Port Reference
Quick reference for common TCP and UDP ports. Search by port number, service name, or description. Click any port number to copy it.
Showing 173 of 173 ports
| Port | Protocol | Service | Description | Range |
|---|---|---|---|---|
| TCP/UDP | EchoIANA | Echo protocol: reflects data back to sender. Used for testing and diagnostics. | Well-known | |
| TCP | FTP DataIANA | FTP data transfer channel. Active mode data connection. | Well-known | |
| TCP | FTP ControlIANA | FTP command/control channel. Handles authentication and directory operations. | Well-known | |
| TCP | SSHIANA | Secure Shell: encrypted remote login, command execution, and file transfer (SCP/SFTP). | Well-known | |
| TCP | TelnetIANA | Unencrypted remote terminal access. Deprecated in favour of SSH. | Well-known | |
| TCP | SMTPIANA | Simple Mail Transfer Protocol: sending and relaying email between mail servers. | Well-known | |
| TCP/UDP | WINSIANA | Windows Internet Name Service: NetBIOS name resolution for Windows networks. | Well-known | |
| TCP | WHOISIANA | WHOIS directory service: domain registration and IP allocation lookups. | Well-known | |
| TCP/UDP | TACACS+IANA | Terminal Access Controller Access-Control System: centralised authentication for network devices. | Well-known | |
| TCP/UDP | DNSIANA | Domain Name System: resolves domain names to IP addresses. UDP for queries, TCP for zone transfers. | Well-known | |
| UDP | DHCP ServerIANA | Dynamic Host Configuration Protocol: server listens here to assign IP addresses to clients. | Well-known | |
| UDP | DHCP ClientIANA | DHCP client port: receives configuration offers from DHCP servers. | Well-known | |
| UDP | TFTPIANA | Trivial File Transfer Protocol: simple, unauthenticated file transfer. Used for PXE boot and firmware updates. | Well-known | |
| TCP | HTTPIANA | Hypertext Transfer Protocol: unencrypted web traffic. The foundation of the World Wide Web. | Well-known | |
| TCP/UDP | KerberosIANA | Kerberos authentication protocol: used in Active Directory for single sign-on. | Well-known | |
| TCP | POP3IANA | Post Office Protocol v3: downloading email from a server to a client. | Well-known | |
| TCP/UDP | RPCbindIANA | ONC RPC port mapper: maps RPC program numbers to network ports (Sun RPC). | Well-known | |
| TCP | IdentIANA | Identification Protocol: identifies the user of a TCP connection. Largely deprecated. | Well-known | |
| TCP | NNTPIANA | Network News Transfer Protocol: Usenet newsgroup access. | Well-known | |
| UDP | NTPIANA | Network Time Protocol: clock synchronisation between computers. Critical for authentication and logging. | Well-known | |
| TCP/UDP | MS RPCIANA | Microsoft RPC Endpoint Mapper: locates DCOM services. Key target in Windows environments. | Well-known | |
| UDP | NetBIOS NameIANA | NetBIOS Name Service: Windows computer name resolution on local networks. | Well-known | |
| UDP | NetBIOS DatagramIANA | NetBIOS Datagram Service: connectionless communication for Windows networking. | Well-known | |
| TCP | NetBIOS SessionIANA | NetBIOS Session Service: file and printer sharing on older Windows networks (SMBv1 over NetBIOS). | Well-known | |
| TCP | IMAPIANA | Internet Message Access Protocol: managing email on a server with folder support. | Well-known | |
| UDP | SNMPIANA | Simple Network Management Protocol: querying and managing network devices (routers, switches, servers). | Well-known | |
| UDP | SNMP TrapIANA | SNMP Trap: unsolicited notifications from network devices to management stations. | Well-known | |
| TCP | BGPIANA | Border Gateway Protocol: inter-domain routing between autonomous systems on the internet. | Well-known | |
| TCP | IRCIANA | Internet Relay Chat: real-time text messaging protocol. | Well-known | |
| TCP/UDP | SNMP MultiplexerIANA | SMUX: SNMP multiplexing protocol for managing multiple MIBs. | Well-known | |
| TCP | AppleTalkIANA | AppleTalk Routing Maintenance: legacy Apple networking protocol. | Well-known | |
| TCP | BGMPIANA | Border Gateway Multicast Protocol: multicast routing between domains. | Well-known | |
| TCP | PKIX-TSPIANA | PKIX Time Stamp Protocol: digital timestamping for PKI. | Well-known | |
| TCP | HP OpenviewIANA | HP OpenView Network Node Manager: network management platform. | Well-known | |
| TCP | HP Openview AlarmIANA | HP OpenView alarm manager: network monitoring alerts. | Well-known | |
