Random Port Generator

Faixas IANA

• 0–1023: Well-known (HTTP 80, HTTPS 443, SSH 22…) — reservadas.
• 1024–49151: Registered — atribuídas a apps comuns.
• 49152–65535: Dynamic / Ephemeral — livre para uso temporário.

Picking a TCP/UDP port: what the numbers mean

A TCP or UDP port is a 16-bit unsigned integer — the field in the transport header is two bytes wide, so valid values range from 0 to 65535. IANA splits that space into three administrative categories. The well-known ports 0–1023 are reserved for system-level services and require root or administrator privileges to bind on Unix-like systems: HTTP 80, HTTPS 443, SSH 22, SMTP 25, DNS 53, FTP 21, IMAP 993, POP3 110, Telnet 23. The registered ports 1024–49151 are allocated by IANA to specific applications (PostgreSQL 5432, MySQL 3306, MongoDB 27017, Redis 6379, Tomcat 8080, etc.). The dynamic / ephemeral range 49152–65535 is meant for short-lived client-side sockets when a host opens an outbound connection.

Operating systems disagree on the exact ephemeral range. Linux defaults to 32768–60999 (tunable via /proc/sys/net/ipv4/ip_local_port_range); Windows and macOS/BSD follow the IANA recommendation of 49152–65535. RFC 6056 describes how kernels should randomize ephemeral port selection to mitigate off-path TCP attacks like blind reset and connection hijacking — a problem first laid out in Watson's 2004 paper on TCP RST injection.

Risky ports you should never expose to the internet

A handful of ports are constantly scanned by botnets: 22 (SSH brute force), 23 (deprecated Telnet, still common in IoT), 3389 (Windows RDP), 445 (SMB — WannaCry vector), 6379 (Redis ships with no auth in older versions), 27017 (MongoDB had years of "no auth by default" until 3.6), 5432 (PostgreSQL), 3306 (MySQL), 9200 (Elasticsearch), 11211 (memcached, used as a UDP amplification vector). Never bind any of these to 0.0.0.0 on a public-facing host — put them behind a VPN, SSH tunnel, or at least an allow-listed firewall rule.

Why generate a random port

Local development clashes around the usual suspects: 3000 (Node.js), 5000 (Flask/macOS AirPlay), 8000 (Django/Python http.server), 8080 (Tomcat). Spinning up dozens of microservices on a single laptop quickly turns into an "address already in use" tetris. Picking a random port above 1024 — ideally above 10000 — avoids those conflicts and is also handy for choosing a stable port for a service-mesh sidecar, an unusual SSH listening port, or a self-hosted application that has no IANA registration.

FAQ

Can I use any port number? Port 0 is reserved (the kernel uses it to mean "any available port"), but anything from 1 to 65535 is legal. On Linux/macOS/BSD you need root to bind a port below 1024; from 1024 upward any unprivileged user can listen.

Do TCP and UDP share the same port numbers? They share the number space but live in independent namespaces. A process can bind TCP/8080 and UDP/8080 simultaneously without conflict — the kernel treats them as distinct sockets.

Is a listening port unique per machine? Yes — a listening socket is uniquely identified by the tuple (protocol, local IP, local port). Two processes cannot bind the same triple unless they explicitly enable SO_REUSEPORT.

Does the generator avoid well-known ports? Yes, when "Avoid reserved ports (0–1023)" is checked the output is constrained to ≥ 1024. Without the checkbox, the random draw can fall anywhere in the requested range.