问题描述

我试图了解如何启动在Windows XP上侦听同一TCP {IP，Port}对的多个进程.

I am trying to understand how can it be possible to start multiple processes listening on the same TCP {IP, Port} pair on Windows XP.

例如，我可以启动两个在端口371上监听的ncat.exe程序.第二个程序可以毫无问题地启动，并且可以接收传入的连接，而第一个程序则可以.最后启动的进程终止后，第一个进程将收到它们.

For example, I can start two ncat.exe programs listening on port 371. The second one is started without any problem and receives incoming connections while the first one does not. Once the process lastly started is terminated, the first one receives them.

netstat -a -n | find "LISTENING"
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING
   TCP    0.0.0.0:371            0.0.0.0:0              LISTENING

假设这是Windows(XP)的行为，怎么可能是安全的?安全行为?这意味着人们可以超载"任何已经在侦听的端口，而不是获得通常的地址已在使用中"错误消息，并且只需绕过防火墙，只说允许端口371上的任何TCP连接"就可以绕过防火墙.

Assuming this a Windows (XP) behaviour, how can it be a safe & secure behaviour? It means one can "overload" any already listening port instead of getting the usual "address already in use" error message, and simply bypass firewalls with rules just saying "any incoming TCP connections on port 371 are allowed".

推荐答案

SO_REUSEADDR套接字选项在Windows中的解释不同，即在Linux中，除非所有五个元组(src/dst port/ip和协议完全相同).

SO_REUSEADDR socket option is interpreted differently in windows i.e. in Linux it would allow you to reuse the same socket unless all of the five tuple (src/dst port/ip and protocol are exactly same).

但是，Windows实际上允许您窃取套接字.在这里，我会引用一个更好的书面答案.

However, windows actually allow you to steal the socket. I would quote a much better written answer here elaborating both.

这篇关于多个进程在同一个端口上侦听?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！