What are the differences between the 3 port types?



I have already read through a thread very similar to this one but I still didn't understand it.

Could anyone explain the difference between well known, registered and dynamic ports.

What I know so far:

well known ports are used for listening and are port forwarded to send traffic to a specific ip

dynamic ports are client side and are used only for the active session. once it expires the port becomes available again. These are only used so the traffic comes back to the correct user.

Registered - don't understand at all


Posted 2015-08-12T22:17:08.347

Reputation: 31

Simon, if you have any question on any post then comment on the answer that has been posted, and they can clarify. That can make answers, and your understanding of them, even better. – barlop – 2015-08-13T11:38:11.777



As far as the TCP and UDP protocols are concerned, ports are all the same. Any of them can be used for a service/daemon to listen on, any of them can be port-forwarded in a NAT (a.k.a. NAPT, PAT) gateway, and any of them can be used for a client to initiate a connection from.

Historically, a lot of well known protocols, such as HTTP (80), have been assigned default ports below 1024, so many OSes, including most Unixes and Unix-like OSes, don't allow you to open a listener on those ports unless you have administrator/root credentials. This is under the assumption that your Unix box is actually a multi-user system, and J. Random User shouldn't be able to run an HTTP server on the box and make it seem like that user's HTTP server is THE OFFICIAL HTTP server for that box by running it on port 80. Same with SSH (22), Telnet (23), SMTP (25), FTP (21), etc.

Between 1024 and 49152 are a bunch ports that have been assigned as the default port for a lot of not-so-well-known, especially corporate/proprietary protocols. It's considered best practice for an OS to try not to use these ports.

When a client or server process asks to listen on a port, or asks to initiate an outgoing TCP connection or UDP flow, and doesn't specify a particular port, the TCP and UDP networking code in the kernel (the "network stack") assigns them a currently unused port arbitrarily. In order to not get in the way of services that may later want to use proprietary "registered" ports, the network stack will typically try to avoid using either well-known or registered ports for this, and instead will restrict itself to the ephemeral/dynamic ports between 49152 and 65535.


Posted 2015-08-12T22:17:08.347

Reputation: 84 656


Well-Known Ports

  • The port numbers in the range from 0 to 1023 are the well-known ports or system ports. They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports

Dynamic Ports

  • The range 49152–65535 (215+214 to 216−1) contains dynamic or private ports that cannot be registered with IANA. This range is used for private, or customized services or temporary purposes and for automatic allocation of ephemeral ports.

Registered Ports

  • The range of port numbers from 1024 to 49151 are the registered ports. They are assigned by IANA for specific service upon application by a requesting entity.[1] On most systems, registered ports can be used by ordinary users.. Here are the well-known ports and here are the registered ports.

Here is a great explanation of what ports are for, complements of jcrawford


Posted 2015-08-12T22:17:08.347

Reputation: 8 101


They're just numbers. You don't need to think of them as any more complicated than that.

For instance, TCP port 80 is widely recognized as being the HTTP port. Because that service was recognized as being important, it was given a relatively low number on IANA's ports list. (Click the "XML" hyperlink on that page if you want to see the whole list, not broken up by port number.)

However, if you wanted to place a different service (like an SSH server) on a non-default port (like TCP port 80), this will work. Typically this means that both the server and the client will need to specify non-default settings, and there may be some other side effects (like "netstat -a" showing "www" even though it is an SSH connection), but it will work.

So what this means is that there's really no technical difference between a "well-known" port, or a "registered port", or a "dynamic"/"ephemeral" port. In many cases the ports behave exactly the same, and if the ports are treated differently based on which number range they fall in, that is often just some default behavior that can be overridden.

The ports 1023 and lower are lumped into the "well-known" category just because the number is 1023 or less. In fact, IANA's page even provides different names for these categories: "System" ports (for 0-1023), User ports (for 1024-49151), and Private ports (for 49152-65535). So, even the names of the categories can vary. In summary, unless you're preparing for an examination, you don't typically need to worry too much about which category a port number falls into.


