Port not shown to be used in netstat, but trying to use the port is denied by Windows

Question

I found the answer to this problem already and just want to document my finding.

In one of my recent project, I found that a port would not be shown as being used in netstat, but when my project tried to use the port, an error would be thrown.

For example, let's say I want to use port 53000:

netstat -ano | findstr :53000

Nothing would be shown, but if I attempted to use the port in Node.js, a permission error will be thrown.

Answer 1

Set the Windows "Dynamic Port Range" in a non conflicting place

We managed to contain this problem, for the case where you can not change your ports' needs to other location (like a non configurable application) and also need Hyper-V.

When you issue the command:

netsh int ip show excludedportrange protocol=tcp

You get an output with a list of port ranges reserved:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
     33474       33573
     50000       50059     *
     58159       58258
     58259       58358
     58359       58458
     58459       58558
     58559       58658
     58659       58758
     58759       58858

* - Administered port exclusions.

The Windows Hyper-V (Microsoft's hardware virtualization product) reserves random port ranges (usually blocks of 100 ports). This becomes a pain, because if you are developing an application or larger solution that uses multiple ports, some times you get a conflict and some times not after rebooting your system.

To lookup for the "Dynamic Port Range" you can issue the command:

netsh int ipv4 show dynamicport tcp

The answer:

Protocol tcp Dynamic Port Range
---------------------------------
Start Port      : 1024
Number of Ports : 64511

You can instruct Windows to modify this range out of the conflicting area. Let's say your development is under and up to port 60000, you can issue the following command to restrict the dynamic port range out of it (you must have administrator privileges):

netsh int ipv4 set dynamic tcp start=60001 num=5534

To make Hyper-V (and Windows in general) use this new dynamic range you have to reboot your system.

Now if we request the excluded port range:

netsh int ip show excludedportrange protocol=tcp

The response has changed:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
     50000       50059     *
     63904       64003
     64004       64103
     64105       64204
     64205       64304
     64305       64404
     64405       64504
     64505       64604
     64605       64704

* - Administered port exclusions.

Only the "Administered port exclusions" remains below port 60001