Reserving ports in the Windows 10 Dynamic Port Range

3

3

I want to set a Windows 10 dynamic port range between 20000 and 29999 (inclusively), so a range of 10000 ports.

To do this, I run the following commands:

netsh int ipv4 set dynamicport tcp start=20000 num=10000
netsh int ipv4 set dynamicport udp start=20000 num=10000
netsh int ipv6 set dynamicport tcp start=20000 num=10000
netsh int ipv6 set dynamicport udp start=20000 num=10000

Following this, querying the range using the following example command:

netsh int ipv4 show dynamicport tcp

...produces the following result:

Protocol tcp Dynamic Port Range
-------------------------------
Start Port      : 20000
Number of Ports : 10000

Which looks correct to me.

Now suppose I want to reserve certain ports within that Windows Dynamic Port Range, say 21000-21050, then I run the following command:

reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ /v ReservedPorts /t REG_MULTI_SZ /d 21000-21050 /f

Following this, requerying the Windows Dynamic Port range produces the following result:

Protocol tcp Dynamic Port Range
-------------------------------
Start Port      : 20000
Number of Ports : 10000

Is this expected behaviour? Or should the resultant table be fragmented somewhat to reflect the port reservations which fall within the middle of the dynamic range, e.g. something like:

Protocol tcp Dynamic Port Range
-------------------------------
Start Port      : 20000, 21051 
Number of Ports : 1000 , 8950

My port reservation command has updated the registry with the ReservedPorts setting so I assume this is all correct behaviour.

Are there any other ways to test this process prior to deployment in a system?

Thanks

user961820

Posted 2018-11-14T11:48:11.560

Reputation:

Answers

4

Windows Vista and higher do not support the ReservedPorts registry value. (Source)

Instead, you can use the netsh utility to achieve the same effect:

netsh int <ipv4|ipv6> Add excludedportrange [protocol=]tcp|udp [startport=]<integer> [numberofports=]<integer> [[store=]active|persistent]

You can also remove entries:

netsh int <ipv4|ipv6> delete excludedportrange [protocol=]tcp|udp [startport=]<integer> [numberofports=]<integer> [[store=]active|persistent]

...or list them:

netsh int <ipv4|ipv6> show excludedportrange [protocol=]tcp|udp [[store=]active|persistent]

I doubt any of that would affect the output of netsh int <ipv4|ipv6> show dynamicport tcp.

Daniel B

Posted 2018-11-14T11:48:11.560

Reputation: 40 502

Thanks. Are you sure that ReservedPorts thing doesn't just affect Server 2008? I know the page says "This issue occurs because Windows Server 2008 and Windows Server 2008 R2 do not support the ReservedPorts registry key". Where does it say it also affects Windows 10? Thanks. – None – 2018-11-14T13:15:54.270

It’s because of the new network stack since Vista/Server 2008. But really, just try. The commands I quoted are available, they will most likely work. – Daniel B – 2018-11-14T21:49:48.893

1When running the delete commands, I keep getting "Access is denied." even when running as admin. Any idea how to get around that? Haven't been able to find information regarding it. – FreakyDan – 2019-08-29T12:10:26.553

Asked: 2018-11-14T11:48:11.560

Viewed: 4 651 times

Active: 2018-11-14T11:56:49.863