2.6.7. Diagnosing socket binding problems
Diagnosing socket binding problems is easy when the return code of the bind()
call is available. The typical return codes are:
- WSAEADDRINUSE (10048): this typically means that the
SO_REUSEADDR socket option was not used.
- WSAEACCES (10013): this means that socket hijacking protection was enabled
(either with SO_EXCLUSIVEADDRUSE or with
DisableAddressSharing set to 1.
Most of the times, the bind() return code is not available. In that case, the
TDIMon [10] tool can be used:
1 0.00000000 my_netcat.exe:65 819D38B8 IRP_MJ_CREATE TCP:0.0.0.0:445 SHARING_VIOLATION Address Open
- When the WSAEADDRINUSE error is returned, TDIMon does not display
anything, because this error code is returned directly by the Afd driver, without ever
communicating with the TCP/IP driver.
- When the WSAEACCES error is returned, TDIMon displays the
SHARING_VIOLATION error, returned at the TDI level