Dynamic ports in Windows

Recently we had some issues with a Windows 2008 server. The dynamic port range used by the server did not match the firewall rules. The dynamic port range is used when an application listens on port 0 in order to get an arbitrary free port. I turns out that it is quite easy to find and set the port range:

netsh int ipv4 show dynamicport tcp

The same syntax applies for IPv6 and UDP as well. To set the port range, use a similar command:

netsh int ipv4 set dynamicport tcp start=40000 num=1000

This sets the port range to 40000-41000. The smallest range of ports possible is 255 and the highest port number can’t exceed 65535.