| TCP/UDP | LDAPIANA | Lightweight Directory Access Protocol: directory services like Active Directory. | Well-known | |
| TCP | HTTPSIANA | HTTP over TLS/SSL: encrypted web traffic. The standard for secure websites. | Well-known | |
| TCP | SMBIANA | Server Message Block: Windows file and printer sharing (direct hosting, no NetBIOS). | Well-known | |
| TCP/UDP | Kerberos Change/Set PasswordIANA | Kerberos password change: used by Active Directory for password modifications. | Well-known | |
| TCP | SMTPSIANA | SMTP over implicit TLS: encrypted email submission. Re-assigned by IANA in 2018. | Well-known | |
| UDP | IKEIANA | Internet Key Exchange: establishing IPsec VPN tunnels. | Well-known | |
| TCP | ModbusIANA | Modbus TCP: industrial control system protocol for SCADA and PLCs. | Well-known | |
| UDP | SyslogIANA | Syslog: centralised log collection from network devices and servers. | Well-known | |
| TCP | LPDIANA | Line Printer Daemon: Unix/Linux print spooling. | Well-known | |
| UDP | RIPIANA | Routing Information Protocol: distance-vector routing for small networks. | Well-known | |
| TCP/UDP | RPCIANA | Remote Procedure Call: general RPC services. | Well-known | |
| TCP | KloginIANA | Kerberos-authenticated rlogin: remote login with Kerberos tickets. | Well-known | |
| TCP | KshellIANA | Kerberos-authenticated remote shell. | Well-known | |
| TCP/UDP | DHCPv6 ClientIANA | DHCPv6 client: IPv6 address autoconfiguration. | Well-known | |
| TCP/UDP | DHCPv6 ServerIANA | DHCPv6 server: assigns IPv6 addresses and configuration. | Well-known | |
| TCP | AFPIANA | Apple Filing Protocol: macOS file sharing. | Well-known | |
| TCP/UDP | RTSPIANA | Real Time Streaming Protocol: media streaming control (CCTV, IP cameras). | Well-known | |
| TCP | SMTP SubmissionIANA | Email submission port: mail clients use this to send email via their provider with STARTTLS. | Well-known | |
| TCP | MS RPC over HTTPIANA | Microsoft RPC over HTTP: enables DCOM/RPC through firewalls. | Well-known | |
| UDP | IPMIIANA | Intelligent Platform Management Interface: out-of-band server management (iLO, iDRAC, IPMI). | Well-known | |
| TCP/UDP | IPP/CUPSIANA | Internet Printing Protocol: network printing. CUPS web interface. | Well-known | |
| TCP | LDAPSIANA | LDAP over SSL/TLS: encrypted directory services. | Well-known | |
| TCP | MSDPIANA | Multicast Source Discovery Protocol: inter-domain multicast routing. | Well-known | |
| TCP | LDPIANA | Label Distribution Protocol: MPLS label exchange between routers. | Well-known | |
| TCP | MS Exchange RoutingIANA | Microsoft Exchange routing: mail flow between Exchange servers. | Well-known | |
| TCP | iSCSIIANA | Internet Small Computer Systems Interface: block-level storage over IP networks. | Well-known | |
| TCP | rsyncIANA | rsync file synchronisation: efficient delta-transfer file copying. | Well-known | |
| TCP | VMware Server | VMware ESXi/vSphere client console access. | Well-known | |
| TCP | FTPS DataIANA | FTP over TLS: encrypted file transfer data channel. | Well-known | |
| TCP | FTPS ControlIANA | FTP over TLS: encrypted file transfer control channel. | Well-known | |
| TCP | IMAPSIANA | IMAP over SSL/TLS: encrypted email access with folder support. | Well-known | |
| TCP | POP3SIANA | POP3 over SSL/TLS: encrypted email downloading. | Well-known | |
| TCP | SOCKS ProxyIANA | SOCKS proxy protocol: general-purpose proxy for any TCP/UDP traffic. | Registered | |
| TCP | Java RMIIANA | Java Remote Method Invocation registry: distributed Java applications. | Registered | |
| UDP | OpenVPNIANA | OpenVPN: open-source SSL/TLS VPN. Often also configured on TCP/443. | Registered | |
| TCP | Nessus | Nessus vulnerability scanner: communication between scanner and client. | Registered | |
| TCP | SCOM | System Center Operations Manager: Microsoft server monitoring agent. | Registered | |
| TCP | MS SQL ServerIANA | Microsoft SQL Server default instance: database connections. | Registered | |
| UDP | MS SQL BrowserIANA | SQL Server Browser Service: discovers SQL Server instances and their ports. | Registered | |
| TCP | MS SQL (alt) | Alternate SQL Server port: commonly used for named instances. | Registered | |
| TCP | Oracle DBIANA | Oracle Database TNS Listener: default Oracle database connection port. | Registered | |
