XPost: alt.comp.microsoft.windows
On Sat, 3 May 2025 13:38:26 -0400, Paul wrote :
Use Wireshark.
Fire up a browser, watch what ports are used. Ports in the ephemeral range, are sending to 443 (encrypted) on mine. Like 61038 ==> 443, which is https. These are ports assigned dynamically from the pool above 49152. A program doing that, could get EADDRINUSE if it uses a dynamic port currently in
usage by a second browser.
I don't disagree with any of your advice above, but I've been there.
The problem here is three fold which makes it a bit unusual in my case.
1. Adb uses port 55555. I have no control over that (AFAIK).
2. Stunnel *needs* ports. I control which ports. I use 49152�V65535.
3. But once a month (or so) "something" excludes the ports used.
This "something" is apparently a deep system-level application.
But what?
I can run net stumblers galore, yet I haven't found what it is.
Powershell:
$port = 54321
try {
$listener = New-Object System.Net.Sockets.TcpListener ([System.Net.IPAddress]::Loopback, $port)
$listener.Start()
Write-Host "Successfully bound to 127.0.0.1:$port"
$listener.Stop()
} catch {
Write-Warning "Failed to bind to 127.0.0.1:$port: $($_.Exception.Message)"
Write-Host "Attempting to identify the process..."
Get-NetTCPConnection -LocalPort $port | Get-Process -ErrorAction SilentlyContinue
Get-NetUDPEndpoint -LocalPort $port | Get-Process -ErrorAction SilentlyContinue
}
That script will actively try to bind to the port and, if it fails, will immediately try to identify the listening process. It never finds anything.
I don't think you are supposed to statically assign such ports to programs needing their own fixed port for some purpose. For example, if I put an XWindows
server on my PC (needed for Bash Shell and WSL1), it uses port 6000 as a static port. And that is defined in the ports list. That's an officially recognized usage, in the static port range.
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
6000�V6063 Yes X11�Xused between an X client and server over the network
You can communicate with 64 different Unix computers and put their Windows
on your screen, but people do not typically do that. The DISPLAY variable
:0 or :1 , corresponds to the usage of port 6000 or port 6001.
Those are statically defined ports, and between 1025 and 49151 or so.
Again, I don't disagree much with what you said. An example is adb.
ADB needs a port and it always uses 5555 & 55555 (as far as I can tell).
That's what ADB does. I don't control that. But I use adb all day every day.
If "something" deep in the system steals that port at boot, abd will fail.
The error is simply that adb can't bind to that port.
But NOTHING is using that port - which is what took me 2 years to realize. (Mostly because a reboot always instantly resolved the problem.)
As with adb, stunnel *needs* a port. But unlike adb, YOU have to pick it.
The only choice you have is which port. You don't care what port.
So you pick a port, and it works fine. For a while.
Suddenly, at the morning reboot, stunnel fails to bind to that port.
So you change it. Which works fine, but then one day, it happens again.
And again. And again. "Something" is excluding those ports seemingly randomly. Something very deep inside the system since an admin can't release them.
At work, we had our own little registrar. She made sure, via phoning her up, that if you invented a new usage for a static port, she would check the list of experimental usages and make sure there wasn't a conflict. So if some twirp had used port 12345 for an Ethernet test program, and you decided
to do the same thing, she could tell you it was already in use. And for such a large company, there was really hardly any usage of static ports in that exact way. There's a reason for that. But she would have penciled in things like popular game engine assignments, because you would not want your
serious business case static port assignment, to suddenly start playing Quake :-)
I'm sure you have your reasons for doing this, but that's not exactly
the intended usage model for those port numbers. Just about any question
I've asked about networking, the answerer starts with "You're not supposed
to do that", and that's the essence of "learn while you earn" as a learning algorithm :-)
Again, it's adb & stunnel, both of which are required.
I need adb for reasons that are so obvious I won't even explain why.
As for stunnel, my newsreader is telnet so I need stunnel for encryption.
Those are my reasons, and I don't think anyone can say that they're wrong.
The problem isn't stunnel or adb anyway.
The problem is "something" deep inside Windows is excluding ports en masse.
But what?
To give you some idea how pissy they were about network operations at work, one day we started a three node flight simulator on a LAN segment, and
the "Nazi" in control, phoned one of the employee phone numbers within 20 seconds
of the game showing up on the LAN. And this was after closing time, too.
You could use the flight sim on one node (no network traffic), and
I routinely used to fly my custom aircraft. A Borg Cube with a
one million pounds of thrust engine. You have to set the trim at +5 degrees to keep the flight stable. Because, well, it's a brick, not an aircraft.
I love your sardonic humor because there's immense knowledge embedded.
You've helped me in the past, in that you were my AI (or, um, actually, AI
has slowly been replacing Usenet for me in what it does for debugging), so
I appreciate your helpful replies as I need to choose ports from this list.
Privileged ports: Ports 0-1023
Registered Ports: Ports 1024-49151
Dynamic/Private Ports: Ports 49152-65535 (e.g., used by Stunnel & adb)'
ADB typically uses tcp:55555 but you can set stunnel to use many ports.
I'm not sure Wireshark will show anything that isn't already being shown
simply because, as far as I can tell, NOTHING is using the excluded ports.
In the same vein I think would go netmon, TCPView, perfmon, wf.msc, etc., simply because the excluded ports aren't actually being used (AFAICT)
I checked for maybe two years, which doesn't mean I covered all bases, but
as far as I can tell, the ports are simply excluded from use & that's it.
