How are source ports determined and how can I force it to use a specific port












23














When I connect to https://www.google.co.uk this changes to 216.58.198.228:443. Then a connection to me opens on [My IP Address]:63998.



My question is how is 63998 port choosen and is there a way of forcing it to be 63999.










share|improve this question




















  • 9




    is there a way of forcing it to be 63999 Do you have any reason for trying to do this?
    – A.L
    Aug 29 '16 at 11:52






  • 1




    If you're writing an application, you can open any (unused) source port that you want. But it's not a good idea and not clear why you want this?
    – pjc50
    Aug 29 '16 at 13:08






  • 6




    @pjc50 Indeed, this question seems like it might be having an XY problem.
    – Dev
    Aug 29 '16 at 16:27






  • 1




    I"ve submitted an edit to change the title to say "source" rather than "local", as destination port numbers are "local" to the destination machine, but the source of the initial TCP SYN packet is unambiguously that of the initiator of the connection.
    – Monty Harder
    Aug 29 '16 at 18:50
















23














When I connect to https://www.google.co.uk this changes to 216.58.198.228:443. Then a connection to me opens on [My IP Address]:63998.



My question is how is 63998 port choosen and is there a way of forcing it to be 63999.










share|improve this question




















  • 9




    is there a way of forcing it to be 63999 Do you have any reason for trying to do this?
    – A.L
    Aug 29 '16 at 11:52






  • 1




    If you're writing an application, you can open any (unused) source port that you want. But it's not a good idea and not clear why you want this?
    – pjc50
    Aug 29 '16 at 13:08






  • 6




    @pjc50 Indeed, this question seems like it might be having an XY problem.
    – Dev
    Aug 29 '16 at 16:27






  • 1




    I"ve submitted an edit to change the title to say "source" rather than "local", as destination port numbers are "local" to the destination machine, but the source of the initial TCP SYN packet is unambiguously that of the initiator of the connection.
    – Monty Harder
    Aug 29 '16 at 18:50














23












23








23


6





When I connect to https://www.google.co.uk this changes to 216.58.198.228:443. Then a connection to me opens on [My IP Address]:63998.



My question is how is 63998 port choosen and is there a way of forcing it to be 63999.










share|improve this question















When I connect to https://www.google.co.uk this changes to 216.58.198.228:443. Then a connection to me opens on [My IP Address]:63998.



My question is how is 63998 port choosen and is there a way of forcing it to be 63999.







networking port tcp






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Aug 29 '16 at 19:47

























asked Aug 29 '16 at 10:01









TheGathron

1461113




1461113








  • 9




    is there a way of forcing it to be 63999 Do you have any reason for trying to do this?
    – A.L
    Aug 29 '16 at 11:52






  • 1




    If you're writing an application, you can open any (unused) source port that you want. But it's not a good idea and not clear why you want this?
    – pjc50
    Aug 29 '16 at 13:08






  • 6




    @pjc50 Indeed, this question seems like it might be having an XY problem.
    – Dev
    Aug 29 '16 at 16:27






  • 1




    I"ve submitted an edit to change the title to say "source" rather than "local", as destination port numbers are "local" to the destination machine, but the source of the initial TCP SYN packet is unambiguously that of the initiator of the connection.
    – Monty Harder
    Aug 29 '16 at 18:50














  • 9




    is there a way of forcing it to be 63999 Do you have any reason for trying to do this?
    – A.L
    Aug 29 '16 at 11:52






  • 1




    If you're writing an application, you can open any (unused) source port that you want. But it's not a good idea and not clear why you want this?
    – pjc50
    Aug 29 '16 at 13:08






  • 6




    @pjc50 Indeed, this question seems like it might be having an XY problem.
    – Dev
    Aug 29 '16 at 16:27






  • 1




    I"ve submitted an edit to change the title to say "source" rather than "local", as destination port numbers are "local" to the destination machine, but the source of the initial TCP SYN packet is unambiguously that of the initiator of the connection.
    – Monty Harder
    Aug 29 '16 at 18:50








9




9




is there a way of forcing it to be 63999 Do you have any reason for trying to do this?
– A.L
Aug 29 '16 at 11:52




is there a way of forcing it to be 63999 Do you have any reason for trying to do this?
– A.L
Aug 29 '16 at 11:52




1




1




If you're writing an application, you can open any (unused) source port that you want. But it's not a good idea and not clear why you want this?
– pjc50
Aug 29 '16 at 13:08




If you're writing an application, you can open any (unused) source port that you want. But it's not a good idea and not clear why you want this?
– pjc50
Aug 29 '16 at 13:08




6




6




@pjc50 Indeed, this question seems like it might be having an XY problem.
– Dev
Aug 29 '16 at 16:27




@pjc50 Indeed, this question seems like it might be having an XY problem.
– Dev
Aug 29 '16 at 16:27




1




1




I"ve submitted an edit to change the title to say "source" rather than "local", as destination port numbers are "local" to the destination machine, but the source of the initial TCP SYN packet is unambiguously that of the initiator of the connection.
– Monty Harder
Aug 29 '16 at 18:50




I"ve submitted an edit to change the title to say "source" rather than "local", as destination port numbers are "local" to the destination machine, but the source of the initial TCP SYN packet is unambiguously that of the initiator of the connection.
– Monty Harder
Aug 29 '16 at 18:50










3 Answers
3






active

oldest

votes


















32














How are local ports determined



The port number is chosen by the TCP implementation software from a range of port numbers called Ephemeral Ports.



The exact mechanism for choosing the port number and the range to be used is Operating System dependent.





Is there a way of forcing it to be 63999.



This can be done by changing the configuration of the TCP implementation software.



Instructions on configuring the Ephemeral Ports range for a variety of different Operating Systems can be found at Changing the Ephemeral Port Range.




  • Instructions for Linux and Windows are included in this answer below for reference.


However, it is not a good idea to restrict the range to a single port, for example 63999.





  • In fact on Windows this is not possible as:




    The minimum range of ports that can be set is 255.







The Ephemeral Port Range




A TCP/IPv4 connection consists of two endpoints, and each endpoint
consists of an IP address and a port number. Therefore, when a client
user connects to a server computer, an established connection can be
thought of as the 4-tuple of (server IP, server port, client IP,
client port).



Usually three of the four are readily known -- client machine uses its
own IP address and when connecting to a remote service, the server
machine's IP address and service port number are required.



What is not immediately evident is that when a connection is
established that the client side of the connection uses a port number.
Unless a client program explicitly requests a specific port number,
the port number used is an ephemeral port number.



Ephemeral ports are temporary ports assigned by a machine's IP stack,
and are assigned from a designated range of ports for this purpose.
When the connection terminates, the ephemeral port is available for
reuse, although most IP stacks won't reuse that port number until the
entire pool of ephemeral ports have been used.



So, if the client program reconnects, it will be assigned a different
ephemeral port number for its side of the new connection.




Source The Ephemeral Port Range





Changing the Ephemeral Port Range



Linux:




Linux allows you to view and change the ephemeral port range by simply
using the file /proc/sys/net/ipv4/ip_local_port_range. For example,
this shows the default configuration on a kernel 2.2 system:



$ cat /proc/sys/net/ipv4/ip_local_port_range 
1024 4999


To change this to the preferred range, you could do (as superuser):



# echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range 


Note that you would need to do this each time the system boots, so be
sure to add a line to a system startup script such as /etc/rc.local
so your range is always used.



