Windows TCP/IP temporary, reserved, and blocked port behavior

TCP and UDP use port numbers to identify source and target applications. For typical client-server protocols, such as those used for Web and e-mail access, communication is initiated by client computers. Server applications typically listen to well-known TCP or UDP ports, which are assigned by the Internet Number allocation Authority (IANA). For source ports, client applications typically query the operating system for dynamically allocated TCP or UDP ports that are no longer occupied by other applications. When an application request is then bound to a dynamically allocated port, this is what is commonly referred to as a wildcard binding.

Dynamically allocated ports are also known as ephemeral ports. The term "temporary" does not mean that the lifetime of the port must be short. For example, a port for a Hypertext Transfer protocol shuts down immediately after the data transfer is complete. Temporary means that the client application port has a relatively short lifetime compared to the server application ports that are typically kept open during the entire server computer run (at most, only when the application is running).

Client computers use ephemeral ports instead of well-known ports to prevent conflicts with local services that may use well-known ports. For example, a computer running Microsoft Windows XP may use Internet Explorer and may also run Internet Information Services (IIS). When Internet Explorer accesses a webpage, it cannot use TCP port 80 as the source port because the local port may have been occupied by IIS. If two applications are designed to exclusively use the same port, only one of the applications can run successfully at a time.

Ephemeral Ports

In Microsoft Windows XP or Windows Server 2003, the maximum value for a temporary TCP or UDP port number that is assigned to an application by a Windows socket is controlled by the registry setting MaxUserPort, and the default value of this parameter is 5 000. The ephemeral port is numbered starting with port number 1025. Therefore, by default, Windows XP or Windows Server 2003 assigns a number ranging from 1025 to 5000 for applications that perform a wildcard binding.

To change the maximum number of ephemeral ports on a computer that is running Windows XP or Windows Server 2003, do the following:

1.	Click Start , click Run , type regedit.exe, and then click OK .
2.	Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3.	On the Edit menu, point to New , and then click DWORD Value .
4.	Type MaxUserPort, and then press ENTER.
5.	Double-click the maxuserport value, and then type the maximum value in decimal or hexadecimal. The numeric value you type must be between 5000¨c65534 (decimal). If the value set by this parameter is outside the valid range, the closest valid value (5000 or 65534) is used.
6.	Click OK .
7.	Quit Registry Editor.

Warning If you use Registry Editor incorrectly, you may cause serious problems that require you to reinstall your operating system. Microsoft cannot guarantee that you will be able to resolve problems caused by using Registry Editor incorrectly. You are solely responsible for the risks associated with using Registry Editor.

You must restart the computer for the MaxUserPort registry setting change to take effect.

If your application uses a wildcard binding to open a large number of connections at the same time, you may only need to change this value and make sure that the application does not run out of available ephemeral ports. For example, a data backup application that transmits a large number of small files using File Transfer Protocol (FTP) may run out of ephemeral ports.

Port Retention

With port retention, an application can prevent a range of ports from being allocated during a wildcard binding. However, retaining a port range does not prevent the application from performing a specific binding within the reserved range (requesting a specific port). When the port range is reserved, the selected port number continuous range must be set from 1025 to MaxUserPort (the default is 5000) or from 49152 to 65535. Multiple client applications can retain the same scope. When you cancel a hold (delete a hold), the Windows socket removes the first entry it finds that is fully contained within the cancel hold request.

You can also specify the range of reserved ports through the registry by performing the following actions:

1.	Click Start , click Run , type regedit.exe, and then click OK .
2.	Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3.	On the Edit menu, point to New , and then click Multi-string value .
4.	Type reservedports, and then press ENTER.
5.	Double-click the reservedports value and type the port range using the following syntax: X-y To specify a single port, use the same values for x and Y. For example, to specify Port 4000, type 4000-4000.
6.	Click OK .
7.	Quit Registry Editor.

Port blocking

With port blocking, applications can prevent other applications from performing specific bindings to ports within a specified range. When the port range is blocked, the range of contiguous port numbers that the application chooses must be between the MaxUserPort setting value (the default is 5000) + 1 and 49151 for Windows XP and Windows Server 2003 that do not have a service pack installed, or 65535 for Wi Ndows Server 2003 Service Pack 1). Existing bindings to ports within the blocked port range cannot exist. The Windows socket returns the last port number in the blocked range as a handle. When the blockade is unblocked (unblock), the Windows sockets release a blocking range that has the same left border as the unblock request.

Port Range

For computers running Windows XP or Windows Server 2003 that do not have a service pack installed, a different port range is given below:

•	Well-known port range (reserved by IANA): 0 to 1023
•	Ephemeral port range (for wildcard bindings): 1025 to MaxUserPort registry setting value
•	Can be used as a specific port (for a specific binding): Any unblocked port from 0 to 65535
•	Reserved ports available Range: 1025 to MaxUserPort and 49152 to 65535
•	The available range of blocked ports: MaxUserPort + 1 to 49151 (unless the value of MaxUserPort is set to 49152 or higher, in which case no port range can be blocked)

Different port ranges are displayed for computers that are running Windows XP or Windows Server 2003 that do not have a service pack installed.

While it is meaningful to separate the well-known port ranges, the range of ports that can be retained, and the range of blocked ports, it is sometimes necessary to set MaxUserPort to a value higher than 49152 and to block ports. In order to service port requests and maintain backward compatibility, Windows Server 2003 Service Pack 1 (SP1) allows ports to be blocked within the reserved range. Therefore, for Windows Server 2003 SP1, the scope is as follows:

•	Well-known port range (reserved by IANA): 0 to 1023
•	Ephemeral port range: 1025 to MaxUserPort registry setting value
•	Can be used as a specific port: any unblocked port from 0 to 65535
•	Reserved ports available Range: 1025 to MaxUserPort and 49152 to 65535
•	Available range of blocked ports: MaxUserPort + 1 to 65535

For computers running Windows Server 2003 with SP1, different port ranges are displayed.

Windows TCP/IP temporary, reserved, and blocked port behavior