Ephemeral port - What is Ephemeral ports and it's Scope? - BRS MEDIA TECHNOLOGIES
Ephemeral ports

Ephemeral port – What is Ephemeral ports and it’s Scope?

An ephemeral port is a communications endpoint (port) of a transport layer protocol of the Internet protocol suite that is used for only a short period of time for the duration of a communication session. Such short-lived ports are allocated automatically within a predefined range of port numbers by the IP stack software of a computer operating system.

  • The Transmission Control Protocol (TCP),
  • The User Datagram Protocol (UDP), and
  • The Stream Control Transmission Protocol (SCTP) typically use an ephemeral port for the client-end of a client–server communication. At the server end of the communication session, ephemeral ports may also be used for continuation of communications with a client that initially connected to one of the services listening with a well-known port. For example,
  • The Trivial File Transfer Protocol (TFTP) and Remote Procedure Call (RPC) applications can behave in this manner.

The allocation of an ephemeral port is temporary and only valid for the duration of the communication session. After completion of the session, the port is destroyed and the port number becomes available for reuse, but many implementations simply increment the last used port number until the ephemeral port range is exhausted, when the numbers roll over. Ephemeral ports are also called dynamic ports, because they are used on a per request basis, and are only known by number once allocated.

  • The RFC 6056 says that the range for ephemeral ports should be 1024–65535.
  • The Internet Assigned Numbers Authority (IANA) and RFC 6335 suggests the range 49152–65535 (215 + 214 to 216 − 1) for dynamic or private ports.

What that means is, when a client initiates a request it choose a random port from ephemeral port range and it expects the response at that port only.

When we say that the client initiates an HTTPs or HTTP request it actually means that the destination port is 443 or 80. It is NOT the sender port.

For HTTPS, the outbound rule allows the response at port 443. Now, this doesn’t allow outbound HTTPS traffic because that is not the port from which request was initiated. For the request to succeed we would have to set Outbound Port Range to 1024-65535 and NOT to 443.

As discussed above, the client that initiates the request chooses the ephemeral port range. So in order to allow outbound IPv4 responses to clients, for example serving web pages to people visiting the web servers in the subnet, you need to allow traffic through the ephemeral ports depending on the clients.

This diagram depicts the communication between a client and a server. As an example port 24000 (i.e. of the ephemeral ports) is shown here. Although there are a lot of other fields in an IP packet, I have shown only a few of them to make you understand the concept. Since we don’t know what source port client’s OS going to choose we have to specify an ephemeral port range in the outbound rules of NACL to allow the response back to the client.

Ephemeral port used by Operating Systems

  • Many Linux kernels use the port range 32768–60999.
  • FreeBSD has used the IANA port range since release 4.6. Previous versions, including the Berkeley Software Distribution (BSD), use ports 1024–5000 as ephemeral ports.
  • Microsoft Windows operating systems through
    • Windows XP use the range 1025–5000 as ephemeral ports by default.
    • Windows Vista, Windows 7, and Server 2008 use the IANA range by default.
    • Windows Server 2003 uses the range 1025–5000 by default, until Microsoft security update MS08-037 from 2008 is installed, after which it uses the IANA range by default.
    • Windows Server 2008 with Exchange Server 2007 installed has a default port range of 1025–60000.
    • In addition to the default range, all versions of Windows since Windows 2000 have the option of specifying a custom range anywhere within 1025–65535.
  • Solaris OS uses 32768–65535 range.
  • Elastic load balancers and NAT gateways use port 1024-65535.
  • AWA Lamda function uses port 1024-65535


Key Terms:

  • Ephemeral port
  • ,
  • Open Source Software
  • ,
  • UFW Firewall on Ubuntu

Related Article

yEd Graph Editor.

yEd Graph Editor

What is yEd Graph Editor and How to Install yED Software in Ubuntu?yEd supports a wide variety of diagram types. […]

internet browser logos

What every Browser knows about you

All this data can be accessed by any website without asking you for any permission. Locations – This is an […]

Windows Run Commands

Useful Windows Run Commands for IT Automation

Contents1 Windows Run Command for IT Operation and Automation2 Here is a list of commands you can execute from the […]