62

I've written a WCF Service hosted by a Windows Service and it needs to listen on a known TCP/IP port. From what range can I safely allocate a port for use within my organization? That port will be embedded in the config files for the service and the clients that are consuming the service.

Howard Pinsley
  • 11,300
  • 15
  • 49
  • 66
  • 1
    Duplicate of http://stackoverflow.com/questions/10476987/best-tcp-port-number-range-for-internal-applications – matt2000 Oct 21 '14 at 12:30
  • 2
    This is a useful question, and other answerers make a good case that the "accepted" answer (by Jorge Ferreira) is incorrect or at least incomplete, as do the answers on the question of which this is a duplicate. Is it possible to "unaccept" that answer? – Nat Kuhn Dec 17 '17 at 15:33
  • Possible duplicate of [Best TCP port number range for internal applications](https://stackoverflow.com/questions/10476987/best-tcp-port-number-range-for-internal-applications) – Mohammad Sadegh Sep 06 '18 at 05:36
  • @MohammadSadegh - I don't think this question is a duplicate. I think it is an *original*. The other similar questions mentioned in the comments seem to have been asked *after* this question. matt2000 holds a position similar to yours but I disagree with him also. Best!!! – Shawn Eary Jul 08 '21 at 22:25

6 Answers6

125

Ports 0-1023 are the Well Known Ports and are assigned by IANA. These should only be used for the assigned protocols on public networks.

Ports 1024-65535 used to be called Registered Port Numbers (see rfc1700) but are now split into two areas (see rfc6335).

Ports 1024-49151 are the User Ports and are the ones to use for your own protocols.

Ports 49152-65535 are the Dynamic ports and should not be prescribed to a protocol.

The User Ports can be used for any protocol, but there are a finite number, so your use will clash with someone elses use on some network somewhere. IANA keep a record of registered port numbers (0-49151). If your protocol will be used on public networks then you need to look into registering it with IANA. If you are only using it within your own network then pick a port within this area (1024-49151) and check that port against the IANA register to make sure it isn't used by a protocol that could be used on your network. For private use it is probably better to pick a number that is assigned to a protocol you know won't be used than to choose one that is unassigned and so may be assigned in the future.

Don't use a port number within the Dynamic range. These ports are assigned by the operating system, dynamically and somewhat randomly. If you open a client connection (using bind() with port=0) you will be assigned an unused port from the dynamic range. There is no way to guarantee that a port in this range will always be free for your protocol.

adrianwadey
  • 1,719
  • 2
  • 11
  • 17
  • Exactly. If you choose a port in the Dynamic range for you application, listening with WCF for example, there is no guarantee that the port is always free and not used by any other application, as Windows could always use this port for another applications opening an outgoing connection. – David Oliván Mar 26 '19 at 10:19
  • Strictly in terms of the question that is being asked, this answer appears to be fundamentally wrong; the clue seeming to be the "assigned by IANA" comment (& "never assigned" hint at the right answer) within section # 6 of the RFC 6335 - - at least for ports that have not been submitted to/agreed as being accepted/'assigned' by IANA. – DennisVM-D2i Apr 07 '23 at 11:24
24

Pick a port number from 49152 through 65535.

IANA publishes a list of currently assigned ports.

http://www.iana.org/assignments/port-numbers

The Dynamic and/or Private Ports are those from 49152 through 65535. This is the range from where you SHOULD pick a port for your in-house applications. Of course any port belonging to one of the unassigned ranges on the published list can be used. But be aware that by picking a port number from those unassigned ranges there is no guarantee whatsoever that the port you choose will not be a reserved port in the future.

UNASSIGNED PORT NUMBERS SHOULD NOT BE USED. THE IANA WILL ASSIGN THE NUMBER FOR THE PORT AFTER YOUR APPLICATION HAS BEEN APPROVED.

And make sure that the port number you pick is configurable as you stated:

That port will be embedded in the config files for the service and the clients that are consuming the service.

This will avoid headaches in case some other 3rd party you-cannot-touch software is using your port number. If that happens you just go ahead and change it on the configuration file and it just works.

Jorge Ferreira
  • 96,051
  • 25
  • 122
  • 132
  • 24
    _On the other hand, application software MUST NOT assume that a specific port number in the Dynamic Ports range will always be available for communication at all times, and a port number in that range hence **MUST NOT** be used as a service identifier._ [RFC 6335](http://tools.ietf.org/html/rfc6335#page-20) – Bolu Sep 22 '14 at 10:39
  • 14
    Bolu is correct. **Don't use a port number within the dynamic range**. See my explanation elsewhere on this page. – adrianwadey Jul 01 '16 at 09:04
  • 3
    Not wise. As the system might choose to assign the port you are using at any given moment. So your server might look as it working only to fail on a latter loading. – rxantos Sep 22 '16 at 01:40
  • 4
    On the opposite, take a port already assigned to something you're sure won't ever get needed. For example, TCP 31457 is assigned to TetriNET, so it's a pretty sure bet (unless your business is multiplayer tetris). – maaartinus Aug 20 '18 at 18:17
  • 2
    Consider @adrianwadey comment. As stated, "Ports 1024-49151 are the User Ports and are the ones to use for your own protocols.", but the collision with another application listening in the same port is remote and could be fixed choosing another port. If you choose a port in the Dynamic range, anytime could be already in use by another applications due to Windows uses them for outgoing connections, so it's almost impossible to guarantee that a port in the Dynamic range will be always available for your application. – David Oliván Mar 26 '19 at 10:24
  • 4
    So I don't quite understand why this is still the chosen answer... – Leonmax Dec 21 '19 at 21:31
14

Short answer: Avoid anything up to and including 1023, or over 49152, and test the chosen port against services on your network.

If you've taken the reasonable precautions that it appears you have (putting the port number in a config file), it shouldn't be an enormous disruption if you later discover a conflict.

But (so that I can add something to the other suggestions that have popped up while I've been typing) make sure that you make it easy to change! If it's in config files, make it obvious. Document it, and point it out in troubleshooting. It's the sort of thing that could go wrong, so make it easy to debug if it needs changing.

Keith Lawrence
  • 301
  • 2
  • 6
  • 12
    Wait, you're telling me to *avoid* ports above 49152, but the top answer says you should *only* pick ports 49152 and above. What? – Camilo Martin Feb 01 '16 at 22:45
  • 5
    @CamiloMartin See also adrianwadey's answer. The top answer is sound advice for peer-to-peer applications (e.g. BitTorrent), since they tend to use dynamic ports anyway, often with some kind of discovery service; not so much for client-server applications, which need a reasonably stable port number – even if the port number is stored in a config file, you need to reconfigure the server _and_ its clients whenever it changes. – JuSTMOnIcAjUSTmONiCAJusTMoNICa Jul 06 '17 at 14:04
5

In addition to the other suggestions about picking a common application port, I'd suggest that you make the port configurable within your application. Hard-coded port numbers are a bad idea, particularly if you later find a port conflict with another application and need to change yours.

Kluge
  • 3,567
  • 3
  • 24
  • 21
0

As a note remember to check those port by netstat /a /n to see if its using by other application or not. I find out vista used the 49152 .... for some application level reason. Basically, because most of the system level listener does not implement port sharing its much safe to use the those ports which are not used at all.

Asclepius
  • 57,944
  • 17
  • 167
  • 143
-1

Here is a good list of common application ports. Make your own choice in an empty slot. Maybe you should also scan your network for any in-house special application.

Typically high numbers port are available and I would suggest them but they could be blocked by firewalls.

Veynom
  • 4,079
  • 2
  • 19
  • 24