Ephemeral / Dynamic Ports
An ephemeral port is a short-lived TCP, UDP, or SCTP connection that is temporarily available for the duration of a communication session. These are typically used on the client-end of a client-server communication. On the server end, they can be used for a continuation of communication after establishing connection at a well-known port. The IANA (Internet Assigned Numbers Authority) guidelines suggest that the range for ephemeral ports be assigned from 49152-65535.
By default, most modern versions of Windows will use the IANA guidelines. These can be restricted further or changed on a machine basis. Below is the list of commonly used ports by operating system:
- Windows 2003 – 1025-5000 (MS08-037 released in 2008 changes it to IANA)
- Windows Server 2008 w/ Exchange Server 2007 – 1025-60000
- Up to Windows XP – 1025-5000
- Windows Vista, 7, 2008 – 49152-65535
With SQL now being allowed on Linux, it’s possible you may need to know the default ports for it as well. Most Linux kernels will use the default range of 32768-61000.
All versions of Windows that are newer than Windows 2000 allow for the default range to be adjusted. To see the currently assigned ephemeral ports, you can open command prompt and type the following:
netsh int ipv4 show dynamicport tcp
The output of this will show you the starting value of the dynamic port as well how many ephemeral ports have been assigned to this machine for use (49162 + Number of Ports – 1) with an end value of 65535. This process can be repeated by changing tcp to udp as well as ipv4 to ipv6.
The range for the ephemeral ports can be adjusted on a per machine basis by typing the following command in a command prompt:
netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range
This operation requires elevated permissions to complete. Following the ‘Ok.’ confirmation, the show command can be used to verify the settings have been correctly applied.
We can determine the expected well-known ports that BadgePass will use by looking at the port column of the dbo.EndpointAddress table. Once connection has been established, communication should be handed off to the ephemeral ports range. By default, the BadgePass Server service uses port 6217. If we want to see what ephemeral ports a service are being redirected to, we can issue a command with netstat to see which ports are being used.
netstat -na | find “6217”
The columns are arranged as follows: Protocol, Local Address, Foreign Address, State. In the example above, we can see 3 ephemeral ports in use. The server has opened port 61608 to communicate with the client’s port 6217. The client has opened ephemeral port 61608 and established a successful connection to the server’s port 6217. The client has also attempted to connect on ephemeral port 61411 to the server’s port 6217 and is currently waiting for the connection to be established. Once communication has ceased, these ports will be destroyed and can be reused by other applications. This can be verified by checking the same command again to see new results:
