(2^16)-1, or 0-65,535 (the -1 is because port 0 is reserved and unavailable). (edited because o_O Tync reminded me that we can't use port 0, and Steve Folly reminded me that you asked for the highest port, not the number of ports)
But you're probably going about this the wrong way. There are people who argue for and against non-standard ports. I say they're irrelevant except to the most casual scanner, and the most casual scanner can be kept at bay by using up-to-date software and proper firewall techniques, along with strong passwords. In other words, security best practices.
Although 1-65535 are legit TCP ports and it is true that 1-1023 are for well known port services. You may run into random issues with your own services if they are started after an ephemeral port is established. For those who may not know, ephemeral ports are those that are connected locally for remote end points (or something to that effect). So if you write a TCP service that listens on port 20001. You might be good today... and tomorrow. But one day your service may startup and attempt to bind to 20001 and it will fail because it was taken as an ephemeral port. There is a solution. You must have your admin, or yourself, change the system ephemeral port range policy on your server. On linux systems it is done in two steps:
Dynamically
Permanently
Both steps must be taken, unless you are planning to reboot (in which case the Dynamic step is not needed). To set your range up to 40000 thru 65535 do the following:
(2^16)-1, or 0-65,535 (the -1 is because port 0 is reserved and unavailable). (edited because o_O Tync reminded me that we can't use port 0, and Steve Folly reminded me that you asked for the highest port, not the number of ports)
But you're probably going about this the wrong way. There are people who argue for and against non-standard ports. I say they're irrelevant except to the most casual scanner, and the most casual scanner can be kept at bay by using up-to-date software and proper firewall techniques, along with strong passwords. In other words, security best practices.
1-65535 are available, and ports in range 1-1023 are the privileged ones: an application needs to be run as root in order to listen to these ports.
Although 1-65535 are legit TCP ports and it is true that 1-1023 are for well known port services. You may run into random issues with your own services if they are started after an ephemeral port is established. For those who may not know, ephemeral ports are those that are connected locally for remote end points (or something to that effect). So if you write a TCP service that listens on port 20001. You might be good today... and tomorrow. But one day your service may startup and attempt to bind to 20001 and it will fail because it was taken as an ephemeral port. There is a solution. You must have your admin, or yourself, change the system ephemeral port range policy on your server. On linux systems it is done in two steps:
Both steps must be taken, unless you are planning to reboot (in which case the Dynamic step is not needed). To set your range up to 40000 thru 65535 do the following:
Dynamic
echo 40000 65535 > /proc/sys/net/ipv4/ip_local_port_range
or
sysctl -w net.ipv4.ip_local_port_range="40000 65535"
Permanent
Add the following to /etc/sysctl.conf:
net.ipv4.ip_local_port_range = 40000 65535
To read the current setting or to confirm the change:
/sbin/sysctl net.ipv4.ip_local_port_range
The output will be something like this:
net.ipv4.ip_local_port_range = 9000 65500
Be sure you understand the purpose of your server. Reducing the range too much can lead to other issues.
Happy Coding! (or whatever you do)