2

I found the answer to this problem already and just want to document my finding.

In one of my recent project, I found that a port would not be shown as being used in netstat, but when my project tried to use the port, an error would be thrown.

For example, let's say I want to use port 53000:

netstat -ano | findstr :53000

Nothing would be shown, but if I attempted to use the port in Node.js, a permission error will be thrown.

toyssamurai
  • 561
  • 4
  • 13

2 Answers2

3

It turned out that things such as Hyper-V, Docker, etc would reserve a range of ports. To find out the ranges of ports reserved, do the following:

netsh interface ipv4 show excludedportrange protocol=tcp

In my case, I would see something like this:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
     49805       49904
     50000       50059     *
     50060       50159
     50160       50259
     50360       50459
     50870       50969
     50970       51069
     51070       51169
     51270       51369
     52353       52452
     52453       52552
     52553       52652
     52653       52752
     52853       52952
     52953       53052
     53053       53152
     53324       53423
     56247       56346
     56347       56446
     56547       56646
     56647       56746

* - Administered port exclusions.

To fix my problem, I can:

  1. Disable Hyper-V
  2. netsh int ipv4 add excludedportrange protocol=tcp startport=53000 numberofports=1 (as administrator)
  3. Enable Hyper-V
toyssamurai
  • 561
  • 4
  • 13
3

Set the Windows "Dynamic Port Range" in a non conflicting place

We managed to contain this problem, for the case where you can not change your ports' needs to other location (like a non configurable application) and also need Hyper-V.

When you issue the command:

netsh int ip show excludedportrange protocol=tcp

You get an output with a list of port ranges reserved:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
     33474       33573
     50000       50059     *
     58159       58258
     58259       58358
     58359       58458
     58459       58558
     58559       58658
     58659       58758
     58759       58858

* - Administered port exclusions.

The Windows Hyper-V (Microsoft's hardware virtualization product) reserves random port ranges (usually blocks of 100 ports). This becomes a pain, because if you are developing an application or larger solution that uses multiple ports, some times you get a conflict and some times not after rebooting your system.

To lookup for the "Dynamic Port Range" you can issue the command:

netsh int ipv4 show dynamicport tcp

The answer:

Protocol tcp Dynamic Port Range
---------------------------------
Start Port      : 1024
Number of Ports : 64511

You can instruct Windows to modify this range out of the conflicting area. Let's say your development is under and up to port 60000, you can issue the following command to restrict the dynamic port range out of it (you must have administrator privileges):

netsh int ipv4 set dynamic tcp start=60001 num=5534

To make Hyper-V (and Windows in general) use this new dynamic range you have to reboot your system.

Now if we request the excluded port range:

netsh int ip show excludedportrange protocol=tcp

The response has changed:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
     50000       50059     *
     63904       64003
     64004       64103
     64105       64204
     64205       64304
     64305       64404
     64405       64504
     64505       64604
     64605       64704

* - Administered port exclusions.

Only the "Administered port exclusions" remains below port 60001

TrustworthySystems
  • 627
  • 8
  • 19