I know a listening socket on 0.0.0.0 is listening on all IPv4 interfaces.
But we also see a lot of 'bound' stockets on 0.0.0.0, if we check with Get-NetTCPConnection
in powershell.
All on high port numbers (63000+) with a both local and remoteaddress of 0.0.0.0, and a remote port of 0.
What kind of sockets can this be?
We see this on a windows web server (2016), which serves a number of websites (IIS).
This server also hosts the ASP.NET state server, which is also accessed from another server in the same network.
When there are about 50-100 users active on these sites, there are about 1000 of these sockets open.
When there's more activity, the number of these sockets also grow.
Best Answer
These are ephemeral ports. They always "bind" to
0.0.0.0:<range>
and remote0.0.0.0:0
. You can also check the setting usingnetsh int ipv4 show dynamicport tcp
, e. g. on my Windows 10 workstation:You can change this setting by using
netsh int ipv4 set dynamicport tcp start=X num=Y
, but usually you shouldn't need to.This Microsoft documentation lists the defaults per service.