Also note that the Linux 2.4 kernel will default the range of 32768
through 61000 if adequate kernel memory is available, so changing the
range may not be necessary on newer Linux systems.



Finally, also note that you may be able to use the sysctl interface
to change the settings rather than using the /proc filesystem. The
name of the sysctl parameter is "net.ipv4.ip_local_port_range".
Edit the /etc/sysctl.conf file if you have it, or have a startup
script run the sysctl command manually if you want to change this
parameter using sysctl.




Windows Vista/Windows Server 2008 and newer:




As of Windows Vista and Windows Server 2008, Windows now uses a large
range (49152-65535) by default, according to Microsoft Knowledgebase
Article 929851. That same article also shows how you can change
the range if desired, but the default range is now sufficient for most
servers.




Source Changing the Ephemeral Port Range




You can view the dynamic port range on a computer that is running
Windows Vista or Windows Server 2008 computer by using the following
netsh commands:



netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp


Notes:




  • The range is set separately for each transport and for each version of IP.

  • The port range is now truly a range with a starting point and with an endpoint.

  • Microsoft customers who deploy servers that are running Windows Server 2008 may have problems with RPC communication between servers
    if firewalls are used on the internal network.

  • In these cases, we recommend that you reconfigure the firewalls to allow for traffic between servers in the dynamic port range of 49152
    through 65535.

  • This range is in addition to well-known ports that are used by services and by applications.

  • Or, the port range that is used by the servers can be modified on each server.


You adjust this range by using the netsh command, as follows:



netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range


This command sets the dynamic port range for TCP. The start port is
number, and the total number of ports is range. The following are
sample commands:



netsh int ipv4 set dynamicport tcp start=10000 num=1000
netsh int ipv4 set dynamicport udp start=10000 num=1000
netsh int ipv6 set dynamicport tcp start=10000 num=1000
netsh int ipv6 set dynamicport udp start=10000 num=1000


These sample commands set the dynamic port range to start at port
10000 and to end at port 10999 (1000 ports).



Notes:




  • The minimum range of ports that can be set is 255.

  • The minimum starting port that can be set is 1025.

  • The maximum end port (based on the range being configured) cannot exceed 65535.

  • To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and
    UDP. This results in a start port of 1025 and an end port of 5000.




Source Microsoft Knowledgebase Article 929851:



Windows XP and older:




For older Windows operating systems (Windows XP and older), Windows
uses the traditional BSD range of 1024 through 4999 for its ephemeral
port range. Unfortunately it appears that you can only set the upper
bound of the ephemeral port range. Here is information excerpted from
Microsoft Knowledgebase Article 196271:




  • Start Registry Editor (Regedt32.exe).


  • Locate the following key in the registry:



    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters




  • On the "Edit" menu, click "Add Value", and then add the following registry value:



    Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 (for
    example)



    Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)



    Description: This parameter controls the maximum port number used
    when an application requests any available user port from the system.
    Normally, ephemeral (that is, short-lived) ports are allocated between
    the values of 1024 and 5000 inclusive.



  • Quit Registry Editor.



Note: There is another relevant KB article (812873) which claims
to allow you to set an exclusion range, which could mean that you
could exclude ports 1024-9999 (for example) to have the ephemeral
port range be 10000-65534. However, we have not been able to get
this to work (as of October 2004).




Source Changing the Ephemeral Port Range






share|improve this answer



















  • 1




    For at least windows is seems like it is possible to restrict the port range system wide. In most cases this is probably a bad idea, especially restricting it to one port would be: See KB 929851, the commands listed at least work on Windows 7.
    – Seth
    Aug 29 '16 at 10:36










  • @Seth Yes. I was reluctant to mention this since the OP didn't mention his OS and I didn't want to expand the answer to cover N operating systems ...
    – DavidPostill
    Aug 29 '16 at 10:38












  • You're right about that. After all there are plenty of operating systems. It's just something I stumbled across while originally trying to answer this question. As your answer was up faster I just thought I'd add it. It's a really well written answer! :) Just added it as a hint that sometimes changing the configuration is sufficient rather than reprogramming (maybe my understanding is just different - for me that sounds akin to recompile).
    – Seth
    Aug 29 '16 at 10:45








  • 1




    In fact, in Linux too it is very simple: just do echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range. It is so simple that it can be done on a per-command basis.
    – MariusMatutiae
    Aug 29 '16 at 11:06






  • 2




    Rather than changing the ephemeral port range it would be much better to have the application call the bind system call before it calls connect. Some applications have an option to do that, other applications do not.
    – kasperd
    Aug 29 '16 at 19:24



















8














David Postill's answer is perfectly right. I would like just to add to it, by stressing that changing the ephemeral port range in Linux is so simple, that the OP has an affirmative answer.



You change the EPR as follows:



echo "40000 60000" > /proc/sys/net/ipv4/ip_local_port_range 


and you can select port 50000 (as an example) with the following script:



OLD_RANGE=$(cat /proc/sys/net/ipv4/ip_local_port_range)
MY_PORT=50000
echo "$MY_PORT $MY_PORT" > /proc/sys/net/ipv4/ip_local_port_range
sudo -u SomeUser SomeApplication &
echo $OLD_RANGE" > /proc/sys/net/ipv4/ip_local_port_range


One caveat here: since there is a single port in the range, another application might snatch it away from you between the execution of the third and the fourth lines above; also, even if there is no race condition, you will paralyze all other applications until you restore a large EPR, which is why I restored the original range as soon as possible.



Thus, if the OPs' operating system had been Linux, the answer would have been that it could easily be done.



Amazingly, this is not as straightforward on BSDs, some of which do not even have a runtime kernel setting for the EPR. MacOS X, FreeBSD and OpenBSD require modifying the file /etc/sysctl.conf, but they have different choices for the EPR.



Regardless of the above and of the OS, the fact that something can be done does not mean it ought to be done: why on Earth do you need this? I cannot think of a single use case.






share|improve this answer























  • For Linux example +1.
    – DavidPostill
    Aug 29 '16 at 11:38










  • Hehe. BSD/OS requires recompiling the kernel :)
    – DavidPostill
    Aug 29 '16 at 11:54






  • 1




    @DavidPostill That's a major bummer.
    – MariusMatutiae
    Aug 29 '16 at 12:00










  • There is a flaw in your code example. Your type cast is very misplaced. Additionally it would be a good idea to make BIND_PORT optional, such that the code still can be used in exactly the same way as the original. I think htons(bind_port_env ? atoi(bind_port_env) : 0) would do the right thing.
    – kasperd
    Aug 30 '16 at 19:11



















0














It's worth adding that Linux kernel also has



net.ipv4.ip_local_reserved_ports



knob that does somewhat opposite but nevertheless it might be very useful because that way you can "punch a hole" for services that open specific port(s) in otherwise ephemeral range of ports.



Brief excerpt from the docs:




Specify the ports which are reserved for known third-party
applications. These ports will not be used by automatic port
assignments (e.g. when calling connect() or bind() with port
number 0). Explicit port allocation behavior is unchanged.



