dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4757
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

[WIN8] Ephemeral Port Exhaustion?

Log Name: System
Source: Tcpip
Date: 3/4/2013 9:24:27 PM
Event ID: 4231
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Smokey
Description:
A request to allocate an ephemeral port number from the global TCP
port space has failed due to all such ports being in use.
Event Xml:

4231
3
0
0x80000000000000

9658
System
Smokey

00000000010000000000000087100080000000000000000000000000000000000000000000000000

When this happened I had no internet access on all four browsers I had open.

Ping Plotter Pro was running with no problems to 4 targets. I had an internet connection. But I could do nothing on any browser.

I had this error one other time two days ago in Event Viewer while I was asleep but Fx and Opera were running on the taskbar.

I rebooted and everything seems ok. There is nothing in Action Center. Before I rebooted, I used the internet connection troubleshooter and it detected no problems yet I could not use my browsers at all to surf until I rebooted.

Since this has happened twice in two days, it may happen again. How do I troubleshoot it? I didn't think to use CMD and netstat -n or netstat -b to see what application is using so many ports. If I had seen a particular application using all the ports and I closed it would that have avoided having to reboot?
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

With TCP ports, correct operation of the protocol requires that one end of the connection puts its port in an unusable state for a while (twice the maximum segment lifetime; ~2 mins?) after the connection is closed. This is the TIME_WAIT state that shows up in netstat.

So, if some app is rapidly creating new connections and immediately closing them, you can end up with a lot of TCP ports in TiME_WAIT and none available.

Shutting the responsible app down will not immediately free up such ports (only time does that), but it will stop it consuming more of them. And eventually you will have TCP ports.

The netstat command you want is netstat -a -p tcp (a = all states, p = select protocol).

However, TIME_WAIT ports are no longer owned by any process (the app has closed the connection, that's probably how they got in that state) and it will not help you directly tell which app is responsible. However, you should be able to see where the connections were to, and that might tell you something.

I imagine that something called PingPolotter works like the 'ping' command, which does not use TCP, and is therefore unaffected by a shortage of TCP ports.

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to Mele20

Premium Member

to Mele20
»msdn.microsoft.com/en-us ··· %29.aspx

You can bump the number up in the registry.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to dave

Premium Member

to dave
Thank you! All these years and I never really knew what TIME_WAIT meant in netstat. I'm glad to be informed about it.

It is possible that Ping Plotter Pro could be involved as it has a TCP engine (as well as the ICMP default one). I don't recall though if I was using the TCP engine to any site. (I only do that with sites that firewall the final hop). Oh, I did have the TCP engine being used to ping toThe Pirate Bay site. (I read the thread in the Security forum and the site is not in North Korea but Amsterdam which I could see by using Ping Plotter's TCP engine). I've seen Ping Plotter report using too many connections and shutting itself down....only on Win 8 though.

I was so puzzled that I didn't check anything useful. I've never had that happen before where I had internet connection but no ability to use it. When it happened the first time, a couple of days ago, I was asleep and Ping Plotter was not running. Could be the Proxomitron. I have been having problems with it on Win 8...like I have with Piing Plotter...no significant problems on earlier OSes.