What happens when a router runs out of port numbers?

I noticed while looking at the site ipchicken (http://www.ipchicken.com/) that when I go on there from my desktop or my phone or the university wifi, it gives me a "Remote Port". There's a range of port numbers (it never seems to go above 65,000 or so). But what if I write a program that listens on every single port? Will the router run out of ports? Will it block new people from connecting? What happens when a router runs out of internal port numbers?

Sacha T Red

Posted 2015-06-15T09:11:13.653

Reputation: 251

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers – Tetsujin – 2015-06-15T09:16:16.463

65535 available ports... What could you possibly be running at any one time that requires all of them?! – Kinnectus – 2015-06-15T09:18:15.933

I was thinking of circumventing symmetric NAT by creating a socket for every single port, and then using a thread pool of the maximum number of threads the JVM could handle to send packets out of every single port using the entire thread pool for concurrency. But that would exhaust every single port in the router and anyone else who wishes to use the router might have their packets dropped. – Sacha T Red – 2015-06-15T09:26:42.043

@SachaTRed - So you want to basically perform a DDOS attack? I hope you understand the University will know EXACTLY WHO does something like this, so please don't, what possible reason could you have? – Ramhound – 2015-06-15T11:00:18.883

umm... I am testing my own RTP client and I don't want to use TURN because amazon AWS charges extra money for server bandwidth usage. – Sacha T Red – 2015-06-15T16:13:17.737

Although if you take up less than all ports. it might be possible to just cycle (take up the first 20%, try, release the first 20%, retry on the next 20% until you manage to get a packet through). This probably won't be necessary on a university WiFi because their symmetric NAT has a predictable port mapping scheme (it increases my port number by 1 every time I reconnect, so I can just guess the next port), but with the 3G/4G cell phone tower, it basically picks a random port, so making a connection with STUN is like a lottery. – Sacha T Red – 2015-06-15T16:17:31.323

But yeah, the IT guys would probably kill me if I accidentally caused a denial of service. But like I said, predictable port mapping schemes are well... predictable and cell phone station towers probably have multiple IP addresses and can just switch if they max out on used ports (since they have more than 65k cell phones connected to a tower anyway) – Sacha T Red – 2015-06-15T16:24:11.663

Answers

Ports in TCP or UDP protocols are stored in 16-bit integer, so it is only 65535 ports possible to use.

If you use every port on your computer, than any application which needs a socket (connection) will not have it. Functions like listen() or connect() will result in error until there will be free port to use.

If you use every port in router (with NAT) than every new connection will be buffered or dropped. If router is just a router, not a gateway with NAT, the problem with ports will not exist, because transport layer (4th layer in ISO/OSI model) is not analyzed.

Krzysztof Sawicki

Posted 2015-06-15T09:11:13.653

Reputation: 296

There is NAT. Wifi router with NAT. – Sacha T Red – 2015-06-15T09:27:34.583

By buffered, you mean that they would be put on hold for a second? – Sacha T Red – 2015-06-15T09:28:45.053

@SachaTRed: In theory. I think most implementations of TCP/UDP/IP stack will drop this packet. – Krzysztof Sawicki – 2015-06-15T09:33:43.530

"If no ports are available, the packet is dropped." http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html

Sacha T Red

Posted 2015-06-15T09:11:13.653

Reputation: 251

TCP/IP works as follows:

When you create a connection between client and server, it connects to a port based on port and ip address.

Your ip address is the ip address given by the server, and the port is anything given by the party that initiates the connection. For example, an FTP server will connect to port 21 unless the server specifically mentions to use a different port.

Setting up a connection can be done in 2 ways.

First, the server listens on the public port for any connections to initiate the link that is going to be made. Then one of the following two things happen:

The server creates a new socket using a different port and replies with: please connect to this port.
The server asks to which port on your side it can connect, and connects to that.

The difference here is that with the first, all connections are outbound from the client side, thus no ports needs to be forwarded on the router. Whereas the second item uses an incoming port that needs to be configured.

The difference in technique is basically a matter of bandwidth vs opening ports on the clientside.

Now, when from the outside, a connection is being made to your public IP, on any given port, your router will accept the port, and using the internal rules (routing) it will forward the communication to a client ip on the local network. If you are hosting a server, the connection will then be closed and resumed on a new port, freeing the public port.

As long as the port remains open, a new connection cannot be made, and thus the source will keep trying depending on the time-out settings until eventually it gives up, and a time-out occurs.

So basically what you want to do is creating rules for all ports on your router to forward data to your program, and let your program open the connection, and forward it to the new ip. This basically means you create a router yourself. As a result, your speed will slow down and if not done properly, connections may not terminate properly etc.

Basically you are creating a program that most likely the firewall/portforwarding rules on your router can do too.

LPChip

Posted 2015-06-15T09:11:13.653

Reputation: 42 190

On my university wifi network, if I go to "http://www.ipchicken.com/" and repeatedly refresh the website, my public ipv4 address stays the same, but every time I hit "refresh", my public/remote port number increases by 1 port. When I switch to another website that reports my public ip and public port number, it switches to a random public port and then every time I refresh that other website, my public port number increases by 1. When I go back to ip chicken, it increments by 1 from the last port number that ip chicken reported me connecting from (it's like 2am on a sunday and I'm only person)

– Sacha T Red – 2015-06-15T16:30:01.217

So this means that every time I refresh the web page, it opens up a new port on the server side for me and the symmetric NAT responds by giving me a new public port number for that connection. But when I change to a different server, I get a random port number. I think this is because if my web browser uses a different socket bound to a different address for each web page (I will test this by opening two different instances of the same web ip check site). – Sacha T Red – 2015-06-15T16:32:53.167

Now, I cannot configure the university router. I also cannot configure the 3G router of my cell phone carrier. But I can use STUN even though their NAT's are symmetric if I can predict what port number the NAT will open. – Sacha T Red – 2015-06-15T16:33:58.967

But with the 3G router, it is totally impossible to predict because a random port number within the range 1024 to 65535 is chosen for every single new outbound connection, even if it's to the same server. So the only way to deal with randomness is either (a. get your own server and forward all your bandwidth through it[costs money] or b. keep using your free Amazon AWS 12 month trial and just guess every (or at lease most) port number(s) one or more times and hope a connection is made) – Sacha T Red – 2015-06-15T16:36:48.570

Basically, I'm testing if the latter option is even possible. It might not be practical (generating thousands of threads on thousands of ports and playing a little game of port mapping roulette), but I want to know if it will actually work. – Sacha T Red – 2015-06-15T16:39:13.327

Or... Use a proxyserver. You can download this as software, install it, and pipe your web traffic through it. It should limit the connections to a few and depending on the proxy you can configure much. – LPChip – 2015-06-15T16:42:35.037

But Amazon only gives me one free server and they charge for bandwidth. – Sacha T Red – 2015-06-15T16:48:05.940

And I only have 15 GB of bandwidth for an entire year. – Sacha T Red – 2015-06-15T16:49:08.320

My P2P open source Desktop, webcam, and audio streaming, remote desktop, and file sync might use up all my bandwidth. With STUN at least I only use like 1 packet and only to initiate. – Sacha T Red – 2015-06-15T16:50:36.913

Even so... your question was about ports and what happens. That part has been answered. All the rest is not part of this question and makes this turn into a conversation. If you have more questions or more detailed to archieve something, feel free to start a new question. – LPChip – 2015-06-15T16:52:44.417