How to View and Edit the Ephemeral Port Range on Linux

How to view and edit the ephemeral port range on Linux?

Following command will list the ephemeral port range in Linux system

sysctl net.ipv4.ip_local_port_range 

If we don't want to reboot, after editing /etc/sysctl.conf file if we execute following command it will be effective.

sysctl -p /etc/sysctl.conf .

The truth of the matter of effective range is output of

sysctl net.ipv4.ip_local_port_range 

as mentioned by eckes in comment.

How to change/view the ephemeral port range on Windows machines?

http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html#Windows says:

As of Windows Vista and Windows Server 2008, Windows now uses a large range (49152-65535) by default, according to Microsoft Knowledgebase Article 929851. That same article also shows how you can change the range if desired, but the default range is now sufficient for most servers.

For older Windows operating systems (Windows XP and older), Windows uses the traditional BSD range of 1024 through 4999 for its ephemeral port range. Unfortunately it appears that you can only set the upper bound of the ephemeral port range. Here is information excerpted from Microsoft Knowledgebase Article 196271:

• Start Registry Editor (Regedt32.exe).
• Locate the following key in the registry:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

• On the Edit menu, click Add Value, and then add the following registry value:

  Value Name: MaxUserPort Data Type: REG_DWORD Value: 65534 <for example>

  Valid Range: 5000-65534 (decimal) Default: 0x1388 (5000 decimal)

  Description: This parameter controls the maximum port number used when an application requests any available user port from the system. Normally, ephemeral (that is, short-lived) ports are allocated between the values of 1024 and 5000 inclusive.

• Quit Registry Editor.

Note: There is another relevant KB article (812873) which claims to allow you to set an exclusion range, which could mean that you could exclude ports 1024-9999 (for example) to have the ephemeral port range be 10000-65534. However, we have not been able to get this to work (as of October 2004).

How to let kernel choose a port number in the range (1024,5000) in TCP socket programming

Port numbers have a range of 0..65535 (although often 0 has special meaning). In the original BSD TCP implementation, only root can bind to ports 1..1023, and dynamically assigned ports were assigned from the range 1024..5000; the others were available for unprivileged static assignment. These days 1024..5000 is often not enough dynamic ports, and IANA has now officially designated the range 49152..65535 for dynamic port assignment. However even that is not enough dynamic ports for some busy servers, so the range is usually configurable (by an administrator). On modern Linux and Solaris systems (often used as servers), the default dynamic range now starts at 32768. Mac OS X and Windows Vista default to 49152..65535.

linux$ cat /proc/sys/net/ipv4/ip_local_port_range 
32768   61000

solaris$ /usr/sbin/ndd /dev/tcp tcp_smallest_anon_port tcp_largest_anon_port
32768

65535

macosx$ sysctl net.inet.ip.portrange.first net.inet.ip.portrange.last
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535

vista> netsh int ipv4 show dynamicport tcp
Protocol tcp Dynamic Port Range
---------------------------------
Start Port : 49152
Number of Ports : 16384 

How to limit zookeepers port range for incomming connections

To be clear a connection client > server, needs a listen port on the server and random ephemeral port on the client side. Accepting connection does not require an additional port.

Zookeeper listens (defaults) on the 2181 for the clients and on the 2888, 3888 for internal communication, no conflict. The most possibly your zookeeper established connection to another node, locally using ephemeral port.

Ephemeral ports are given randomly by the kernel from the range of systctl param - net.ipv4.ip_local_port_range. My current value is from 32768 to 60999.

Solutions

1. lower the port number for conflicting service.

2. add conflicting port number as reserved (not used by ephemerals) - ip_local_reserverd_ports

   sysctl -w net.ipv4.ip_local_reserved_ports="45455"
   

3. change ephemeral port range

   # my linux default is from 32768 to 60999
   sysctl -w net.ipv4.ip_local_port_range="45455 60999"
   

What is the range of ephemeral ports on mac?

Benchmarkers, Beware the Ephemeral Port Limit, a good article on the topic, addressing also the issue of TIME_WAIT for ephemeral ports. The port range on macOS can be displayed by:

>> sysctl net.inet.ip.portrange.first net.inet.ip.portrange.last
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.last: 65535

Is it Possible to select the ephemeral port number for any CLient Program in java

Yes, you specify the local address / portnumber:

Socket(InetAddress address, int port, InetAddress localAddr, int localPort)
      Creates a socket and connects it to the specified remote address on the specified remote port.

http://download.oracle.com/javase/6/docs/api/java/net/Socket.html#Socket%28java.net.InetAddress,%20int,%20java.net.InetAddress,%20int%29

Can I reuse (ephemeral) ports connecting to different hosts?

By default, the kernel will not reuse any in-use port for an ephemeral port, which may result in failures if you have 64K+ simultaneous ports in use.

You can explicitly reuse a port by using the SO_REUSEADDR socket option and explicitly binding to the same port. This only works if none of the ports are listening (you can't reuse a listening port), and if you connect each socket to a different remote address.

---

Related Topics