Skip to main content

Stealth port exclusions on Windows 10

I guess this is a perfect example of how people get cynical of software updates after going through the routine for awhile. And this is coming from someone who enjoys solving technical problems when he is in the right mood!

So recently, I started having some long-running software complain that it can't bind to a certain TCP port because "the port is already in use". I immediately pulled out my trusty CurrPorts and check out which mysterious program is hogging the port behind my back (yeah I could use netstat, but who has time to memorize all those command line arguments, right?)

To my surprise, nothing, nadda. No one is using that port. Yet that port is mysteriously barred from use. It's like you suddenly cannot open the door to your home with your existing key. Incredibly frustrating.

Anyway, after 2 whole days of research, I finally found the culprit. Apparently after a certain Windows update (1809 or 2004 from various sources, I didn't care to verify), Windows now reserves certain ports (called "Administered port exclusions") for Hyper-V (not sure why that would affect me, since I am not using it). 

To view the list, using the command line:

netsh int ipv4 show excludedportrange tcp

You'd be surprised by how many ports are reserved. On my machine, this is the output:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      5357        5357
      7834        7933
      7934        8033
      8034        8133
      8134        8233
      8234        8333
      8334        8433
      8434        8533
      8637        8736
      8737        8836
      8837        8936
      8937        9036
      9037        9136
      9137        9236
      9237        9336
      9537        9636
      9637        9736
      9737        9836
      9837        9936
      9937       10036
     10037       10136
     10137       10236
     10551       10650
     10651       10750
     10751       10850
     10851       10950
     10951       11050
     11051       11150
     11151       11250
     11277       11376
     11377       11476
     11477       11576
     11577       11676

* - Administered port exclusions.

Here are some associated links from my research:

Anyway, the solution for me was to issue this command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\hns\State /v EnableExcludedPortRange /d 0 /f

It basically sets the EnableExcludedPortRange registry value to 0. A reboot is required.

This is incredibly frustrating because it came out of nowhere, no meaningful error message was provided and even trying to research the problem took a lot of time to figure out the right keywords that will yield the right answer. It was as if the guys who came up with this wanted to inflict the maximum pain on the affected user (or more likely they didn't really give a f**k).

Update (1 Sep 2021):

Discovered that a better solution is to issue this command at an elevated CMD:

netsh int ipv4 set dynamic tcp start=49152 num=16384

After a reboot, the new reserved ports will be:

C:\>netsh int ipv4 show excludedportrange tcp

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
      2869        2869
      5357        5357
     49152       49251
     49370       49469
     49470       49569
     49725       49824
     49825       49924
     49925       50024
     50025       50124
     50125       50224
     50443       50542
     50543       50642
     50643       50742
     50743       50842
     50843       50942
     50943       51042
     51043       51142
     51457       51556
     51557       51656
     51657       51756
     51757       51856
     51857       51956
     51957       52056
     52151       52250
     60580       60679
     60883       60982
     61088       61187
     61356       61455
     64877       64976
     64977       65076
     65077       65176
     65177       65276
     65277       65376
     65377       65476

* - Administered port exclusions.

Comments

Popular posts from this blog

Update: Line adapter for Ozito Blade Trimmer

Update (Dec 2021): If you access to a 3D printer, I would now recommend this solution , which makes it super easy to replace the trimmer line. I have been using it for a few months now with zero issue.

Attiny85 timer programming using Timer1

This Arduino sketch uses Timer1 to drive the LED blinker: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 /* * Program ATTiny85 to blink LED connected to PB1 at 1s interval. * Assumes ATTiny85 is running at 1MHz internal clock speed. */ #include <avr/io.h> #include <avr/wdt.h> #include <avr/sleep.h> #include <avr/interrupt.h> bool timer1 = false , led = true ; // Interrupt service routine for timer1 ISR(TIMER1_COMPA_vect) { timer1 = true ; } void setup() { // Setup output pins pinMode( 1 , OUTPUT); digitalWrite( 1 , led); set_sleep_mode(SLEEP_MODE_IDLE); // Setup timer1 to interrupt every second TCCR1 = 0 ; // Stop timer TCNT1 = 0 ; // Zero timer GTCCR = _BV(PSR1); // Reset prescaler OCR1A = 243 ; // T = prescaler / 1MHz = 0.004096s; OCR1A = (1s/T) - 1 = 243 OCR1C = 243 ; // Set to same value to reset timer1 to

Line adapter for Ozito Blade Trimmer

This is an adapter for Ozito 18V battery trimmer (and possibly some Bosch trimmers as well) that uses a plastic blade for cutting. It lets you insert a 2.4mm trimmer line (about 8cm long) and use that for cutting. Simply cut a length of trimmer line and briefly heat up one end with a lighter so that a little bulb is formed. Then insert the trimmer line into the adapter and slot that into the trimmer as per normal. Make sure the trimmer line is not so long that it touches the safety guard. If that is the case, simply trim off any excess with a cutter or scissors. This part is best printed using PETG, which is a tougher and more flexible material. PLA is more rigid and breaks more easily. However, even with PETG, it will still break when it hits something really hard. Since this takes only 0.5m of material and 15 minutes to print, I will usually print a batch of nine at a time at very little cost. The blades that they sell do not break when it hits a hard object, but