The format used for both input and output is a comma separated
list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
10). Writing to the file will clear all previously reserved
ports and update the current list with the one given in the
input.







share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1118735%2fhow-are-source-ports-determined-and-how-can-i-force-it-to-use-a-specific-port%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    32














    How are local ports determined



    The port number is chosen by the TCP implementation software from a range of port numbers called Ephemeral Ports.



    The exact mechanism for choosing the port number and the range to be used is Operating System dependent.





    Is there a way of forcing it to be 63999.



    This can be done by changing the configuration of the TCP implementation software.



    Instructions on configuring the Ephemeral Ports range for a variety of different Operating Systems can be found at Changing the Ephemeral Port Range.




    • Instructions for Linux and Windows are included in this answer below for reference.


    However, it is not a good idea to restrict the range to a single port, for example 63999.





    • In fact on Windows this is not possible as:




      The minimum range of ports that can be set is 255.







    The Ephemeral Port Range




    A TCP/IPv4 connection consists of two endpoints, and each endpoint
    consists of an IP address and a port number. Therefore, when a client
    user connects to a server computer, an established connection can be
    thought of as the 4-tuple of (server IP, server port, client IP,
    client port).



    Usually three of the four are readily known -- client machine uses its
    own IP address and when connecting to a remote service, the server
    machine's IP address and service port number are required.



    What is not immediately evident is that when a connection is
    established that the client side of the connection uses a port number.
    Unless a client program explicitly requests a specific port number,
    the port number used is an ephemeral port number.



    Ephemeral ports are temporary ports assigned by a machine's IP stack,
    and are assigned from a designated range of ports for this purpose.
    When the connection terminates, the ephemeral port is available for
    reuse, although most IP stacks won't reuse that port number until the
    entire pool of ephemeral ports have been used.



    So, if the client program reconnects, it will be assigned a different
    ephemeral port number for its side of the new connection.




    Source The Ephemeral Port Range





    Changing the Ephemeral Port Range



    Linux:




    Linux allows you to view and change the ephemeral port range by simply
    using the file /proc/sys/net/ipv4/ip_local_port_range. For example,
    this shows the default configuration on a kernel 2.2 system:



    $ cat /proc/sys/net/ipv4/ip_local_port_range 
    1024 4999


    To change this to the preferred range, you could do (as superuser):



    # echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range 


    Note that you would need to do this each time the system boots, so be
    sure to add a line to a system startup script such as /etc/rc.local
    so your range is always used.



    Also note that the Linux 2.4 kernel will default the range of 32768
    through 61000 if adequate kernel memory is available, so changing the
    range may not be necessary on newer Linux systems.



    Finally, also note that you may be able to use the sysctl interface
    to change the settings rather than using the /proc filesystem. The
    name of the sysctl parameter is "net.ipv4.ip_local_port_range".
    Edit the /etc/sysctl.conf file if you have it, or have a startup
    script run the sysctl command manually if you want to change this
    parameter using sysctl.




    Windows Vista/Windows Server 2008 and newer:




    As of Windows Vista and Windows Server 2008, Windows now uses a large
    range (49152-65535) by default, according to Microsoft Knowledgebase
    Article 929851. That same article also shows how you can change
    the range if desired, but the default range is now sufficient for most
    servers.




    Source Changing the Ephemeral Port Range




    You can view the dynamic port range on a computer that is running
    Windows Vista or Windows Server 2008 computer by using the following
    netsh commands:



    netsh int ipv4 show dynamicport tcp
    netsh int ipv4 show dynamicport udp
    netsh int ipv6 show dynamicport tcp
    netsh int ipv6 show dynamicport udp


    Notes:




    • The range is set separately for each transport and for each version of IP.

    • The port range is now truly a range with a starting point and with an endpoint.

    • Microsoft customers who deploy servers that are running Windows Server 2008 may have problems with RPC communication between servers
      if firewalls are used on the internal network.

    • In these cases, we recommend that you reconfigure the firewalls to allow for traffic between servers in the dynamic port range of 49152
      through 65535.

    • This range is in addition to well-known ports that are used by services and by applications.

    • Or, the port range that is used by the servers can be modified on each server.


    You adjust this range by using the netsh command, as follows:



    netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range


    This command sets the dynamic port range for TCP. The start port is
    number, and the total number of ports is range. The following are
    sample commands:



    netsh int ipv4 set dynamicport tcp start=10000 num=1000
    netsh int ipv4 set dynamicport udp start=10000 num=1000
    netsh int ipv6 set dynamicport tcp start=10000 num=1000
    netsh int ipv6 set dynamicport udp start=10000 num=1000


    These sample commands set the dynamic port range to start at port
    10000 and to end at port 10999 (1000 ports).



    Notes:




    • The minimum range of ports that can be set is 255.

    • The minimum starting port that can be set is 1025.

    • The maximum end port (based on the range being configured) cannot exceed 65535.

    • To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and
      UDP. This results in a start port of 1025 and an end port of 5000.




    Source Microsoft Knowledgebase Article 929851:



    Windows XP and older:




    For older Windows operating systems (Windows XP and older), Windows
    uses the traditional BSD range of 1024 through 4999 for its ephemeral
    port range. Unfortunately it appears that you can only set the upper
    bound of the ephemeral port range. Here is information excerpted from
    Microsoft Knowledgebase Article 196271:




    • Start Registry Editor (Regedt32.exe).


    • Locate the following key in the registry:



      HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters




    • On the "Edit" menu, click "Add Value", and then add the following registry value:



      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 (for
      example)



      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)



      Description: This parameter controls the maximum port number used
      when an application requests any available user port from the system.
      Normally, ephemeral (that is, short-lived) ports are allocated between
      the values of 1024 and 5000 inclusive.



    • Quit Registry Editor.



    Note: There is another relevant KB article (812873) which claims
    to allow you to set an exclusion range, which could mean that you
    could exclude ports 1024-9999 (for example) to have the ephemeral
    port range be 10000-65534. However, we have not been able to get
    this to work (as of October 2004).




    Source Changing the Ephemeral Port Range






    share|improve this answer



















    • 1




      For at least windows is seems like it is possible to restrict the port range system wide. In most cases this is probably a bad idea, especially restricting it to one port would be: See KB 929851, the commands listed at least work on Windows 7.
      – Seth
      Aug 29 '16 at 10:36










    • @Seth Yes. I was reluctant to mention this since the OP didn't mention his OS and I didn't want to expand the answer to cover N operating systems ...
      – DavidPostill
      Aug 29 '16 at 10:38












    • You're right about that. After all there are plenty of operating systems. It's just something I stumbled across while originally trying to answer this question. As your answer was up faster I just thought I'd add it. It's a really well written answer! :) Just added it as a hint that sometimes changing the configuration is sufficient rather than reprogramming (maybe my understanding is just different - for me that sounds akin to recompile).
      – Seth
      Aug 29 '16 at 10:45








    • 1




      In fact, in Linux too it is very simple: just do echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range. It is so simple that it can be done on a per-command basis.
      – MariusMatutiae
      Aug 29 '16 at 11:06






    • 2




      Rather than changing the ephemeral port range it would be much better to have the application call the bind system call before it calls connect. Some applications have an option to do that, other applications do not.
      – kasperd
      Aug 29 '16 at 19:24
















    32














    How are local ports determined



    The port number is chosen by the TCP implementation software from a range of port numbers called Ephemeral Ports.



