1. Library
  2. Ports
  3. Basics

Ephemeral Ports (49152-65535)

Updated 2 hours ago

Every conversation needs a return address.

When your browser connects to a server, the server needs to know where to send the reply. Your IP address tells it which computer, but that's not enough—you might have fifty tabs open, all talking to different servers (or the same server). The server needs to reach the specific conversation, not just the computer.

That's what ephemeral ports do. Every time your computer initiates a connection, your operating system assigns a temporary port number to that conversation. The complete address becomes your IP plus your ephemeral port. When the server responds, it sends packets back to that specific port, and your OS routes them to the right application.

The Mechanics of Temporary Ports

Ephemeral means short-lived. These ports exist only for the duration of a connection. When you close a browser tab, the ephemeral port assigned to that tab's connections eventually returns to the available pool.

The IANA officially designates ports 49152-65535 as the dynamic range—16,384 ports available for temporary assignment. But operating systems have historically done their own thing:

  • Linux: 32768-60999 (28,232 ports)
  • Windows (Vista and later): 49152-65535
  • macOS/FreeBSD: 49152-65535
  • Older Windows: 1024-5000 (a painfully small 3,977 ports)

These differences matter when you're troubleshooting. A port number in the 40000s means different things on different systems—it could be an ephemeral assignment on Linux or a configured service on Windows.

How Your OS Picks a Port

When an application creates a connection without specifying a port, the OS selects one from the ephemeral range. Modern systems use randomized selection rather than sequential—partly for unpredictability, but mainly to avoid collisions with recently closed connections.

Here's where it gets interesting. After a TCP connection closes, the port doesn't immediately become available. It enters a state called TIME_WAIT, typically for 60-240 seconds. The system holds onto dead connections to protect against ghosts—packets that arrive late from a conversation that's already over. If the port were immediately reused, a delayed packet from the old connection could be misinterpreted as belonging to the new one.

The port selection algorithm respects TIME_WAIT. It looks for ports that are both unused AND not waiting for ghosts. Under normal conditions, this works invisibly. Under heavy load, it becomes a constraint.

Firewalls and the Ephemeral Range

Stateful firewalls track connections. When your computer initiates a connection to port 443 on some server, the firewall notes this and automatically permits the server's response packets to reach your ephemeral port. Simple.

Stateless firewalls and basic ACLs don't track connections. They need explicit rules permitting inbound traffic to the ephemeral range. This looks alarming—"allow inbound to ports 32768-65535" seems like opening thousands of doors. But the operating system provides the real protection: it rejects packets that don't match an active connection, regardless of what the firewall permits.

NAT devices add another layer. They must track the mapping between your internal ephemeral port and the external port they've assigned for translation. Every active connection consumes an entry in the NAT table. High-traffic networks can exhaust NAT capacity before they exhaust ephemeral ports.

Running Out of Ports

Port exhaustion is real. With 16,000-28,000 ephemeral ports and TIME_WAIT holding each one for minutes after closure, a system making thousands of short-lived connections can run dry.

The math is unforgiving. If TIME_WAIT lasts 120 seconds and you're opening 200 connections per second, you need 24,000 ports just for the waiting connections. Add your active connections, and you've exceeded most default ranges.

Symptoms appear suddenly. Applications fail to connect. Error logs fill with binding failures. The system works fine at 150 connections per second and falls over at 200.

Solutions:

  • Expand the range: Linux's default of 32768-60999 provides more headroom than IANA's recommendation
  • Connection pooling: Reuse connections instead of creating new ones for each request
  • Multiple IP addresses: Ephemeral ports are per-IP, so additional addresses multiply capacity
  • Reduce TIME_WAIT: Possible but risky—those ghosts exist for a reason

Frequently Asked Questions About Ephemeral Ports

Was this page helpful?

😔
🤨
😃