Ephemeral/Random ports used for TCP connections to GitLab server

Hi all,

I have my own GitLab server deployed in my internal network and this server is monitored. Around the last few days, I saw that after several requests through the APIs to GitLab (www.my_internal_domain.com/api/v4/XXX) different TCP connections are produced from random ports to port 443.
These random ports would include for example port as: 5805, 32098, 14407, 48248 among others. The flow of communication, being TCP, it is inbound and outbound.

Is this behavior normal or expected from GitLab runners (from kubernetes) or from GitLab in general? Is it normal that there are these connections from apparently random ports to the web where GitLab is hosted?

Thanks for your time!

All incoming connections to port 443 will always have a source port that they come from, be it from your web browser, or from Gitlab Runner or whatever else connects to port 443. So yes, it’s normal for source ports greater than port 1024, whether it is Gitlab or other web applications listening on port 443 for connections.

Thanks for your time and response @iwalker!

And would it be possible to know if these ports are randomly generated by some kubernetes pod/cluster? Is there any documentation on this to verify that this is something ‘normal’ and expected?

If you speak to your networking people they will tell you that it’s normal. It doesn’t matter if it is Kubernetes or your laptop with Chrome/Firefox, the source ports will always be greater than 1024 and pretty much random between ports 1025 and 65535. For example, when I just did it with Chrome/Brave, connecting to my Gitlab instance, and then running netstat on my laptop:

tcp        0      0 192.168.1.10:45904      1.2.3.4:443      ESTABLISHED
tcp        0      0 192.168.1.10:45898      1.2.3.4:443      ESTABLISHED

as you can clearly see, my laptop has used source port 45xxx to connect to my Gitlab server on 1.2.3.4 port 443. It will show similar on the Gitlab side as well.

1 Like