    The exact mechanism for choosing the port number and the range to be used is Operating System dependent.





    Is there a way of forcing it to be 63999.



    This can be done by changing the configuration of the TCP implementation software.



    Instructions on configuring the Ephemeral Ports range for a variety of different Operating Systems can be found at Changing the Ephemeral Port Range.




    • Instructions for Linux and Windows are included in this answer below for reference.


    However, it is not a good idea to restrict the range to a single port, for example 63999.





    • In fact on Windows this is not possible as:




      The minimum range of ports that can be set is 255.







    The Ephemeral Port Range




    A TCP/IPv4 connection consists of two endpoints, and each endpoint
    consists of an IP address and a port number. Therefore, when a client
    user connects to a server computer, an established connection can be
    thought of as the 4-tuple of (server IP, server port, client IP,
    client port).



    Usually three of the four are readily known -- client machine uses its
    own IP address and when connecting to a remote service, the server
    machine's IP address and service port number are required.



    What is not immediately evident is that when a connection is
    established that the client side of the connection uses a port number.
    Unless a client program explicitly requests a specific port number,
    the port number used is an ephemeral port number.



    Ephemeral ports are temporary ports assigned by a machine's IP stack,
    and are assigned from a designated range of ports for this purpose.
    When the connection terminates, the ephemeral port is available for
    reuse, although most IP stacks won't reuse that port number until the
    entire pool of ephemeral ports have been used.



    So, if the client program reconnects, it will be assigned a different
    ephemeral port number for its side of the new connection.




    Source The Ephemeral Port Range





    Changing the Ephemeral Port Range



    Linux:




    Linux allows you to view and change the ephemeral port range by simply
    using the file /proc/sys/net/ipv4/ip_local_port_range. For example,
    this shows the default configuration on a kernel 2.2 system:



    $ cat /proc/sys/net/ipv4/ip_local_port_range 
    1024 4999


    To change this to the preferred range, you could do (as superuser):



    # echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range 


    Note that you would need to do this each time the system boots, so be
    sure to add a line to a system startup script such as /etc/rc.local
    so your range is always used.



    Also note that the Linux 2.4 kernel will default the range of 32768
    through 61000 if adequate kernel memory is available, so changing the
    range may not be necessary on newer Linux systems.



    Finally, also note that you may be able to use the sysctl interface
    to change the settings rather than using the /proc filesystem. The
    name of the sysctl parameter is "net.ipv4.ip_local_port_range".
    Edit the /etc/sysctl.conf file if you have it, or have a startup
    script run the sysctl command manually if you want to change this
    parameter using sysctl.




    Windows Vista/Windows Server 2008 and newer:




    As of Windows Vista and Windows Server 2008, Windows now uses a large
    range (49152-65535) by default, according to Microsoft Knowledgebase
    Article 929851. That same article also shows how you can change
    the range if desired, but the default range is now sufficient for most
    servers.




    Source Changing the Ephemeral Port Range




    You can view the dynamic port range on a computer that is running
    Windows Vista or Windows Server 2008 computer by using the following
    netsh commands:



    netsh int ipv4 show dynamicport tcp
    netsh int ipv4 show dynamicport udp
    netsh int ipv6 show dynamicport tcp
    netsh int ipv6 show dynamicport udp


    Notes:




    • The range is set separately for each transport and for each version of IP.

    • The port range is now truly a range with a starting point and with an endpoint.

    • Microsoft customers who deploy servers that are running Windows Server 2008 may have problems with RPC communication between servers
      if firewalls are used on the internal network.

    • In these cases, we recommend that you reconfigure the firewalls to allow for traffic between servers in the dynamic port range of 49152
      through 65535.

    • This range is in addition to well-known ports that are used by services and by applications.

    • Or, the port range that is used by the servers can be modified on each server.


    You adjust this range by using the netsh command, as follows:



    netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range


    This command sets the dynamic port range for TCP. The start port is
    number, and the total number of ports is range. The following are
    sample commands:



    netsh int ipv4 set dynamicport tcp start=10000 num=1000
    netsh int ipv4 set dynamicport udp start=10000 num=1000
    netsh int ipv6 set dynamicport tcp start=10000 num=1000
    netsh int ipv6 set dynamicport udp start=10000 num=1000


    These sample commands set the dynamic port range to start at port
    10000 and to end at port 10999 (1000 ports).



    Notes:




    • The minimum range of ports that can be set is 255.

    • The minimum starting port that can be set is 1025.

    • The maximum end port (based on the range being configured) cannot exceed 65535.

    • To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and
      UDP. This results in a start port of 1025 and an end port of 5000.




    Source Microsoft Knowledgebase Article 929851:



    Windows XP and older:




    For older Windows operating systems (Windows XP and older), Windows
    uses the traditional BSD range of 1024 through 4999 for its ephemeral
    port range. Unfortunately it appears that you can only set the upper
    bound of the ephemeral port range. Here is information excerpted from
    Microsoft Knowledgebase Article 196271:




    • Start Registry Editor (Regedt32.exe).


    • Locate the following key in the registry:



      HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters




    • On the "Edit" menu, click "Add Value", and then add the following registry value:



      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 (for
      example)



      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)



      Description: This parameter controls the maximum port number used
      when an application requests any available user port from the system.
      Normally, ephemeral (that is, short-lived) ports are allocated between
      the values of 1024 and 5000 inclusive.



    • Quit Registry Editor.



    Note: There is another relevant KB article (812873) which claims
    to allow you to set an exclusion range, which could mean that you
    could exclude ports 1024-9999 (for example) to have the ephemeral
    port range be 10000-65534. However, we have not been able to get
    this to work (as of October 2004).




    Source Changing the Ephemeral Port Range






    share|improve this answer



















    • 1




      For at least windows is seems like it is possible to restrict the port range system wide. In most cases this is probably a bad idea, especially restricting it to one port would be: See KB 929851, the commands listed at least work on Windows 7.
      – Seth
      Aug 29 '16 at 10:36










    • @Seth Yes. I was reluctant to mention this since the OP didn't mention his OS and I didn't want to expand the answer to cover N operating systems ...
      – DavidPostill
      Aug 29 '16 at 10:38












    • You're right about that. After all there are plenty of operating systems. It's just something I stumbled across while originally trying to answer this question. As your answer was up faster I just thought I'd add it. It's a really well written answer! :) Just added it as a hint that sometimes changing the configuration is sufficient rather than reprogramming (maybe my understanding is just different - for me that sounds akin to recompile).
      – Seth
      Aug 29 '16 at 10:45








    • 1




      In fact, in Linux too it is very simple: just do echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range. It is so simple that it can be done on a per-command basis.
      – MariusMatutiae
      Aug 29 '16 at 11:06






    • 2




      Rather than changing the ephemeral port range it would be much better to have the application call the bind system call before it calls connect. Some applications have an option to do that, other applications do not.
      – kasperd
      Aug 29 '16 at 19:24














    32












    32








    32






    How are local ports determined



    The port number is chosen by the TCP implementation software from a range of port numbers called Ephemeral Ports.



