2.4. Ephemeral ports allocation

This section was written prior to the publication of the Windows TCP/IP Ephemeral, Reserved, and Blocked Port Behavior Microsoft article, which contains a detailed explanation of how TCP and UDP ports are used in Windows XP and Windows Server 2003.

In the TCP/IP model, dynamic ports are typically used as source port by a TCP or UDP client, to communicate with a remote TCP or UDP server, using a well-known port as destination port. In Windows systems, dynamic ports are also used by RPC services (in that case, a portmapper service is needed to find the appropriate RPC service).

When an application or driver requests a dynamic TCP or UDP port from the TCP/IP driver, the allocated port belongs by default to the 1025-5000 range (port 1024 is apparently never used on Windows systems).

The upper limit of this range can be changed, modifying the following registry value:

Key: HKLM\SYSTEM\CCS\Services\TcpIp\Parameters\
Value: MaxUserPort (REG_DWORD)
Default value: 5000 (decimal)

This range is shared for TCP and UDP ports. Moreover, dynamic ports are allocated incrementally. For example, if an application requests a TCP port and obtains TCP port 1025, the next application requesting a UDP port will obtain port 1026.

Exclusion from the dynamic port range can be configured with the ReservedPorts registry value:

Key: HKLM\SYSTEM\CCS\Services\TcpIp\Parameters\
Value: ReservedPorts (REG_MULTI_SZ)

Configuring this value can be necessary when some services need a fixed port in the lower part of the dynamic range, like 1080/tcp for a SOCKS proxy or 1433/tcp and 1434/udp for MS SQL Server. Otherwise, such ports may be dynamically allocated before services startup, which would cause the service start failure.

However, it seems that the ReservedPorts registry value is also used by the Windows 2000 IPv4 NAT driver [4], to determine which range can be used for source ports of NATed connections.