Port Usage by TCP/UDP services configured with wildcard character
search cancel

Port Usage by TCP/UDP services configured with wildcard character


Article ID: 270350


Updated On:


CA Privileged Access Manager (PAM)


We need to know what port range PAM uses for listeners on the local IPs defined in TCP/UDP services when the local port is configured with a wildcard, such as the following PuTTY service:


Applies to any PAM release.


In this case the connection manager for the service will listen on an ephemeral port chosen by the operating system that the PAM client runs on.

On a Windows host the ephemeral port range can be checked with powershell command "netsh int ipv4 show dynamicport tcp". On Linux it would be "sysctl net.ipv4.ip_local_port_range". On a Mac command "sysctl -a | grep portrange" should include this information. Typically the system will keep choosing the next available port after the last one used until it reaches the maximum of the ephemeral port range, and then start from the beginning.

Connection managers for built-in access methods such as SSH and RDP, which use local IP address, also bind to an ephemeral port.

When you use the "Restart Session" button on the access page, the current connection managers are terminated and new ones will be created. The managers for services using ephemeral ports will listen on different ports after the restart.