    The exact mechanism for choosing the port number and the range to be used is Operating System dependent.





    Is there a way of forcing it to be 63999.



    This can be done by changing the configuration of the TCP implementation software.



    Instructions on configuring the Ephemeral Ports range for a variety of different Operating Systems can be found at Changing the Ephemeral Port Range.




    • Instructions for Linux and Windows are included in this answer below for reference.


    However, it is not a good idea to restrict the range to a single port, for example 63999.





    • In fact on Windows this is not possible as:




      The minimum range of ports that can be set is 255.







    The Ephemeral Port Range




    A TCP/IPv4 connection consists of two endpoints, and each endpoint
    consists of an IP address and a port number. Therefore, when a client
    user connects to a server computer, an established connection can be
    thought of as the 4-tuple of (server IP, server port, client IP,
    client port).



    Usually three of the four are readily known -- client machine uses its
    own IP address and when connecting to a remote service, the server
    machine's IP address and service port number are required.



    What is not immediately evident is that when a connection is
    established that the client side of the connection uses a port number.
    Unless a client program explicitly requests a specific port number,
    the port number used is an ephemeral port number.



    Ephemeral ports are temporary ports assigned by a machine's IP stack,
    and are assigned from a designated range of ports for this purpose.
    When the connection terminates, the ephemeral port is available for
    reuse, although most IP stacks won't reuse that port number until the
    entire pool of ephemeral ports have been used.



    So, if the client program reconnects, it will be assigned a different
    ephemeral port number for its side of the new connection.




    Source The Ephemeral Port Range





    Changing the Ephemeral Port Range



    Linux:




    Linux allows you to view and change the ephemeral port range by simply
    using the file /proc/sys/net/ipv4/ip_local_port_range. For example,
    this shows the default configuration on a kernel 2.2 system:



    $ cat /proc/sys/net/ipv4/ip_local_port_range 
    1024 4999


    To change this to the preferred range, you could do (as superuser):



    # echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range 


    Note that you would need to do this each time the system boots, so be
    sure to add a line to a system startup script such as /etc/rc.local
    so your range is always used.



    Also note that the Linux 2.4 kernel will default the range of 32768
    through 61000 if adequate kernel memory is available, so changing the
    range may not be necessary on newer Linux systems.



    Finally, also note that you may be able to use the sysctl interface
    to change the settings rather than using the /proc filesystem. The
    name of the sysctl parameter is "net.ipv4.ip_local_port_range".
    Edit the /etc/sysctl.conf file if you have it, or have a startup
    script run the sysctl command manually if you want to change this
    parameter using sysctl.




    Windows Vista/Windows Server 2008 and newer:




    As of Windows Vista and Windows Server 2008, Windows now uses a large
    range (49152-65535) by default, according to Microsoft Knowledgebase
    Article 929851. That same article also shows how you can change
    the range if desired, but the default range is now sufficient for most
    servers.




    Source Changing the Ephemeral Port Range




    You can view the dynamic port range on a computer that is running
    Windows Vista or Windows Server 2008 computer by using the following
    netsh commands:



    netsh int ipv4 show dynamicport tcp
    netsh int ipv4 show dynamicport udp
    netsh int ipv6 show dynamicport tcp
    netsh int ipv6 show dynamicport udp


    Notes:




    • The range is set separately for each transport and for each version of IP.

    • The port range is now truly a range with a starting point and with an endpoint.

    • Microsoft customers who deploy servers that are running Windows Server 2008 may have problems with RPC communication between servers
      if firewalls are used on the internal network.

    • In these cases, we recommend that you reconfigure the firewalls to allow for traffic between servers in the dynamic port range of 49152
      through 65535.

    • This range is in addition to well-known ports that are used by services and by applications.

    • Or, the port range that is used by the servers can be modified on each server.


    You adjust this range by using the netsh command, as follows:



    netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range


    This command sets the dynamic port range for TCP. The start port is
    number, and the total number of ports is range. The following are
    sample commands:



    netsh int ipv4 set dynamicport tcp start=10000 num=1000
    netsh int ipv4 set dynamicport udp start=10000 num=1000
    netsh int ipv6 set dynamicport tcp start=10000 num=1000
    netsh int ipv6 set dynamicport udp start=10000 num=1000


    These sample commands set the dynamic port range to start at port
    10000 and to end at port 10999 (1000 ports).



    Notes:




    • The minimum range of ports that can be set is 255.

    • The minimum starting port that can be set is 1025.

    • The maximum end port (based on the range being configured) cannot exceed 65535.

    • To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and
      UDP. This results in a start port of 1025 and an end port of 5000.




    Source Microsoft Knowledgebase Article 929851:



    Windows XP and older:




    For older Windows operating systems (Windows XP and older), Windows
    uses the traditional BSD range of 1024 through 4999 for its ephemeral
    port range. Unfortunately it appears that you can only set the upper
    bound of the ephemeral port range. Here is information excerpted from
    Microsoft Knowledgebase Article 196271:




    • Start Registry Editor (Regedt32.exe).


    • Locate the following key in the registry:



      HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters




    • On the "Edit" menu, click "Add Value", and then add the following registry value:



      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 (for
      example)



      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)



      Description: This parameter controls the maximum port number used
      when an application requests any available user port from the system.
      Normally, ephemeral (that is, short-lived) ports are allocated between
      the values of 1024 and 5000 inclusive.



    • Quit Registry Editor.



    Note: There is another relevant KB article (812873) which claims
    to allow you to set an exclusion range, which could mean that you
    could exclude ports 1024-9999 (for example) to have the ephemeral
    port range be 10000-65534. However, we have not been able to get
    this to work (as of October 2004).




    Source Changing the Ephemeral Port Range






    share|improve this answer














    How are local ports determined



    The port number is chosen by the TCP implementation software from a range of port numbers called Ephemeral Ports.



    The exact mechanism for choosing the port number and the range to be used is Operating System dependent.





    Is there a way of forcing it to be 63999.



    This can be done by changing the configuration of the TCP implementation software.



    Instructions on configuring the Ephemeral Ports range for a variety of different Operating Systems can be found at Changing the Ephemeral Port Range.




    • Instructions for Linux and Windows are included in this answer below for reference.


    However, it is not a good idea to restrict the range to a single port, for example 63999.





    • In fact on Windows this is not possible as:




      The minimum range of ports that can be set is 255.







    The Ephemeral Port Range




    A TCP/IPv4 connection consists of two endpoints, and each endpoint
    consists of an IP address and a port number. Therefore, when a client
    user connects to a server computer, an established connection can be
    thought of as the 4-tuple of (server IP, server port, client IP,
    client port).



    Usually three of the four are readily known -- client machine uses its
    own IP address and when connecting to a remote service, the server
    machine's IP address and service port number are required.



    What is not immediately evident is that when a connection is
    established that the client side of the connection uses a port number.
    Unless a client program explicitly requests a specific port number,
    the port number used is an ephemeral port number.



    Ephemeral ports are temporary ports assigned by a machine's IP stack,
    and are assigned from a designated range of ports for this purpose.
    When the connection terminates, the ephemeral port is available for
    reuse, although most IP stacks won't reuse that port number until the
    entire pool of ephemeral ports have been used.



