You’re probably using port numbers every single day without even realizing it, and the most surprising thing is how many of them are completely unassigned and available for you to use.
Let’s watch a real connection happen. Imagine your web browser (let’s call it the client) wants to fetch a webpage from a web server.
Client (your machine):
- Source Port: 49152 (ephemeral)
- Destination Port: 80 (well-known, for HTTP)
Server (web server):
- Source Port: 80 (well-known, for HTTP)
- Destination Port: 49152 (ephemeral)
When your browser initiates the connection, it picks a random, unused port from a large range (the ephemeral ports) to be its source port. It then directs its request to the web server’s destination port, which is typically port 80 for standard HTTP traffic. The server, upon receiving this request, will use its own port 80 as the source port for its reply, and it will send that reply back to your client’s ephemeral destination port (which was its source port). This handshake ensures both ends know where to send and receive data.
The Internet Assigned Numbers Authority (IANA) divides port numbers into three main ranges:
- Well-Known Ports (0-1023): These are reserved for common, widely used services. Think of ports 21 for FTP, 22 for SSH, 80 for HTTP, and 443 for HTTPS. Applications typically need administrative privileges to bind to these ports because they’re so fundamental to network operations. If you’re running a web server, you’ll likely bind it to port 80 or 443.
- Registered Ports (1024-49151): These are for specific applications and services that aren’t as universally common as the well-known ones. For example, many databases or custom business applications might register a port in this range. While they don’t strictly require admin privileges to bind to, it’s good practice to use them to avoid conflicts with other services.
- Dynamic/Private/Ephemeral Ports (49152-65535): This is the largest range, and it’s where your operating system dynamically assigns ports for outgoing client connections. When you open a new tab in your browser, connect to a VPN, or any time your machine needs to initiate a connection to a remote service, it grabs a port from this pool. This is why your browser can connect to multiple websites simultaneously without conflict – each connection uses a different ephemeral source port.
Here’s a quick way to see this in action on a Linux or macOS system. Open your terminal and run:
sudo lsof -i -P -n | grep LISTEN
This command lists all open files (including network connections) and shows you which ports are being listened on. You’ll see entries like sshd *:22 (LISTEN) or nginx *:80 (LISTEN). The * means it’s listening on all network interfaces, and 22 or 80 are the well-known ports being used by services like SSH and Nginx.
Now, to see the ephemeral ports in action, run:
sudo lsof -i -P -n | grep ESTABLISHED
You’ll see lines representing active connections, typically showing a local IP and a high-numbered port (e.g., 192.168.1.10:53874) connected to a remote IP and a lower-numbered port (e.g., 172.217.160.142:443). The 53874 is your ephemeral source port, and 443 is the well-known destination port on the remote server.
The most counterintuitive part about port numbers is that even though the IANA has designated specific ranges, the actual enforcement of who can bind to which port is largely left to the operating system. While well-known ports (0-1023) usually require root or administrator privileges to bind to, the registered (1024-49151) and dynamic (49152-65535) ranges are generally available for any user-level process to use. This means you could, in theory, run a custom application on your machine that listens on port 8080 (registered) or even port 80 (if you have admin rights and no other service is using it), and the system would let you. The "registered" status is more of a convention to prevent accidental conflicts than a hard technical restriction for most ports.
Understanding port ranges helps you troubleshoot network issues, configure firewalls, and even develop your own network applications without stepping on the toes of essential services.
The next rabbit hole you’ll likely fall down is how TCP and UDP use these ports differently.