UDP port appears to be in use but is not shown in netstat or TCPView
Ports 5000 and 5001 are used by Yahoo Messenger. Don't know if both show when you netstat.
Also, 5001 is suspicious - I remember it was used by remote-access trojans. Sorry I have no details.
Have you tried to telnet to your server to port 5001? Is it really listening/in use?
Related videos on Youtube
Yobmod
Updated on September 18, 2022Comments
-
Yobmod over 1 year
I've encountered some strange behavior I don't understand. I'm installing software on a Windows 2003 Server. This software needs to bind to a specific UDP port an all TCP addresses in order to listen to requests. I seem to be able to bind to several ports of my choice but not others; specifically I can't bind to the one port I need, which is 5001. Other presumedly free ports like 5002, 5010 also fail. My first guess was "it's in use by another program", but it doesn't show either in netstat or TCPView (from sysinternals), so I'm at a loss about what to do about this. The program is getting socket error 10048 (address already in use).
These are example commands I use to try and find the "offending" program:
c:\>netstat -a -v -n -o -p udp Active Connections Proto Local Address Foreign Address State PID UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 512 UDP 0.0.0.0:1434 *:* 1980 UDP 0.0.0.0:4500 *:* 512 UDP 0.0.0.0:5000 *:* 5920 UDP 0.0.0.0:5500 *:* 5288 UDP 127.0.0.1:123 *:* 856 UDP 127.0.0.1:1314 *:* 4376 UDP 172.20.1.10:123 *:* 856 UDP 172.20.1.10:137 *:* 4 UDP 172.20.1.10:138 *:* 4 (No UDP port 5001 is in use!) Or: C:\> netstat -an | findstr 5001 (no output)
I run all tests using the local Administrator account to no avail. My program is written in C++ (Winsock 2), although I also performed quick tests with a simple VB6 program with the same results. There is no DNS service installed (which is known to reserve ranges of UDP ports).
How can I find the "offending" program, i.e., the program taking the UDP port I need to use?
-
Admin over 10 yearsin your netstat output, is port 5500 reserved by your app?
-
Admin over 10 years5500 is a port I'm using temporarily while I find out why I can't use 5001. UDP port 5000 is used by another app of mine.
-
Admin over 10 yearsHave you tried WireShark to see if any program is moving data on that port?
-
Admin over 10 yearsI haven't seen any traffic on those ports, no. The bottom question remains: how come the port is "taken" but netstat knows nothing about it? Weird!
-
-
Spence over 10 yearsHe's talking about a UDP port. You don't "telnet to" a UDP port.
-
Yobmod over 10 yearsThe ports were no longer in use after I rebooted the server. However, I'd still like to know why netstat didn't see the port as in use wilst the program kept getting an "address already in use" error?
-
Michael Bailey almost 9 yearsI'd spitball an application glitch
-
Michael Bailey almost 9 yearsThe only major Trojan who's touched 5001 and has been majorly reported on as doing such is "Sockets de Troie", (I've literally never heard of it) you been to France recently? Also, Yahoo Messenger Chat doesn't use 5001 UDP, but Yahoo Voice does. And A LOT of other miscellaneous applications.