Posted 2015-08-12T22:17:08.347

Reputation: 12 651


Your definition for dynamic ports looks clearer in some ways, than any of the answers.

You write

dynamic ports are client side and are used only for the active session. once it expires the port becomes available again. These are only used so the traffic comes back to the correct user".

I'd just amend that last word to "client".

Users aren't relevant, it's all about the computers. Users just facilitate the communication of the computers!

The server can use the IP to send it to the right computer(the client computer). It got a packet it sees the source IP of the packet it got and it can write that in as the dest IP when it sends the packet out.

Toomgo points out in his comment, that a process can start many "conversations".

The client port will identify which conversation that packet is part of.

You write

well known ports are used for listening and are port forwarded to send traffic to a specific ip

I'd say well known ports are for listening. So, as you know, they're server side. The computer with the port that listens is the server (according to a main definition for server anyway)

NAT Routers if they're doing port forwarding, would port forward to them. But Port forwarding is something that if done, is done on the "NAT router" but you could connect from one computer in your LAN, to another computer in your LAN. No port forwarding. So it's not part of any definition of when you are using a well known port.

Registered - don't understand at all

i'm not sure that I do either.

It looks like they might just be the same as well known ports but not as well known.. i.e. one could call them less well known ports. And the so-called well known ports are < 1024, and the so-called registered ports are over 1023.

Really technically it doesn't matter what IANA say a port is for. People can run servers on any port they want as long as they know or find out what is running on the port so they know what they're connecting to / what port to connect on. Of course if you're dealing with people that expect something to on a particular port or software expects it, then you might want to use that port. Like port 80 for webpages.. and some use port 8080 for internal web. Or as a memory aid you might want to stick to convention. As one layer of security people sometimes run a server on a high port so a hacker can't guess it.

A NAT router if doing port forwarding, would port forward to them too.

So the distinction you made, is the best. The dynamic client side ports, and the server side ports. And yeah if any NAT router is doing port forwarding, they'd do it to the server side ports. And IANA seems to have lists that name the server side ports numbers with what conventionally would be on there, and they categorize the lists, with the conventions for ports < 1024 as "well known"and the conventions for ports > 1023 as "registered" which I guess is like less well known. But technically I guess there isn't really a difference beyond that.


Posted 2015-08-12T22:17:08.347

Reputation: 18 677

I agree 100% that well-known ports and registered ports are kind of a fuzzy mix. The only main difference I know of is that in Unix environments, you need sudo privileges in order to bind well-known ports. I found a few interesting explanations between the two.

– DrZoo – 2015-08-13T00:08:58.870

@barlop Despite your "I'd say" and "i'm not sure" and "I guess", you're pretty right. One note is that the TCP port numbers are meant to distinguish conversations, not users or computers. For instance, you can create multiple HTTP or FTP connections to the same server, and download multiple files at once. The TCP port numbers (combined with the IP/network address) can help keep track of which incoming data is meant for which file transfer communication/conversation, even if the same user @ the same computer is being used. – TOOGAM – 2015-08-13T00:22:35.370

@TOOGAM Yeah.. indeed, more specific than computer.. I'd note though that in the case of UDP ports it can be potentially be a monologue, rather than a connection/"conversation". I suppose it could be a conversation too even with UDP(even though technically UDP is termed connection-less)..And I suppose the ports help the OS identify what process the packet is for, as well as helping process (as you say) identify which "conversation" the packet was/is part of. – barlop – 2015-08-13T01:01:21.473

1If I send two DNS queries to the same DNS server (using UDP), the correct response should match the query. So UDP does support the concept of multiple conversations (hence the usefulness of port numbers) and replies, even though it doesn't do TCP's fancy "3-way handshake" method of initiating what TCP calls a "connection". – TOOGAM – 2015-08-13T01:03:44.310