| UDP | RADIUS (old) | RADIUS authentication: older unofficial port. See 1812. | Registered | |
| UDP | RADIUS Accounting (old) | RADIUS accounting: older unofficial port. See 1813. | Registered | |
| UDP | L2TPIANA | Layer 2 Tunnelling Protocol: used with IPsec for VPN tunnels. | Registered | |
| TCP | PPTPIANA | Point-to-Point Tunnelling Protocol: legacy VPN protocol. Considered insecure. | Registered | |
| UDP | RADIUS AuthIANA | RADIUS authentication: centralised authentication for network access (Wi-Fi, VPN). | Registered | |
| UDP | RADIUS AccountingIANA | RADIUS accounting: usage tracking for billing and auditing. | Registered | |
| TCP | MQTTIANA | Message Queuing Telemetry Transport: lightweight IoT messaging protocol. | Registered | |
| UDP | SSDPIANA | Simple Service Discovery Protocol: UPnP device discovery on local networks. | Registered | |
| TCP/UDP | NFSIANA | Network File System: Unix/Linux remote file access. | Registered | |
| TCP | cPanel | cPanel web hosting control panel (HTTP). | Registered | |
| TCP | cPanel SSL | cPanel web hosting control panel (HTTPS). | Registered | |
| TCP | WHM | WebHost Manager: cPanel server administration (HTTP). | Registered | |
| TCP | WHM SSL | WebHost Manager: cPanel server administration (HTTPS). | Registered | |
| TCP | ZooKeeper | Apache ZooKeeper: distributed coordination service for Kafka, Hadoop, etc. | Registered | |
| TCP | Docker (unencrypted) | Docker daemon API: unencrypted. Should not be exposed publicly. | Registered | |
| TCP | Docker (TLS) | Docker daemon API: TLS encrypted. Secure Docker remote management. | Registered | |
| TCP | Oracle DB (alt)IANA | Oracle Database: alternate TNS Listener port. | Registered | |
| TCP | iSCSI TargetIANA | iSCSI target: block storage access over IP networks. | Registered | |
| TCP | AD Global CatalogIANA | Active Directory Global Catalog: LDAP queries across all domains in a forest. | Registered | |
| TCP | AD Global Catalog SSLIANA | Active Directory Global Catalog over SSL. | Registered | |
| TCP | MySQL/MariaDBIANA | MySQL and MariaDB database server: default connection port. | Registered | |
| TCP/UDP | RDPIANA | Remote Desktop Protocol: Windows remote desktop access. Major attack target if exposed. | Registered | |
| TCP/UDP | STUN/TURNIANA | Session Traversal Utilities for NAT: WebRTC and VoIP NAT traversal. | Registered | |
| TCP | SVNIANA | Apache Subversion: version control system. | Registered | |
| TCP | Docker (alt) | Docker daemon: alternative port sometimes used in older configurations. | Registered | |
| TCP | EPMDIANA | Erlang Port Mapper Daemon: used by RabbitMQ and CouchDB for node discovery. | Registered | |
| TCP | HTTPS (alt) | Common alternative HTTPS port: used when 443 is occupied. | Registered | |
| UDP | IPsec NAT-TIANA | IPsec NAT Traversal: allows IPsec VPN through NAT devices. | Registered | |
| TCP | Sinatra | Sinatra (Ruby) default development server port. | Registered | |
| UDP | VXLANIANA | Virtual Extensible LAN: network virtualisation overlay protocol. | Registered | |
| TCP | Flask/Docker Registry | Common development port: Python Flask default, Docker Registry. | Registered | |
| TCP/UDP | RTPIANA | Real-time Transport Protocol: audio/video streaming. | Registered | |
| TCP/UDP | SIPIANA | Session Initiation Protocol: VoIP call signalling. | Registered | |
| TCP | SIP TLSIANA | SIP over TLS: encrypted VoIP signalling. | Registered | |
| TCP | XMPP ClientIANA | Extensible Messaging and Presence Protocol: Jabber instant messaging. | Registered | |
| TCP | Google Play/GCM | Google Cloud Messaging / Firebase Cloud Messaging: Android push notifications. | Registered | |
| TCP | XMPP ServerIANA | XMPP server-to-server communication: federation between Jabber servers. | Registered | |
| TCP | PostgreSQLIANA | PostgreSQL database server: default connection port. | Registered | |
| TCP | Kibana | Kibana: Elasticsearch data visualisation and dashboard. | Registered | |
| TCP | AMQPIANA | Advanced Message Queuing Protocol: RabbitMQ default port. | Registered | |
| TCP | VNCIANA | Virtual Network Computing: remote desktop viewing and control. | Registered | |
| TCP/UDP | TeamViewer | TeamViewer remote access and support. | Registered | |
| TCP | CouchDBIANA | Apache CouchDB: REST-based document database. | Registered | |
| TCP | WinRM HTTPIANA | Windows Remote Management: PowerShell remoting over HTTP. | Registered | |