    So, if the client program reconnects, it will be assigned a different
    ephemeral port number for its side of the new connection.




    Source The Ephemeral Port Range





    Changing the Ephemeral Port Range



    Linux:




    Linux allows you to view and change the ephemeral port range by simply
    using the file /proc/sys/net/ipv4/ip_local_port_range. For example,
    this shows the default configuration on a kernel 2.2 system:



    $ cat /proc/sys/net/ipv4/ip_local_port_range 
    1024 4999


    To change this to the preferred range, you could do (as superuser):



    # echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range 


    Note that you would need to do this each time the system boots, so be
    sure to add a line to a system startup script such as /etc/rc.local
    so your range is always used.



    Also note that the Linux 2.4 kernel will default the range of 32768
    through 61000 if adequate kernel memory is available, so changing the
    range may not be necessary on newer Linux systems.



    Finally, also note that you may be able to use the sysctl interface
    to change the settings rather than using the /proc filesystem. The
    name of the sysctl parameter is "net.ipv4.ip_local_port_range".
    Edit the /etc/sysctl.conf file if you have it, or have a startup
    script run the sysctl command manually if you want to change this
    parameter using sysctl.




    Windows Vista/Windows Server 2008 and newer:




    As of Windows Vista and Windows Server 2008, Windows now uses a large
    range (49152-65535) by default, according to Microsoft Knowledgebase
    Article 929851. That same article also shows how you can change
    the range if desired, but the default range is now sufficient for most
    servers.




    Source Changing the Ephemeral Port Range




    You can view the dynamic port range on a computer that is running
    Windows Vista or Windows Server 2008 computer by using the following
    netsh commands:



    netsh int ipv4 show dynamicport tcp
    netsh int ipv4 show dynamicport udp
    netsh int ipv6 show dynamicport tcp
    netsh int ipv6 show dynamicport udp


    Notes:




    • The range is set separately for each transport and for each version of IP.

    • The port range is now truly a range with a starting point and with an endpoint.

    • Microsoft customers who deploy servers that are running Windows Server 2008 may have problems with RPC communication between servers
      if firewalls are used on the internal network.

    • In these cases, we recommend that you reconfigure the firewalls to allow for traffic between servers in the dynamic port range of 49152
      through 65535.

    • This range is in addition to well-known ports that are used by services and by applications.

    • Or, the port range that is used by the servers can be modified on each server.


    You adjust this range by using the netsh command, as follows:



    netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range


    This command sets the dynamic port range for TCP. The start port is
    number, and the total number of ports is range. The following are
    sample commands:



    netsh int ipv4 set dynamicport tcp start=10000 num=1000
    netsh int ipv4 set dynamicport udp start=10000 num=1000
    netsh int ipv6 set dynamicport tcp start=10000 num=1000
    netsh int ipv6 set dynamicport udp start=10000 num=1000


    These sample commands set the dynamic port range to start at port
    10000 and to end at port 10999 (1000 ports).



    Notes:




    • The minimum range of ports that can be set is 255.

    • The minimum starting port that can be set is 1025.

    • The maximum end port (based on the range being configured) cannot exceed 65535.

    • To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and
      UDP. This results in a start port of 1025 and an end port of 5000.




    Source Microsoft Knowledgebase Article 929851:



    Windows XP and older:




    For older Windows operating systems (Windows XP and older), Windows
    uses the traditional BSD range of 1024 through 4999 for its ephemeral
    port range. Unfortunately it appears that you can only set the upper
    bound of the ephemeral port range. Here is information excerpted from
    Microsoft Knowledgebase Article 196271:




    • Start Registry Editor (Regedt32.exe).


    • Locate the following key in the registry:



      HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters




    • On the "Edit" menu, click "Add Value", and then add the following registry value:



      Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 (for
      example)



      Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)



      Description: This parameter controls the maximum port number used
      when an application requests any available user port from the system.
      Normally, ephemeral (that is, short-lived) ports are allocated between
      the values of 1024 and 5000 inclusive.



    • Quit Registry Editor.



    Note: There is another relevant KB article (812873) which claims
    to allow you to set an exclusion range, which could mean that you
    could exclude ports 1024-9999 (for example) to have the ephemeral
    port range be 10000-65534. However, we have not been able to get
    this to work (as of October 2004).




    Source Changing the Ephemeral Port Range







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Aug 29 '16 at 12:27

























    answered Aug 29 '16 at 10:29









    DavidPostill

    103k25223257




    103k25223257








    • 1




      For at least windows is seems like it is possible to restrict the port range system wide. In most cases this is probably a bad idea, especially restricting it to one port would be: See KB 929851, the commands listed at least work on Windows 7.
      – Seth
      Aug 29 '16 at 10:36










    • @Seth Yes. I was reluctant to mention this since the OP didn't mention his OS and I didn't want to expand the answer to cover N operating systems ...
      – DavidPostill
      Aug 29 '16 at 10:38












    • You're right about that. After all there are plenty of operating systems. It's just something I stumbled across while originally trying to answer this question. As your answer was up faster I just thought I'd add it. It's a really well written answer! :) Just added it as a hint that sometimes changing the configuration is sufficient rather than reprogramming (maybe my understanding is just different - for me that sounds akin to recompile).
      – Seth
      Aug 29 '16 at 10:45








    • 1




      In fact, in Linux too it is very simple: just do echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range. It is so simple that it can be done on a per-command basis.
      – MariusMatutiae
      Aug 29 '16 at 11:06






    • 2




      Rather than changing the ephemeral port range it would be much better to have the application call the bind system call before it calls connect. Some applications have an option to do that, other applications do not.
      – kasperd
      Aug 29 '16 at 19:24














    • 1




      For at least windows is seems like it is possible to restrict the port range system wide. In most cases this is probably a bad idea, especially restricting it to one port would be: See KB 929851, the commands listed at least work on Windows 7.
      – Seth
      Aug 29 '16 at 10:36










    • @Seth Yes. I was reluctant to mention this since the OP didn't mention his OS and I didn't want to expand the answer to cover N operating systems ...
      – DavidPostill
      Aug 29 '16 at 10:38












    • You're right about that. After all there are plenty of operating systems. It's just something I stumbled across while originally trying to answer this question. As your answer was up faster I just thought I'd add it. It's a really well written answer! :) Just added it as a hint that sometimes changing the configuration is sufficient rather than reprogramming (maybe my understanding is just different - for me that sounds akin to recompile).
      – Seth
      Aug 29 '16 at 10:45








    • 1




      In fact, in Linux too it is very simple: just do echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range. It is so simple that it can be done on a per-command basis.
      – MariusMatutiae
      Aug 29 '16 at 11:06






    • 2




      Rather than changing the ephemeral port range it would be much better to have the application call the bind system call before it calls connect. Some applications have an option to do that, other applications do not.
      – kasperd
      Aug 29 '16 at 19:24








    1




    1




    For at least windows is seems like it is possible to restrict the port range system wide. In most cases this is probably a bad idea, especially restricting it to one port would be: See KB 929851, the commands listed at least work on Windows 7.
    – Seth
    Aug 29 '16 at 10:36




    For at least windows is seems like it is possible to restrict the port range system wide. In most cases this is probably a bad idea, especially restricting it to one port would be: See KB 929851, the commands listed at least work on Windows 7.
    – Seth
    Aug 29 '16 at 10:36












