I want to set my port forwarding routes far far away from the normal ports which my computer uses. I asked this question on Google and nothing like it came up, so, here I am.
(this is a subjective question I know just shoot)
Asked
Active
Viewed 4.2k times
3 Answers
9
You should take a look at nmap's nmap-services file (contained in the sources). A line will be like this:
# Service name, portnum/protocol, open-frequency, optional comments
tcpmux 1/tcp 0.001995 # TCP Port Service Multiplexer [rfc-1078]
This way, you can look at ports non-dedicated to well-known services, which are specified as 'Service name = unknown'. The list is quite extensive:
petrus:~/nmap-6.25$ grep unknown nmap-services | wc -l
15411
Also, another very interesting field in the nmap-services is the open-frequency number. Pick the port which has the lowest number for your needs.
This has nothing to do with the operating system, as the file is just plaintext. You can grab the file in the sources or on nmap's web svn.
Here are the 10 least-used ports according to the nmap-services file:
petrus:~/nmap-6.25$ grep unknown nmap-services | awk -F" " '{print $3 " " $2}' | sort | head
0.000013 226/tcp
0.000013 228/tcp
0.000013 229/tcp
0.000013 234/tcp
0.000013 238/tcp
0.000013 270/tcp
0.000013 271/tcp
0.000013 277/tcp
0.000013 288/tcp
0.000013 289/tcp
petrus
- 5,297
- 26
- 42
-
Does this work on windows? Forgive me but my mac is in the shop. – boulder_ruby May 17 '12 at 22:10
-
@David: of course. See my edit. – petrus May 17 '12 at 22:43
6
There's a sister question to this on Security.SE: Are some uncommon TCP ports scanned less than others?
Among other things in my answer, you'll find from the registered port list there (or in SpacemanSpiff's answer) that... the range 49152–65535 - above the registered ports - contains dynamic or private ports that cannot be registered with IANA
Jeff Ferland
- 20,547
- 2
- 62
- 85
-
Just saw your answer, and I didn't knew that this answer existed on security.SE... – petrus May 17 '12 at 21:49
4
There are only ~65k ports available. The first thousand or so are considered "well known". Usage over this is fairly random. Just pick something you can remember with 5 digits. You are STILL going to get port scanned, so be sure whatever you forward to is locked down.
EDIT: This will help you http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
SpacemanSpiff
- 8,753
- 1
- 24
- 35
-
To clarify a bit: There are 65535 ports available, where the first 1023 are "well known", and in a *nix env, are restricted to root initiated services. Port 1024 through 49151 are not restricted, although apps that use them may have "reserved" the port via IANA registration. Port 0 is a pseudo port where an app can bind to it and the OS will search and define one within the acceptable dynamic range (49152 through 65535). – dhaupin Sep 15 '16 at 15:22
-
THIS IS IT! I came here looking for a port I could use for testing a service watchdog. I want a port that is reliably NOT in use. The Wikipedia article referenced showed several "reserved" ports in the well-known range. Now my problem is which to choose... #8>P\__ – Stevel Jan 07 '21 at 01:59