Ephemeral port range question

Toggle sidebar Toggle sidebar
S

sam1275tom

Reputable
Oct 13, 2014
462
0
4,860
Hello.
First please look at these:
https://en.wikipedia.org/wiki/Ephemeral_port
https://support.microsoft.com/en-us/help/929851/the-default-dynamic-port-range-for-tcp-ip-has-changed-in-windows-vista-and-in-windows-server-2008
I understand these port range are for outgoing connections per local IP, but for a typical home condition that only have 1 IP on the PC, does the values limiting all outgoing connections, or per destination?
For example, I set "netsh int ipv4 set dynamicport tcp start=10000 num=1000", then I begin to trying establish ipv4 TCP connections to 5 different IPs on the internet as many as I can, will I be able to establish 1000 connections in total, or 5000 in total(1000 per IP)?
Thanks.
 
Solution
B
There are only 65K ports total that you can use. The limit is per machine...not assuming crazy stuff like multiple nic or VM. Although not a realistic limit all the machines in your house share the 65k group of ports the router has. So even though 2 machines in your house would have more than 65k ports when they pass through the router they now share the routers pool of ports since they are sharing the wan ip.

I forget how many ports you can actually really use. It causes strange issue if your router would use port 80 for a source port.
Sort by date Sort by votes
There are only 65K ports total that you can use. The limit is per machine...not assuming crazy stuff like multiple nic or VM. Although not a realistic limit all the machines in your house share the 65k group of ports the router has. So even though 2 machines in your house would have more than 65k ports when they pass through the router they now share the routers pool of ports since they are sharing the wan ip.

I forget how many ports you can actually really use. It causes strange issue if your router would use port 80 for a source port.
 
Upvote 0 Downvote
Solution


Thank you very much.
It's so confusing that I just got an opposite answer on another forum: https://serverfault.com/questions/841943/ephemeral-port-range
I picked your answer as solution, but I think this questions is still not solved to me...
Also you mentioned routers, I played a lot with them, some of them do have a upper limit of 65536 conntracks (DD-WRT), but others don't, my OpenWRT can set it to any number, and my Mikrotik set it automatically based on RAM, I saw >200k connection slots on one of them, however that's maybe for multi-IP scenario.
Thank you again and welcome to discuss if you like.
 
Upvote 0 Downvote
This is one of those fundamental things based on how IP works. Look at one of the diagrams of ip packets. You will see the IP address field and the port field. The size of the port field can only hold a number that big. When packets are sent from the machine assuming you only have a single ip you can't create more ports than that.

Commercial routers can have large pools of addresses so then you get 65k per ip address.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom