Cheat Sheet · Free Reference
Common Network Ports
Complete networking ports reference with TCP/UDP port numbers, protocols, and service descriptions.
Searchable, copyable, always up to date.
Well-Known Ports (0-1023)
Reserved ports assigned by IANA to common network services. Typically require root/administrator privileges to bind.
| Port | Protocol | Service | Description |
|---|---|---|---|
20 | TCP | FTP Data | File Transfer Protocol — data transfer channel |
21 | TCP | FTP Control | File Transfer Protocol — command/control channel |
22 | TCP | SSH | Secure Shell — encrypted remote login and command execution |
23 | TCP | Telnet | Unencrypted remote login (insecure, avoid in production) |
25 | TCP | SMTP | Simple Mail Transfer Protocol — email routing between servers |
53 | TCP/UDP | DNS | Domain Name System — hostname-to-IP resolution |
67 | UDP | DHCP Server | Dynamic Host Configuration Protocol — server listening port |
68 | UDP | DHCP Client | Dynamic Host Configuration Protocol — client listening port |
69 | UDP | TFTP | Trivial File Transfer Protocol — simple, unauthenticated file transfer |
80 | TCP | HTTP | Hypertext Transfer Protocol — unencrypted web traffic |
110 | TCP | POP3 | Post Office Protocol v3 — email retrieval (unencrypted) |
111 | TCP/UDP | RPC | Remote Procedure Call — SunRPC portmapper |
119 | TCP | NNTP | Network News Transfer Protocol — Usenet newsgroups |
123 | UDP | NTP | Network Time Protocol — clock synchronization |
135 | TCP | MSRPC | Microsoft RPC — Windows endpoint mapper (frequently targeted) |
137 | UDP | NetBIOS Name | NetBIOS Name Service — Windows network name resolution |
138 | UDP | NetBIOS Datagram | NetBIOS Datagram Service — connectionless communication |
139 | TCP | NetBIOS Session | NetBIOS Session Service — connection-oriented file/print sharing |
143 | TCP | IMAP | Internet Message Access Protocol — email retrieval (unencrypted) |
161 | UDP | SNMP | Simple Network Management Protocol — device monitoring (queries) |
162 | UDP | SNMP Trap | SNMP Trap — device-initiated alert notifications |
389 | TCP/UDP | LDAP | Lightweight Directory Access Protocol — directory services |
443 | TCP | HTTPS | HTTP over TLS/SSL — encrypted web traffic |
445 | TCP | SMB | Server Message Block — Windows file/print sharing (frequently targeted) |
465 | TCP | SMTPS | SMTP over SSL — encrypted email submission (legacy) |
514 | UDP | Syslog | System logging protocol — centralized log collection |
587 | TCP | SMTP Submission | Mail submission agent — authenticated email sending (STARTTLS) |
636 | TCP | LDAPS | LDAP over SSL/TLS — encrypted directory services |
993 | TCP | IMAPS | IMAP over SSL/TLS — encrypted email retrieval |
995 | TCP | POP3S | POP3 over SSL/TLS — encrypted email retrieval |
Registered Ports (1024-49151)
Ports assigned by IANA to specific services upon request. Do not require elevated privileges.
| Port | Protocol | Service | Description |
|---|---|---|---|
1080 | TCP | SOCKS Proxy | SOCKS proxy protocol — general-purpose proxy for TCP traffic |
1194 | TCP/UDP | OpenVPN | OpenVPN tunnel — encrypted VPN connections |
1433 | TCP | MSSQL | Microsoft SQL Server — database connections |
1521 | TCP | Oracle DB | Oracle Database listener — TNS connections |
2049 | TCP/UDP | NFS | Network File System — distributed file sharing |
3128 | TCP | Squid Proxy | Squid HTTP proxy — web caching and filtering |
3306 | TCP | MySQL | MySQL / MariaDB — database connections |
3389 | TCP/UDP | RDP | Remote Desktop Protocol — Windows remote access (frequently targeted) |
5432 | TCP | PostgreSQL | PostgreSQL — database connections |
5900 | TCP | VNC | Virtual Network Computing — graphical remote desktop |
6379 | TCP | Redis | Redis — in-memory key-value data store |
8080 | TCP | HTTP Alt | Alternate HTTP — commonly used for web proxies and dev servers |
8443 | TCP | HTTPS Alt | Alternate HTTPS — secondary encrypted web services |
8888 | TCP | Alt HTTP | Alternate HTTP — commonly used for admin panels and Jupyter |
9200 | TCP | Elasticsearch | Elasticsearch REST API — search and analytics engine |
9300 | TCP | ES Transport | Elasticsearch transport — inter-node cluster communication |
27017 | TCP | MongoDB | MongoDB — NoSQL document database connections |
Security-Related Ports
Ports commonly targeted in attacks, used by security tools, or relevant for firewall and IDS/IPS configuration.
| Port | Protocol | Service | Description |
|---|---|---|---|
22 | TCP | SSH | Brute-force target — use key-based auth, disable root login |
23 | TCP | Telnet | Cleartext protocol — disable and replace with SSH |
135-139 | TCP/UDP | NetBIOS / MSRPC | Windows services — block from untrusted networks (WannaCry, EternalBlue) |
445 | TCP | SMB | High-value target — EternalBlue (MS17-010), ransomware propagation |
1080 | TCP | SOCKS Proxy | Used by malware for C2 tunneling — block if not needed |
3389 | TCP | RDP | Brute-force and BlueKeep (CVE-2019-0708) target — use VPN or gateway |
4443 | TCP | Alt HTTPS | Alternate HTTPS — used by some C2 frameworks and legitimate services |
4444 | TCP | Metasploit | Default Meterpreter reverse shell listener — common in pentesting |
5555 | TCP | ADB | Android Debug Bridge — remote device access if exposed |
5900 | TCP | VNC | Often unencrypted — tunnel through SSH or VPN |
6379 | TCP | Redis | Frequently exposed without authentication — data exfiltration risk |
8080 | TCP | HTTP Alt | Proxy/admin panel — check for exposed management interfaces |
9200 | TCP | Elasticsearch | Often exposed without auth — data leak risk (Shodan target) |
27017 | TCP | MongoDB | Frequently misconfigured — unauthenticated access leads to breaches |
Database Ports
Default ports for common database management systems. Always restrict access to trusted hosts only.
| Port | Protocol | Service | Description |
|---|---|---|---|
1433 | TCP | MSSQL | Microsoft SQL Server — default instance |
1434 | UDP | MSSQL Browser | SQL Server Browser — instance discovery service |
1521 | TCP | Oracle DB | Oracle Database — TNS listener default port |
3306 | TCP | MySQL | MySQL / MariaDB — default connection port |
5432 | TCP | PostgreSQL | PostgreSQL — default connection port |
6379 | TCP | Redis | Redis — in-memory data store (default no auth) |
9042 | TCP | Cassandra | Apache Cassandra — CQL native transport |
9200 | TCP | Elasticsearch | Elasticsearch — REST API for search and indexing |
11211 | TCP/UDP | Memcached | Memcached — distributed memory caching (DDoS amplification risk) |
27017 | TCP | MongoDB | MongoDB — default connection port |
5984 | TCP | CouchDB | Apache CouchDB — HTTP API |
8529 | TCP | ArangoDB | ArangoDB — multi-model database HTTP API |
Web & Application Ports
Common ports used by web servers, application frameworks, and development tools.
| Port | Protocol | Service | Description |
|---|---|---|---|
80 | TCP | HTTP | Standard web server — unencrypted traffic |
443 | TCP | HTTPS | Encrypted web server — TLS/SSL traffic |
3000 | TCP | Dev Server | Node.js / React / Grafana — common development port |
3128 | TCP | Squid Proxy | Squid HTTP proxy — web caching and content filtering |
4443 | TCP | Alt HTTPS | Alternate HTTPS — secondary secure web services |
5000 | TCP | Flask / Docker | Python Flask dev server / Docker Registry |
8000 | TCP | Alt HTTP | Django dev server / general alternate HTTP |
8080 | TCP | HTTP Proxy | Alternate HTTP — Tomcat, Jenkins, proxy servers |
8443 | TCP | HTTPS Alt | Alternate HTTPS — Tomcat SSL, management consoles |
8888 | TCP | Alt HTTP | Jupyter Notebook / alternate HTTP services |
9090 | TCP | Prometheus | Prometheus monitoring — metrics collection and alerting |
9443 | TCP | Alt HTTPS | Alternate HTTPS — WSO2, VMware, admin consoles |
Scan ports online
Use our free network tools to check open ports, look up IP addresses, and analyze network services.
Frequently Asked Questions
Well-known ports (0-1023) are assigned by IANA to common, established services like HTTP (80), HTTPS (443), and SSH (22). They typically require root or administrator privileges to bind. Registered ports (1024-49151) are assigned to specific services upon request but do not require elevated privileges. Dynamic or ephemeral ports (49152-65535) are used temporarily by client applications for outbound connections.
At minimum, block inbound access to ports 23 (Telnet), 135-139 (NetBIOS/MSRPC), 445 (SMB), 161/162 (SNMP), and 3389 (RDP) from untrusted networks. Only open ports for services you actively use and need to expose. Follow the principle of least privilege: deny all by default and allow only specific, required traffic. Use a port scanner to verify your firewall configuration.
TCP (Transmission Control Protocol) is connection-oriented, providing reliable, ordered delivery with error checking and retransmission. UDP (User Datagram Protocol) is connectionless and faster but does not guarantee delivery or order. TCP is used for HTTP, SSH, and email. UDP is used for DNS queries, DHCP, streaming, and NTP where speed matters more than reliability.
Use
netstat -tulnp or ss -tulnp on Linux to list listening ports. On Windows, use netstat -ano. For remote scanning, use Nmap: nmap -sT -sU target scans both TCP and UDP ports. You can also use our port scanner to check externally visible ports from outside your network.