Sockets – Understanding Bound State on 0.0.0.0 in Windows Server 2016

powershellsocketwindows-server-2016

I know a listening socket on 0.0.0.0 is listening on all IPv4 interfaces.
But we also see a lot of 'bound' stockets on 0.0.0.0, if we check with Get-NetTCPConnection in powershell.
All on high port numbers (63000+) with a both local and remoteaddress of 0.0.0.0, and a remote port of 0.

What kind of sockets can this be?
We see this on a windows web server (2016), which serves a number of websites (IIS).
This server also hosts the ASP.NET state server, which is also accessed from another server in the same network.

When there are about 50-100 users active on these sites, there are about 1000 of these sockets open.
When there's more activity, the number of these sockets also grow.

Best Answer

These are ephemeral ports. They always "bind" to 0.0.0.0:<range> and remote 0.0.0.0:0. You can also check the setting using netsh int ipv4 show dynamicport tcp, e. g. on my Windows 10 workstation:

Protocol tcp Dynamic Port Range
-------------------------------
Start Port      : 49152
Number of Ports : 16384

You can change this setting by using netsh int ipv4 set dynamicport tcp start=X num=Y, but usually you shouldn't need to.

This Microsoft documentation lists the defaults per service.

Best Answer

Related Solutions

The difference between Unix sockets and TCP/IP sockets

Firewall – Communicating between two servers sitting behind their respective NATs

Related Topic