Multiple processes listening on the same port?

Question

I am trying to understand how can it be possible to start multiple processes listening on the same TCP {IP, Port} pair on Windows XP.

For example, I can start two ncat.exe programs listening on port 371. The second one is started without any problem and receives incoming connections while the first one does not. Once the process lastly started is terminated, the first one receives them.

netstat -a -n | find "LISTENING"
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING

Assuming this a Windows (XP) behaviour, how can it be a safe & secure behaviour? It means one can "overload" any already listening port instead of getting the usual "address already in use" error message, and simply bypass firewalls with rules just saying "any incoming TCP connections on port 371 are allowed".

Answer 1

SO_REUSEADDR socket option is interpreted differently in windows i.e. in Linux it would allow you to reuse the same socket unless all of the five tuple (src/dst port/ip and protocol are exactly same).

However, windows actually allow you to steal the socket. I would quote a much better written answer here elaborating both.

Windows only knows the SO_REUSEADDR option, there is no SO_REUSEPORT. Setting SO_REUSEADDR on a socket in Windows behaves like setting SO_REUSEPORT and SO_REUSEADDR on a socket in BSD, with one exception: A socket with SO_REUSEADDR can always bind to exactly the same source address and port as an already bound socket, even if the other socket did not have this option set when it was bound. This behavior is somewhat dangerous because it allows an* application "to steal" the connected port of another application. Needless to say, this can have major security implications.