| TCP | WinRM HTTPSIANA | Windows Remote Management: PowerShell remoting over HTTPS. | Registered | |
| TCP | RedisIANA | Redis in-memory data store: caching, message broker, key-value database. | Registered | |
| TCP | Kubernetes API | Kubernetes API server: cluster management endpoint. | Registered | |
| TCP | Syslog TLSIANA | Syslog over TLS: encrypted centralised logging. | Registered | |
| TCP | IRC (alt) | IRC alternate range start: commonly 6660–6669. | Registered | |
| TCP | IRC | Internet Relay Chat: most common IRC port. | Registered | |
| TCP | IRC TLSIANA | IRC over TLS: encrypted IRC connections. | Registered | |
| TCP/UDP | BitTorrent | BitTorrent: peer-to-peer file sharing (range 6881–6889). | Registered | |
| TCP | WebLogic | Oracle WebLogic Server: Java EE application server. | Registered | |
| TCP | Neo4j | Neo4j graph database: HTTP API and web browser interface. | Registered | |
| TCP | HTTP (alt) | Common alternative HTTP port: Django default, general development. | Registered | |
| TCP | Proxmox | Proxmox VE web management interface. | Registered | |
| TCP | HTTP (alt) | Alternative HTTP port: sometimes used by internal services. | Registered | |
| TCP | HTTP Proxy/AltIANA | Most common HTTP alternative: proxies, Tomcat, Jenkins, development servers. | Registered | |
| TCP | HTTP (alt) | Alternative HTTP port: Nexus, McAfee ePO, various admin interfaces. | Registered | |
| TCP | HTTP (alt) | Alternative HTTP port: Splunk web interface default. | Registered | |
| TCP | Splunk Mgmt | Splunk management port: splunkd REST API. | Registered | |
| TCP | Home Assistant | Home Assistant: open-source home automation platform. | Registered | |
| TCP | PuppetIANA | Puppet configuration management: agent-to-master communication. | Registered | |
| TCP | HashiCorp Vault | HashiCorp Vault: secrets management and encryption as a service. | Registered | |
| TCP | MikroTik Winbox | MikroTik RouterOS Winbox management: router configuration. | Registered | |
| TCP | HTTPS (alt)IANA | Common alternative HTTPS port: Tomcat SSL, many admin interfaces. | Registered | |
| TCP | Consul | HashiCorp Consul: service discovery and configuration. | Registered | |
| TCP | MikroTik API | MikroTik RouterOS API: programmatic router management. | Registered | |
| TCP | Nessus Web UI | Nessus vulnerability scanner web interface. | Registered | |
| TCP | HTTP (alt)/Jupyter | Alternative HTTP: Jupyter Notebook default port. | Registered | |
| TCP | SonarQube/Portainer | Common service port: SonarQube, Portainer, PHP-FPM. | Registered | |
| TCP | Prometheus | Prometheus monitoring: metrics collection and alerting. | Registered | |
| TCP | Kafka | Apache Kafka: distributed event streaming platform. | Registered | |
| TCP | JetDirect/Node ExporterIANA | HP JetDirect printing. Also Prometheus Node Exporter. | Registered | |
| TCP | Elasticsearch | Elasticsearch: REST API for search and analytics. | Registered | |
| TCP | Elasticsearch Transport | Elasticsearch node-to-node communication (transport layer). | Registered | |
| TCP | GitIANA | Git protocol: unencrypted Git repository access. | Registered | |
| TCP | HTTPS (alt)/VSphere | VMware vSphere Web Client and other admin interfaces. | Registered | |
| TCP | ISPConfig | ISPConfig web hosting control panel. | Registered | |
| TCP | Logstash | Logstash monitoring API: part of the ELK stack. | Registered | |
| TCP | Urchin | Urchin Web Analytics: predecessor to Google Analytics. | Registered | |
| TCP | WebminIANA | Webmin: web-based Unix/Linux system administration. | Registered | |
| TCP | Zabbix AgentIANA | Zabbix agent: server monitoring data collection. | Registered | |
| TCP | Zabbix ServerIANA | Zabbix server: receives data from agents (active checks). | Registered | |
| TCP | HTTPS (alt) | Alternative HTTPS port: various appliances and admin panels. | Registered | |
| TCP/UDP | MemcachedIANA | Memcached: distributed memory caching system. | Registered | |
| TCP | Memcached SSL | Memcached over SSL: encrypted cache access. | Registered | |
| TCP | RabbitMQ Mgmt | RabbitMQ management web UI and HTTP API. | Registered | |
| TCP | Apple AirPlay | AirPlay: Apple wireless display and audio streaming. | Registered | |
| TCP | Minecraft | Minecraft Java Edition multiplayer server. | Registered | |
