I've encountered some strange behavior I don't understand. I'm installing software on a Windows 2003 Server. This software needs to bind to a specific UDP port an all TCP addresses in order to listen to requests. I seem to be able to bind to several ports of my choice but not others; specifically I can't bind to the one port I need, which is 5001. Other presumedly free ports like 5002, 5010 also fail. My first guess was "it's in use by another program", but it doesn't show either in netstat or TCPView (from sysinternals), so I'm at a loss about what to do about this. The program is getting socket error 10048 (address already in use).
These are example commands I use to try and find the "offending" program:
c:\>netstat -a -v -n -o -p udp
Active Connections
Proto Local Address Foreign Address State PID
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 512
UDP 0.0.0.0:1434 *:* 1980
UDP 0.0.0.0:4500 *:* 512
UDP 0.0.0.0:5000 *:* 5920
UDP 0.0.0.0:5500 *:* 5288
UDP 127.0.0.1:123 *:* 856
UDP 127.0.0.1:1314 *:* 4376
UDP 172.20.1.10:123 *:* 856
UDP 172.20.1.10:137 *:* 4
UDP 172.20.1.10:138 *:* 4
(No UDP port 5001 is in use!)
Or:
C:\> netstat -an | findstr 5001
(no output)
I run all tests using the local Administrator account to no avail. My program is written in C++ (Winsock 2), although I also performed quick tests with a simple VB6 program with the same results. There is no DNS service installed (which is known to reserve ranges of UDP ports).
How can I find the "offending" program, i.e., the program taking the UDP port I need to use?
Best Answer
Ports 5000 and 5001 are used by Yahoo Messenger. Don't know if both show when you netstat.
Also, 5001 is suspicious - I remember it was used by remote-access trojans. Sorry I have no details.
Have you tried to telnet to your server to port 5001? Is it really listening/in use?