Win+R > cmd {control+shift+enter} for an Administrator prompt
netstat -ano | findstr :54321
@echo off
:loop
echo %date% %time% >> port_usage.log
netstat -ano >> port_usage.log
timeout /t 5 /nobreak > nul
goto :loop
netsh interface ipv4 show tcpconnections
netsh http show urlacl
Win+R > services.msc {control+shift+enter}
Get-NetTCPConnection -LocalPort 54321 -Force
Get-NetUDPEndpoint -LocalPort 54321 -Force
Get-NetTCPListen -LocalPort 54321 | Get-Process -Id {$_.OwningProcess} try {$listener = New-Object System.Net.Sockets.TcpListener ([System.Net.IPAddress]::Loopback, 32565); $listener.Start(); Write-Host "Successfully bound to 127.0.0.1:32565"; $listener.Stop()} catch {Write-Error "Failed to bind to 127.0.0.1:32565: $($
_.Exception.Message)"}
resmon > Network > Listening Ports > Port = 54321 > PID
procexp.exe > Find > Find Handle or DLL > 54321 > Search
procmon.exe > Filter (timing is crucial)
[Local Port] is 54321 then Include
(kill & restart stunnel with the script below & watch with procmon)
[Process Name] [is] [stunnel.exe] then [Include]
[Operation] is [TCP Accept] then [Include]
[Operation] is [TCP Connect] then [Include]
[Operation] is [TCP Disconnect] then [Include]
[Operation] is [TCP Other] then [Include]
[Operation] is [TCP Receive] then [Include]
[Operation] is [TCP Reconnect] then [Include]
[Operation] is [TCP Retransmit] then [Include]
[Operation] is [TCP Send] then [Include]
[Operation] is [TCP TCPcopy] then [Include]
[Operation] is [TCP Unknown] then [Include]
[PID] is [4321] then "Include
[Apply][OK]
@echo off
REM restartstunnel.bat
REM Replaces the following manual commands:
REM tasklist | findstr "stunnel.exe"
REM stunnel.exe 4321 Console 1 21,308 K
REM taskkill /F /PID 9640
echo Terminating stunnel...
taskkill /F /IM stunnel.exe > nul 2>&1
timeout /t 2 /nobreak > nul
echo Starting stunnel...
start "" "stunnel.exe"
echo Done.
(Note some of the commands above have udp/ipv6 variants I've omitted.)
When a port is excluded after the morning boot, nothing can bind to it.
ncat -l -p 54321 (or... ncat -l -k -p 54321 -e exit)
Ncat: bind to :::54321: An attempt was made to access a socket
in a way forbidden by its access permissions. . QUITTING.
It's hard to even get the port unexcluded if you know it's excluded.
netsh interface ipv4 delete excludedportrange protocol=tcp startport=54300 numberofports=100
Access is denied.
When the exclusion includes Stunnel's ports, I get this error:
Binding service [x] to 127.0.0.1:54321:
Permission denied (WSAEACCES) (10013)
When it excludes adb's ports, I get this error after the morning boot:
adb devices
* daemon not running; starting now at tcp:55555
could not read ok from ADB Server
* failed to start daemon
adb.exe: failed to check server version: cannot connect to daemon
Something is excluding entire blocks of random ports, but what?
Of course, there must be a reason, but even now, some are excluded
as shown by this back-to-back contiguous sequence I just ran for you.
netsh interface ipv4 show excludedportrange protocol=tcp
Protocol tcp Port Exclusion Ranges
Start Port End Port
---------- --------
5357 5357
20164 20263
50000 50059 *
59914 60013
60014 60113
60214 60313
60314 60413
60414 60513
60514 60613
60614 60713
60714 60813
60814 60913
60914 61013
61014 61113
61114 61213
* - Administered port exclusions.
net stop winnat
The Windows NAT Driver service was stopped successfully.
netsh interface ipv4 show excludedportrange protocol=tcp
Protocol tcp Port Exclusion Ranges
Start Port End Port
---------- --------
5357 5357
50000 50059 *
* - Administered port exclusions.
net start winnat
The Windows NAT Driver service was started successfully.
netsh interface ipv4 show excludedportrange protocol=tcp
Protocol tcp Port Exclusion Ranges
Start Port End Port
---------- --------
5357 5357
50000 50059 *
* - Administered port exclusions.
I only found out about those commands yesterday, so I'm actually surprised
that the result change constantly. I have no idea why they're changing.
The reason it matters is that some apps (like adb) have a port which
sometimes is excluded and other apps (like stunnel) require a port.
It's hard to pick an unused port when they're randomly excluded at boot.
I've debugged this many times and failed every time, mainly because
after a few hours of wasted debugging, I decide to punt and reboot.
Anyway, after about two years of these shenanigans, I finally figured
out the "problem" is "something" deep inside of Windows is excluding
a hundred random ports at a time. I "think" it's related to Windows
update, but I'm not sure really. It always happens at a boot though.
I post this mostly to accomplish a few things I always strive for.
1. Let people know what my solution is so they can try it too.
2. Provide the commands, verbatim, as they're extremely useful.
3. Try to push the ball forward to figure out WHAT is excluding ports.
I suspect most of you have the same problem; you just don't notice it.
You can tell, actually, simply by running this command.
If it reports more than two lines, you likely have the same problem.
netsh interface ipv4 show excludedportrange protocol=tcp
How many lines show up for others?
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)