如何查看在 Windows 上保留临时端口范围的内容? [英] How to see what is reserving ephemeral port ranges on Windows?

问题描述

我有一个需要使用端口 50005 和 50006 的 Windows 应用程序，但它被阻止了.

I have a Windows application that needs to use ports 50005 and 50006 but it is being blocked.

我在运行 netsh int ip show excludeportrange protocol=tcp 时看到以下内容:

I see the following when I run netsh int ip show excludedportrange protocol=tcp:

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
5357        5357
49709       49808
49809       49908
49909       50008
50009       50108
50109       50208
50280       50379

* - Administered port exclusions.

所以我机器上的某些东西将端口 49909 保留到 50008，这大概是导致我的应用程序失败的原因.我尝试使用以下命令删除此 excludedportrange:

So something on my machine is reserving ports 49909 to 50008, which is presumably what is causing my application to fail. I've tried deleting this excludedportrange with the following command:

netsh int ip delete excludedportrange protocol=tcp numberofports=100 startport=49909

但我看到一个错误访问被拒绝.，这让我认为保留此端口的任何东西都在积极运行，但我不知道那可能是什么.

But I see an error Access is denied., which makes me think that whatever is reserving this ports is actively running, but I have no idea what that could be.

同样奇怪的是，在运行该命令后，即使我看到了错误，如果我重新启动 excludedportrange 会有所不同.

What's also weird is that after running that command, even though I saw an error, if I reboot the excludedportrange will be different.

作为完整性检查，我还运行了 resmon.exe 并确认端口 50005 和 50006 上没有运行任何内容.

As a sanity check I've also run resmon.exe and confirmed that there is nothing running on ports 50005 and 50006.

我怎么知道是什么添加了excludedportrange?

How can I tell what is adding the excludedportrange?

我已将范围缩小到 Hyper-V.如果我禁用 Hyper-V，则不会排除这些端口.

I've narrowed this down to Hyper-V. If I disable Hyper-V then those ports are not excluded.

推荐答案

调查并释放端口

Hyper-V 似乎保留了随机端口(或至少与 Hyper-V 相关的端口).使用 netsh int ip show excludeportrange protocol=tcp 确认输出中没有工作的端口.

Investigate and Free the Ports

It appears that Hyper-V reserves random ports (or something Hyper-V related at least). Use netsh int ip show excludedportrange protocol=tcp to confirm that the ports that aren't working are in the output.

这 对我有用以释放端口向上.对我来说似乎并不打扰(25 次竖起大拇指):

This has worked for me to free the ports up. It doesn't seem intrusive to me (25 thumbs up):

这通常是由 Windows NAT 驱动程序 (winnat) 引起的，停止并重新启动该服务可能会解决该问题.

This is often caused by the Windows NAT Driver (winnat), stopping and restarting that service may resolve the issue.

net stop winnat
docker start ...
net start winnat

此后端口不再保留，但我的 WSL2 终端不再连接到互联网，因此我需要在此之后重新启动才能让一切重新工作.

After this the ports were no longer reserved, but my WSL2 terminal no longer had connection to the internet, so I needed to reboot after this to get everything working again.

如果你再不做任何事情，你很可能会再次遇到这个问题.所以例如保留端口 9012 和 9013 以备将来使用(因此 winnat 永远不会尝试使用它们):

If you don't do anything more, you'll likely run into this problem again. So to e.g. reserve ports 9012 and 9013 for your future use (so winnat never tries to use them):

netsh int ipv4 add excludedportrange protocol=tcp startport=9012 numberofports=2

(感谢@Venryx 提醒我)

(Thanks @Venryx for reminding me)

在回答关于为什么 docker 不能打开端口(24 次竖起大拇指)，这也对我有用:

In an answer to a similar question about why docker couldn't open ports (24 thumbs up), this also worked for me:

netcfg -d --这将清理所有网络设备，并需要重新启动

netcfg -d --this will clean up all networking devices, and requires a reboot

虽然有人警告(4 拇指向上).您的邮件可能会有所不同.它对我有用，主要是因为直到我成功运行它之后我才看到以下警告......

Somebody does warn about it though (4 thumbs up). Your maileage may vary. It worked for me, mostly because I didn't see the following warning until after I ran it successfully....

那个 (netcfg -d) 是危险的命令，它损坏了我的 docker 并且不再启动.即使在重新安装 HyperV 之后.并重新启动机器.这个命令似乎删除了几个网络适配器.也重新启动什么也不做.我不得不重置(松散的)容器和图像，但这导致我遇到另一个问题

that (netcfg -d) is dangerous command, it corrupted my docker and it does not start up anymore. Even after reinstalling HyperV. and rebooting machine. It seems that this command removes several network adapters. Also restart does nothing. I had to reset (loose) containers and images but that led me to another issue

对类似 docker 问题的另一个回答 (129竖起大拇指)有这个，但对我来说似乎更重要，所以我没有尝试:

another answer to a similar docker question (129 thumbs up) has this, but it seemed much more involed for me, so I didn't try it:

@veqryn 解决方法对我有用，步骤是:

@veqryn the workaround worked for me, the steps are:

1. 禁用 hyper-v(这需要重新启动几次)

1. Disable hyper-v (which will required a couple of restarts)

dism.exe/Online/Disable-Feature:Microsoft-Hyper-V

当你完成所有需要的重启后，保留你想要的端口，这样 hyper-v 就不会保留它

When you finish all the required restarts, reserve the port you want so hyper-v doesn't reserve it back

netsh int ipv4 add excludeportrange protocol=tcp startport=50051 numberofports=1 store=persistent

重新启用 hyper-V(这将需要几次重启)

Re-Enable hyper-V (which will require a couple of restart)

dism.exe/Online/Enable-Feature:Microsoft-Hyper-V/All

当您的系统恢复后，您将能够成功绑定到该端口.

when your system is back, you will be able to bind to that port successfully.

这篇关于如何查看在 Windows 上保留临时端口范围的内容?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！