Ephemeral Source Port Selection Strategies
Thanks to all those who contribute updates and corrections to this page! If you would like to be acknowledged publicly for your contributions, please indicate so when you contact us and we will list your name here.
- Jon Zeolla for verifying the Microsoft Windows 8 port number range
Introduction
This page enumerates a variety of default ephemeral port usage and source port selection strategies known to be used by a variety of systems. We rely on community feedback to help us improve the accuracy and completeness of this page. Please send us your updates and corrections.
The table below summarizes the default ephemeral source port selection range and strategy used by modern systems. The strategy column denotes whether the values are derived from a global, system pool of values or a local, typically flow-specific pool based on some set of the 5-tuple (IP source address, IP destination address, protocol, source port and destination port) socket detail. It also denotes how subsequent values are chosen (e.g. sequential versus random). Following the table we discuss additional details about various implementations that cannot be easily summarized in the table with pointers and references to additional information.
Ephemeral Source Port Strategy Listing
| System | Port Number Range | Selection Strategy |
|---|---|---|
| AIX | 32768 - 65535 | N/A |
| Android | N/A | N/A |
| Apple iOS 7 | 49152 - 65535 | global, sequential (TCP), random (UDP) |
| Apple OS X 10.9 | 49152 - 65535 | global, sequential (TCP), random (UDP) |
| BlackBerry OS | N/A | N/A |
| BSD/OS | 49152 - 65535 | N/A |
| HP-UX | 49152 - 65535 | N/A |
| IRIX | 1024 - 65535 | N/A |
| Linux | 32768 - 61000 | local, random |
| FreeBSD 10.0 | 10000 - 65535 | global, random |
| Microsoft Windows 2000 | 1024 - 5000 | global, sequential |
| Microsoft Windows ME | N/A | N/A |
| Microsoft Windows XP | 1024 - 5000 | global, sequential |
| Microsoft Vista | 49152 - 65535 | N/A |
| Microsoft Windows 7 | 49152 - 65535 | N/A |
| Microsoft Windows 8 | 49152-65535 | N/A |
| Microsoft Windows 8.1 | N/A | N/A |
| Microsoft Windows 10 | N/A | N/A |
| Microsoft Server 2003 | 1024 - 5000 | global, sequential |
| Microsoft Server 2008 | 49152 - 65535 | N/A |
| Microsoft Server 2012 | N/A | N/A |
| Microsoft Server 2016 | N/A | N/A |
| NetBSD | 49152 - 65535 | N/A |
| OpenBSD | 1024 - 49151 | global, random |
| QNX | N/A | N/A |
| Solaris | 32768 - 65535 | N/A |
| Symbian | N/A | N/A |
| HP Tru64 UNIX | 1024 - 5000 | N/A |
System-specific Notes
Apple OS X
Mac OS X has leveraged some of the FreeBSD networking stack, so in this
regard Mac OS X and FreeBSD are similar. However, FreeBSD changes may
not find their way into Mac OS X at the same pace, if at all as is the
case with ephemeral source port selection. As of this writing, the
current version of OS X implements a slightly different default and
older version of ephemeral source port selection strategy from an
earlier release of FreeBSD. At a Mac OS X terminal prompt run
sysctl -a | grep port to see the current settings
(net.inet.ip.portrange.first and
net.inet.ip.portrange.last are the default port range
settings and the OS X specific option
net.inet.udp.randomize_ports option is enabled by default,
while the TCP equivalent is disabled).
FreeBSD
As of FreeBSD 10.0 the default ephemeral port range is between 10,000
and 65,535 inclusive, but applications that utilize the socket functions
can alter the ephemeral port range by setting the socket option to one
of the non-default values. The default value is specified by the macro
IP_PORTRANGE_DEFAULT (10000 - 65535) and defined in
/usr/include/netinet/in.h. There are also the
IP_PORTRANGE_HIGH (49152-65535) and
IP_PORTRANGE_LOW (0-1023) macros, but the last one requires
root privileges.
Microsoft
In Microsoft Server 2000 and Windows XP the upper range of ephemeral
source ports can be configured by setting the MaxUserPort
value in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
to an integer between 5000 and 65534.
NetBSD
As of NetBSD 6.1.5 the default ephemeral port range is between 49152 and
65535 inclusive, but applications that utilize socket functions can
alter the ephemeral range by setting the socket option to one of the
non-default values. The default minimum value is specified by the macro
IPPORT_ANONMIN, while the maximum is specified by the macro
IPPORT_ANONMAX both defined in
/src/sys/netinet/in.h.
OpenBSD
As of OpenBSD 5.5 the default ephemeral port range is between 1024 and
49,151 inclusive, but applications that utilize the socket functions can
alter the ephemeral port range by setting a socket option to one of the
non-default values much like FreeBSD. The default value is specified by
the macro IP_PORTRANGE_DEFAULT (1024-49151) and defined in /usr/include/netinet/in.h. There are also the
IP_PORTRANGE_HIGH (49152-65535) and
IP_PORTRANGE_LOW (0-1023) macros, but the last one requires
root privileges.
References
- Comments on Selecting Ephemeral Ports, Mark Allman, ACM Computer Communications Review, April 2009
- Recommendations for Transport-Prototocol Port Randomization, IETF RFC 6056 / BCP 156, January 2011
- IANA Service Name and Transport Protocol Port Number Registry
- NcFTP’s The Ephemeral Port Range
- Improving TCP/IP security through randomization without sacrificing interoperability, Michael James Silbersack, EuroBSDCon 2005
- Ops: TCP port 1024 and 3072 traffic, John Kristoff, Team Cymru blog, March 4, 2011
- Avoiding TCP/IP Port Exhaustion on Microsoft Server 2003 and Windows XP
- You cannot exclude ports by using the ReservedPorts registry key in Windows Server 2008 or in Windows Server 2008 R2
- Microsoft Windows 2000 TCP/IP Implementation Details
- The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008
- IETF RFC 6056 - Recommendations for Transport-Protocol Port Randomization