Port Range Calculator

Understanding TCP/UDP Ports

Ports are 16-bit numbers (0-65535) used to identify specific applications or services in network communications. When data arrives at a host, the port number determines which application receives it. Understanding port ranges and their classifications is essential for network configuration, firewall rules, security policies, and troubleshooting network connectivity issues.

Ports are divided into three ranges: well-known ports (0-1023), registered ports (1024-49151), and dynamic/private ports (49152-65535). Each range serves different purposes, and understanding these classifications helps network administrators configure firewalls, set up services, and diagnose network problems.

Port Range Classifications

Well-Known Ports (0-1023)

Reserved for system services and require administrator privileges to bind. Examples:

• 20, 21: FTP (File Transfer Protocol)
• 22: SSH (Secure Shell)
• 23: Telnet
• 25: SMTP (Email)
• 53: DNS (Domain Name System)
• 80: HTTP (Web)
• 443: HTTPS (Secure Web)

Registered Ports (1024-49151)

Assigned by IANA for specific applications. Examples:

• 3306: MySQL
• 5432: PostgreSQL
• 8080: HTTP Alternate
• 27017: MongoDB
• 3389: RDP (Remote Desktop)

Dynamic/Private Ports (49152-65535)

Used for temporary connections, client-side ports, and ephemeral ports. Not assigned to specific services.

Port Range Calculations

The total number of ports in a range is calculated as:

For example, ports 1024-2048 include 1,025 ports (2048 - 1024 + 1 = 1025).

Practical Applications

Firewall Configuration

Firewalls use port ranges to allow or block traffic. Understanding port ranges helps configure firewall rules efficiently, opening only necessary ports.

Service Configuration

Applications must bind to specific ports. Understanding port classifications helps select appropriate ports and avoid conflicts.

Network Troubleshooting

Port ranges help identify which services are running and diagnose connectivity issues. Port scanning tools use port ranges to discover services.

Security Policies

Security policies often restrict access to specific port ranges. Understanding classifications helps implement appropriate restrictions.

Common Port Ranges

Important Considerations

Port Conflicts

Only one application can bind to a specific port at a time. Port conflicts prevent services from starting. Use port range calculations to identify available ports.

Ephemeral Ports

Client applications use ephemeral ports (typically in dynamic range) for outbound connections. These are assigned automatically by the operating system.

TCP vs. UDP

TCP and UDP ports are separate. Port 80 TCP (HTTP) is different from port 80 UDP. Both can be used simultaneously by different protocols.

Security Implications

Well-known ports are common targets for attacks. Restrict access to necessary ports only. Use registered ports for custom applications to avoid conflicts.

Port Ranges in Firewall Rules and NAT

Network address translation (NAT) uses ephemeral ports — temporary source ports assigned by the operating system to outbound connections. Linux assigns ephemeral ports from the range defined in /proc/sys/net/ipv4/ip_local_port_range, which defaults to 32768–60999 on modern kernels. Windows uses 49152–65535 by default, matching the IANA dynamic port range. When configuring firewall rules to allow return traffic or when analysing connection logs, knowing which ephemeral range your OS uses prevents misidentifying legitimate traffic as unusual.

Port exhaustion is a real failure mode at scale. A server handling 60,000 simultaneous outbound connections to a single destination IP:port tuple will exhaust the default Linux ephemeral range. Solutions include source port randomisation across a wider range, multiple source IPs, or increasing the ip_local_port_range. Container platforms running hundreds of microservices per host are particularly susceptible — each container shares the host's port namespace, so 100 containers each making 600 simultaneous connections can exhaust the range.

Service Discovery and Port Conventions

While IANA formally assigns well-known ports (0–1023), many services use registered ports (1024–49151) by convention without formal assignment. Docker container networking maps internal service ports (e.g., MySQL on 3306, Redis on 6379, PostgreSQL on 5432) to host ports, often in the registered range. Service meshes like Consul and Kubernetes use sidecar proxies on fixed registered ports per pod. Understanding port range arithmetic helps when planning IP tables rules, security group policies, and service mesh configurations — particularly when calculating how many source ports are available for SNAT in high-throughput applications.

For load balancers terminating HTTPS, the standard is port 443. But many organisations use alternate registered ports (8443, 8080) for staging environments, internal APIs, or to avoid requiring root privileges to bind to ports below 1024 on Linux. Port 8080 and 8443 have no formal IANA assignment but are universally understood — they are safe choices for internal services that do not face the public internet.

Tips for Using This Calculator

• Enter start and end port numbers (0-65535)
• Calculator shows total ports in range and port type classification
• Use for firewall rule planning and port availability checks
• Remember: port ranges are inclusive (both start and end are included)
• For single port, enter same number for start and end
• Always verify critical calculations independently, especially for network security

Disclaimer

This calculator is provided for educational and informational purposes only. While we strive for accuracy, users should verify all calculations independently, especially for critical applications. We are not responsible for any errors, omissions, or damages arising from the use of this calculator.