal functions in Protect it should be fine.