On Fri, 9 May 2025 11:49:58 +0100, Andy Burns wrote :
netsh int ipv4 add excludedportrange tcp %port% 1 >nul 2>&1
if %errorlevel% == 0 (
set reserved_port=%port%
echo Successfully reserved TCP port %reserved_port%
Hi Andy,
Thanks for your purposefully helpful advice & understanding of the problem.
What I learned, I suspect almost nobody knows who isn't a networking expert.
It's been finally resolved - after years of seemingly random frustration.
With your kind advice, the final puzzle pieces finally went into place.
I rarely fail, so I tried valiantly years ago to set the port that adb used
on both Android & Windows to get around Android Wi-Fi adb connect security.
And yet, after a noble attempt at getting around that Android security
measure, I forgot that I had set the port that adb uses (until yesterday!).
Before setting the adb port, stunnel would also randomly fail on me
(where I use stunnel to handle the encryption in my newsreader scripts).
Then, at some point in time, randomly, adb would also fail to work.
The reason it was difficult to track was that nothing was using the ports.
And yet, adb (and stunnel) would, at times, fail to bind to their ports.
Yet, a reboot almost always fixed it - where two reboots always fixed it.
Worse, all the normal debugging commands (such as those Frank suggested)
fail to find the culprit because the ports are randomly excluded; not used.
Since few others had the same problem, there was precious little on the
Internet about it, which is why I resorted to asking for help on Usenet.
Apparently there is no official documentation, but as you're now likely
aware, huge swathes of ports can be randomly reserved by winnat at boot.
<
https://github.com/microsoft/WSL/issues/5306>
<
https://forums.docker.com/t/port-already-allocated/10888/6>
<
https://stackoverflow.com/questions/61885607/wsl2-port-already-in-use>
<
https://dev.to/trademark18/an-attempt-was-made-to-access-a-socket-4nh9>
<
https://www.reddit.com/r/HyperV/comments/1bowbai/port_reservation_causes_issues/>
<
https://stackoverflow.com/questions/54010365/how-to-see-what-is-reserving-ephemeral-port-ranges-on-windows>
<
https://learn.microsoft.com/en-us/answers/questions/651127/hyper-v-and-docker-desktop-preventing-port-bindin>
<
https://stackoverflow.com/questions/65272764/ports-are-not-available-listen-tcp-0-0-0-0-50070-bind-an-attempt-was-made-to>
Which you can prove yourself by stopping & restarting winnat, so not only
is it not a mystery, it's widely known to everyone but you, me (& Frank). :)
C:\> netsh interface ipv4 show excludedportrange protocol=tcp
C:\> net stop winnat
C:\> netsh interface ipv4 show excludedportrange protocol=tcp
C:\> net start winnat
C:\> netsh interface ipv4 show excludedportrange protocol=tcp
If you've enabled Hyper-V, you'll see excluded ports being random!
Which you can prove yourself by disabling & enabling Hyper-V, so not only
is it not a mystery, it's widely known to everyone but you, me & Frank. :)
PS:\> Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Hypervisor
PS:\> netsh interface ipv4 show excludedportrange protocol=tcp
PS:\> Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All
PS:\> netsh interface ipv4 show excludedportrange protocol=tcp
PS:\> Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All
PS:\> netsh interface ipv4 show excludedportrange protocol=tcp
You'll likely see a world of difference if you run those commands.
So we've established that Hyper-V affects the available ports.
[Note TCP, UDP, IPv4 & IPv6 are affected, but we're simplifying to TCP.]
If that port happens to be a port you've assigned to adb or stunnel, then
netstat/netsh won't show anything & yet you still can't bind to that port.
C:\> netstat -ano | findstr :55555
C:\> netsh interface ipv4 show tcpconnections
(finds nothing is binding to the port)
C:\> ncat -l -p 55555 (or... ncat -l -k -p 55555 -e exit)
Ncat: bind to :::55555: An attempt was made to access a socket
in a way forbidden by its access permissions. . QUITTING.
C:\> netsh interface ipv4 show excludedportrange protocol=tcp
(shows the port is excluded)
�C:\> netsh interface ipv4 delete excludedportrange protocol=tcp startport=55555 numberofports=1
Access is denied.
For Stunnel, you *must* assign a port. You have no choice.
[Mixmin]
client = yes
accept = localhost:55563
connect = news.mixmin.net:563
CAfile = ca-certs.pem
verifyChain = yes
checkHost = news.mixmin.net
OCSPaia = yes
But for adb, you do not need to assign a port; and yet, I did but
I had forgotten that I did that years ago when adb first came out
as working over Wi-Fi (Android 10? Android 11? I don't remember).
When Android came out with adb over Wi-Fi, they added security.
I rarely fail so I tried to get around that Android security.
As I recall (it was years ago) I made some progress in assigning
adb ports both on Android and on Windows that were of my choosing.
However, I was still unable to get around Android security which
requires you to look at the Android phone to use adb over Wi-Fi.
At that time, I gave up but it was an extremely rare failure
since I almost never fail - but what I didn't do was reset the
adb ports back to what they originally were before my quest.
The reason was that everything worked just fine.
It's only at some random boot weeks later, maybe months later,
that adb failed to bind to the port, where, since stunnel had
failed to bind to its ports, I didn't associate with the fact
that I had changed the port that ADB uses on Android & Windows.
And, since a reboot fixed it, I *thought* it was due to some
Microsoft update (since my machine always reboots after updates).
As you know from the reference threads on the Windows ngs, it wasn't
Microsoft after all. Nor was it adb. Nor was it stunnel.
It was Hyper-V.
Sigh.
*After years of reboots - I finally solved random port exclusions*
<
https://www.novabbs.com/computers/article-flat.php?id=87044&group=alt.comp.os.windows-10#87044>
*Warning: If you use adb or stunnel & if you enable Hyper-V*
<
https://www.novabbs.com/computers/article-flat.php?id=87110&group=alt.comp.os.windows-10#87110>
To prevent this from happening to others, my (now astute) recommendation is
that any time you feel you need to assign a port, you should also reserve
that port at the time you assign it (for example, as with your script).
In summary, the problem has been solved where what I learned was
that Hyper-V will exclude random blocks of ports, but I realize
most people won't be affected if they don't have a need to assign ports.
I had a need to assign ports for two reasons most people won't have:
1. I was trying to get around Android adb Wi-Fi security, and,
2. My newsreader was written years ago from scratch with telnet.
To bring things to full circle, I think you and I, long ago, had
discussed the new adb over Wi-Fi security restrictions, which means
what started the adb port permission problem has come full circle
with this thread, years later, which shows possible repercussions
when you try to subvert Android adb Wi-Fi security by changing ports.
*Do you use ADB (or ScreenCopy) with Android & Windows?*
<
https://www.novabbs.com/computers/article-flat.php?id=58842&group=comp.mobile.android#58842>
Do you use ADB (or ScreenCopy) with Android & Windows?
Re: Do you use ADB (or ScreenCopy) with Android & Windows?