| TCP | MongoDBIANA | MongoDB: default database connection port. | Registered | |
| TCP | MongoDB Shard | MongoDB shard server: sharded cluster member. | Registered | |
| TCP | MongoDB Config | MongoDB config server: sharded cluster metadata. | Registered | |
| TCP | MongoDB Web | MongoDB legacy HTTP interface (deprecated in newer versions). | Registered | |
| TCP | Jenkins Agent | Jenkins JNLP agent: default inbound agent connection port. | Registered | |
| TCP | RuneScape | RuneScape game client: MMORPG connection port. | Registered | |
| TCP | WinRM (alt) | Windows Remote Management: alternative WinRM listener port. | Registered |
Port number ranges
The 65,535 available port numbers are divided into three ranges by IANA (Internet Assigned Numbers Authority):
- Well-known ports (0–1023)
- Reserved for system-level and widely used services. These are the ports you'll encounter most often: HTTP (80), HTTPS (443), SSH (22), DNS (53), SMTP (25). On Unix/Linux systems, binding to these ports typically requires root privileges. IANA tightly controls assignments in this range.
- Registered ports (1024–49151)
- Assigned by IANA to specific services upon request, but not as strictly controlled. Common databases (MySQL 3306, PostgreSQL 5432), application servers (Tomcat 8080), and management interfaces fall in this range. Any process can bind to these ports without special privileges.
- Dynamic/Ephemeral ports (49152–65535)
- Used by the operating system for temporary outbound connections. When your browser connects to a web server on port 443, your side of the connection uses a random ephemeral port. These are never assigned to specific services. The exact range varies by OS. Linux uses 32768–60999 by default.
TCP vs UDP
Both TCP and UDP are transport-layer protocols that sit on top of IP, but they serve different purposes:
- TCP (Transmission Control Protocol)
- Connection-oriented: establishes a session with a three-way handshake before sending data. Guarantees delivery, ordering, and error checking. Used for HTTP, SSH, email, database connections, file transfers, and anything where data integrity is critical. Higher overhead due to acknowledgements and retransmission.
- UDP (User Datagram Protocol)
- Connectionless: sends packets (datagrams) without establishing a session. No delivery guarantee, no ordering, no retransmission. Used for DNS queries, NTP, SNMP, VoIP, video streaming, and gaming, where speed matters more than guaranteed delivery, or where the application handles reliability itself.
Some services use both. DNS uses UDP for standard queries (fast) but falls back to TCP for zone transfers and large responses. Similarly, SIP uses UDP for call signalling but can use TCP for reliability.
Firewall considerations
Understanding ports is essential for firewall configuration. Key principles:
- Default deny: Start by blocking everything, then open only the ports you need. This is the most secure approach and the standard for any production environment.
- Inbound vs outbound: Inbound rules control what can connect to your services. Outbound rules control what your systems can reach. Both matter. Malware often uses outbound connections to well-known ports (80, 443) to blend in with legitimate traffic.
- Stateful inspection: Modern firewalls track connection state, so you only need to allow the initial inbound connection. Return traffic on ephemeral ports is automatically allowed as part of the established session.
- Non-standard ports: Running services on non-standard ports (e.g. SSH on 2222 instead of 22) is not security; it's obscurity. It reduces automated scanning noise but doesn't protect against targeted attacks. Always combine with proper authentication and access controls.
- Documentation: Every open port should be documented with a business justification. If you can't explain why a port is open, close it. Periodically audit your firewall rules against this reference.
IANA assignments
Ports marked with the IANA badge are officially assigned by the Internet Assigned Numbers Authority. This means the port-to-service mapping is standardised and documented in the IANA Service Name and Transport Protocol Port Number Registry. Ports without the badge are de facto conventions: widely used but not officially registered. Both are valid; the distinction matters mainly for documentation and compliance contexts.