    @Seth Yes. I was reluctant to mention this since the OP didn't mention his OS and I didn't want to expand the answer to cover N operating systems ...
    – DavidPostill
    Aug 29 '16 at 10:38






    @Seth Yes. I was reluctant to mention this since the OP didn't mention his OS and I didn't want to expand the answer to cover N operating systems ...
    – DavidPostill
    Aug 29 '16 at 10:38














    You're right about that. After all there are plenty of operating systems. It's just something I stumbled across while originally trying to answer this question. As your answer was up faster I just thought I'd add it. It's a really well written answer! :) Just added it as a hint that sometimes changing the configuration is sufficient rather than reprogramming (maybe my understanding is just different - for me that sounds akin to recompile).
    – Seth
    Aug 29 '16 at 10:45






    You're right about that. After all there are plenty of operating systems. It's just something I stumbled across while originally trying to answer this question. As your answer was up faster I just thought I'd add it. It's a really well written answer! :) Just added it as a hint that sometimes changing the configuration is sufficient rather than reprogramming (maybe my understanding is just different - for me that sounds akin to recompile).
    – Seth
    Aug 29 '16 at 10:45






    1




    1




    In fact, in Linux too it is very simple: just do echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range. It is so simple that it can be done on a per-command basis.
    – MariusMatutiae
    Aug 29 '16 at 11:06




    In fact, in Linux too it is very simple: just do echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range. It is so simple that it can be done on a per-command basis.
    – MariusMatutiae
    Aug 29 '16 at 11:06




    2




    2




    Rather than changing the ephemeral port range it would be much better to have the application call the bind system call before it calls connect. Some applications have an option to do that, other applications do not.
    – kasperd
    Aug 29 '16 at 19:24




    Rather than changing the ephemeral port range it would be much better to have the application call the bind system call before it calls connect. Some applications have an option to do that, other applications do not.
    – kasperd
    Aug 29 '16 at 19:24













    8














    David Postill's answer is perfectly right. I would like just to add to it, by stressing that changing the ephemeral port range in Linux is so simple, that the OP has an affirmative answer.



    You change the EPR as follows:



    echo "40000 60000" > /proc/sys/net/ipv4/ip_local_port_range 


    and you can select port 50000 (as an example) with the following script:



    OLD_RANGE=$(cat /proc/sys/net/ipv4/ip_local_port_range)
    MY_PORT=50000
    echo "$MY_PORT $MY_PORT" > /proc/sys/net/ipv4/ip_local_port_range
    sudo -u SomeUser SomeApplication &
    echo $OLD_RANGE" > /proc/sys/net/ipv4/ip_local_port_range


    One caveat here: since there is a single port in the range, another application might snatch it away from you between the execution of the third and the fourth lines above; also, even if there is no race condition, you will paralyze all other applications until you restore a large EPR, which is why I restored the original range as soon as possible.



    Thus, if the OPs' operating system had been Linux, the answer would have been that it could easily be done.



    Amazingly, this is not as straightforward on BSDs, some of which do not even have a runtime kernel setting for the EPR. MacOS X, FreeBSD and OpenBSD require modifying the file /etc/sysctl.conf, but they have different choices for the EPR.



    Regardless of the above and of the OS, the fact that something can be done does not mean it ought to be done: why on Earth do you need this? I cannot think of a single use case.






    share|improve this answer























    • For Linux example +1.
      – DavidPostill
      Aug 29 '16 at 11:38










    • Hehe. BSD/OS requires recompiling the kernel :)
      – DavidPostill
      Aug 29 '16 at 11:54






    • 1




      @DavidPostill That's a major bummer.
      – MariusMatutiae
      Aug 29 '16 at 12:00










    • There is a flaw in your code example. Your type cast is very misplaced. Additionally it would be a good idea to make BIND_PORT optional, such that the code still can be used in exactly the same way as the original. I think htons(bind_port_env ? atoi(bind_port_env) : 0) would do the right thing.
      – kasperd
      Aug 30 '16 at 19:11
















    8














    David Postill's answer is perfectly right. I would like just to add to it, by stressing that changing the ephemeral port range in Linux is so simple, that the OP has an affirmative answer.



    You change the EPR as follows:



    echo "40000 60000" > /proc/sys/net/ipv4/ip_local_port_range 


    and you can select port 50000 (as an example) with the following script:



    OLD_RANGE=$(cat /proc/sys/net/ipv4/ip_local_port_range)
    MY_PORT=50000
    echo "$MY_PORT $MY_PORT" > /proc/sys/net/ipv4/ip_local_port_range
    sudo -u SomeUser SomeApplication &
    echo $OLD_RANGE" > /proc/sys/net/ipv4/ip_local_port_range


    One caveat here: since there is a single port in the range, another application might snatch it away from you between the execution of the third and the fourth lines above; also, even if there is no race condition, you will paralyze all other applications until you restore a large EPR, which is why I restored the original range as soon as possible.



    Thus, if the OPs' operating system had been Linux, the answer would have been that it could easily be done.



    Amazingly, this is not as straightforward on BSDs, some of which do not even have a runtime kernel setting for the EPR. MacOS X, FreeBSD and OpenBSD require modifying the file /etc/sysctl.conf, but they have different choices for the EPR.



    Regardless of the above and of the OS, the fact that something can be done does not mean it ought to be done: why on Earth do you need this? I cannot think of a single use case.






    share|improve this answer























    • For Linux example +1.
      – DavidPostill
      Aug 29 '16 at 11:38










    • Hehe. BSD/OS requires recompiling the kernel :)
      – DavidPostill
      Aug 29 '16 at 11:54






    • 1




      @DavidPostill That's a major bummer.
      – MariusMatutiae
      Aug 29 '16 at 12:00










    • There is a flaw in your code example. Your type cast is very misplaced. Additionally it would be a good idea to make BIND_PORT optional, such that the code still can be used in exactly the same way as the original. I think htons(bind_port_env ? atoi(bind_port_env) : 0) would do the right thing.
      – kasperd
      Aug 30 '16 at 19:11














    8












    8








    8






    David Postill's answer is perfectly right. I would like just to add to it, by stressing that changing the ephemeral port range in Linux is so simple, that the OP has an affirmative answer.



    You change the EPR as follows:



    echo "40000 60000" > /proc/sys/net/ipv4/ip_local_port_range 


    and you can select port 50000 (as an example) with the following script:



    OLD_RANGE=$(cat /proc/sys/net/ipv4/ip_local_port_range)
    MY_PORT=50000
    echo "$MY_PORT $MY_PORT" > /proc/sys/net/ipv4/ip_local_port_range
    sudo -u SomeUser SomeApplication &
    echo $OLD_RANGE" > /proc/sys/net/ipv4/ip_local_port_range


    One caveat here: since there is a single port in the range, another application might snatch it away from you between the execution of the third and the fourth lines above; also, even if there is no race condition, you will paralyze all other applications until you restore a large EPR, which is why I restored the original range as soon as possible.



    Thus, if the OPs' operating system had been Linux, the answer would have been that it could easily be done.



    Amazingly, this is not as straightforward on BSDs, some of which do not even have a runtime kernel setting for the EPR. MacOS X, FreeBSD and OpenBSD require modifying the file /etc/sysctl.conf, but they have different choices for the EPR.



