Windows has the concept of reserved TCP/UDP ports. These ports can nonetheless be used by any other application. These can be annoying because the reserved ports
would not shown be used when we query used ports using netstat
. For instance, if we want to bind TCP port 23806 to an application, we determine the
availability using the netstat
command, such as
C:> netstat -anp tcp | find ":23806"
C:>
The output is blank, which means that the port is unused. However, when we attempt to bind the port to a process of our choice, we encounter an error, such as
bind [127.0.0.1]:23806: Permission denied
This is annoying. The reason is that the port somehow becomes a reserved port. To see this, we can query reserved ports, e.g.,
C:> netsh int ipv4 show excludedportrange protocol=tcp
Protocol tcp Port Exclusion Ranges
Start Port End Port
---------- --------
1155 1254
... ...
23733 23832
23833 23932
50000 50059 *
* - Administered port exclusions.
C:>
which shows that 23806 is now a served port. What is really annoying is that the range can be updated by Windows dynamically. There are several methods to deal with this.
- Method 1. Stop and start the Windows NAT Driver service.
After this, query the reserved the ports again. It is often the reserved ports are much limited when compared to before, e.g.,net stop winnat net start winnat
C:>netsh int ipv4 show excludedportrange protocol=tcp Protocol tcp Port Exclusion Ranges Start Port End Port ---------- -------- 2869 2869 5357 5357 50000 50059 * * - Administered port exclusions. C:>
- Method 2. If you don't wish to use this feature of Windows, we can disable reserved ports.
reg add HKLM\SYSTEM\CurrentControlSet\Services\hns\State /v EnableExcludedPortRange /d 0 /f