    Regardless of the above and of the OS, the fact that something can be done does not mean it ought to be done: why on Earth do you need this? I cannot think of a single use case.






    share|improve this answer














    David Postill's answer is perfectly right. I would like just to add to it, by stressing that changing the ephemeral port range in Linux is so simple, that the OP has an affirmative answer.



    You change the EPR as follows:



    echo "40000 60000" > /proc/sys/net/ipv4/ip_local_port_range 


    and you can select port 50000 (as an example) with the following script:



    OLD_RANGE=$(cat /proc/sys/net/ipv4/ip_local_port_range)
    MY_PORT=50000
    echo "$MY_PORT $MY_PORT" > /proc/sys/net/ipv4/ip_local_port_range
    sudo -u SomeUser SomeApplication &
    echo $OLD_RANGE" > /proc/sys/net/ipv4/ip_local_port_range


    One caveat here: since there is a single port in the range, another application might snatch it away from you between the execution of the third and the fourth lines above; also, even if there is no race condition, you will paralyze all other applications until you restore a large EPR, which is why I restored the original range as soon as possible.



    Thus, if the OPs' operating system had been Linux, the answer would have been that it could easily be done.



    Amazingly, this is not as straightforward on BSDs, some of which do not even have a runtime kernel setting for the EPR. MacOS X, FreeBSD and OpenBSD require modifying the file /etc/sysctl.conf, but they have different choices for the EPR.



    Regardless of the above and of the OS, the fact that something can be done does not mean it ought to be done: why on Earth do you need this? I cannot think of a single use case.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Sep 1 '16 at 6:22

























    answered Aug 29 '16 at 11:19









    MariusMatutiae

    38.1k95195




    38.1k95195












    • For Linux example +1.
      – DavidPostill
      Aug 29 '16 at 11:38










    • Hehe. BSD/OS requires recompiling the kernel :)
      – DavidPostill
      Aug 29 '16 at 11:54






    • 1




      @DavidPostill That's a major bummer.
      – MariusMatutiae
      Aug 29 '16 at 12:00










    • There is a flaw in your code example. Your type cast is very misplaced. Additionally it would be a good idea to make BIND_PORT optional, such that the code still can be used in exactly the same way as the original. I think htons(bind_port_env ? atoi(bind_port_env) : 0) would do the right thing.
      – kasperd
      Aug 30 '16 at 19:11


















    • For Linux example +1.
      – DavidPostill
      Aug 29 '16 at 11:38










    • Hehe. BSD/OS requires recompiling the kernel :)
      – DavidPostill
      Aug 29 '16 at 11:54






    • 1




      @DavidPostill That's a major bummer.
      – MariusMatutiae
      Aug 29 '16 at 12:00










    • There is a flaw in your code example. Your type cast is very misplaced. Additionally it would be a good idea to make BIND_PORT optional, such that the code still can be used in exactly the same way as the original. I think htons(bind_port_env ? atoi(bind_port_env) : 0) would do the right thing.
      – kasperd
      Aug 30 '16 at 19:11
















    For Linux example +1.
    – DavidPostill
    Aug 29 '16 at 11:38




    For Linux example +1.
    – DavidPostill
    Aug 29 '16 at 11:38












    Hehe. BSD/OS requires recompiling the kernel :)
    – DavidPostill
    Aug 29 '16 at 11:54




    Hehe. BSD/OS requires recompiling the kernel :)
    – DavidPostill
    Aug 29 '16 at 11:54




    1




    1




    @DavidPostill That's a major bummer.
    – MariusMatutiae
    Aug 29 '16 at 12:00




    @DavidPostill That's a major bummer.
    – MariusMatutiae
    Aug 29 '16 at 12:00












    There is a flaw in your code example. Your type cast is very misplaced. Additionally it would be a good idea to make BIND_PORT optional, such that the code still can be used in exactly the same way as the original. I think htons(bind_port_env ? atoi(bind_port_env) : 0) would do the right thing.
    – kasperd
    Aug 30 '16 at 19:11




    There is a flaw in your code example. Your type cast is very misplaced. Additionally it would be a good idea to make BIND_PORT optional, such that the code still can be used in exactly the same way as the original. I think htons(bind_port_env ? atoi(bind_port_env) : 0) would do the right thing.
    – kasperd
    Aug 30 '16 at 19:11











    0














    It's worth adding that Linux kernel also has



    net.ipv4.ip_local_reserved_ports



    knob that does somewhat opposite but nevertheless it might be very useful because that way you can "punch a hole" for services that open specific port(s) in otherwise ephemeral range of ports.



    Brief excerpt from the docs:




    Specify the ports which are reserved for known third-party
    applications. These ports will not be used by automatic port
    assignments (e.g. when calling connect() or bind() with port
    number 0). Explicit port allocation behavior is unchanged.



    The format used for both input and output is a comma separated
    list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
    10). Writing to the file will clear all previously reserved
    ports and update the current list with the one given in the
    input.







    share|improve this answer


























      0














      It's worth adding that Linux kernel also has



      net.ipv4.ip_local_reserved_ports



      knob that does somewhat opposite but nevertheless it might be very useful because that way you can "punch a hole" for services that open specific port(s) in otherwise ephemeral range of ports.



      Brief excerpt from the docs:




      Specify the ports which are reserved for known third-party
      applications. These ports will not be used by automatic port
      assignments (e.g. when calling connect() or bind() with port
      number 0). Explicit port allocation behavior is unchanged.



      The format used for both input and output is a comma separated
      list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
      10). Writing to the file will clear all previously reserved
      ports and update the current list with the one given in the
      input.







      share|improve this answer
























        0












        0








        0






        It's worth adding that Linux kernel also has



        net.ipv4.ip_local_reserved_ports



        knob that does somewhat opposite but nevertheless it might be very useful because that way you can "punch a hole" for services that open specific port(s) in otherwise ephemeral range of ports.



        Brief excerpt from the docs:




        Specify the ports which are reserved for known third-party
        applications. These ports will not be used by automatic port
        assignments (e.g. when calling connect() or bind() with port
        number 0). Explicit port allocation behavior is unchanged.



        The format used for both input and output is a comma separated
        list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
        10). Writing to the file will clear all previously reserved
        ports and update the current list with the one given in the
        input.







        share|improve this answer












        It's worth adding that Linux kernel also has



        net.ipv4.ip_local_reserved_ports



        knob that does somewhat opposite but nevertheless it might be very useful because that way you can "punch a hole" for services that open specific port(s) in otherwise ephemeral range of ports.



        Brief excerpt from the docs:




        Specify the ports which are reserved for known third-party
        applications. These ports will not be used by automatic port
        assignments (e.g. when calling connect() or bind() with port
        number 0). Explicit port allocation behavior is unchanged.



        The format used for both input and output is a comma separated
        list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
        10). Writing to the file will clear all previously reserved
        ports and update the current list with the one given in the
        input.








        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 13 '18 at 4:18









        poige

        17418




        17418






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1118735%2fhow-are-source-ports-determined-and-how-can-i-force-it-to-use-a-specific-port%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

            Alcedinidae

            Origin of the phrase “under your belt”?