Network Ports :: Domus Digitalis

Well-Known Ports (0-1023)

Infrastructure Services

Port	Protocol	Service	Notes
20	TCP	FTP (data)	Active mode data transfer
21	TCP	FTP (control)	File transfer commands
22	TCP	SSH	Secure shell, SCP, SFTP
23	TCP	Telnet	Unencrypted — never use in production
25	TCP	SMTP	Email sending (outbound)
53	TCP/UDP	DNS	Queries (UDP), zone transfers (TCP)
67	UDP	DHCP (server)	IP address assignment
68	UDP	DHCP (client)	Client requests
69	UDP	TFTP	Trivial FTP — switch configs, PXE boot
80	TCP	HTTP	Unencrypted web traffic
88	TCP/UDP	Kerberos	Authentication protocol (AD)
110	TCP	POP3	Email retrieval
123	UDP	NTP	Time synchronization
143	TCP	IMAP	Email retrieval (server-side folders)
161	UDP	SNMP	Network monitoring (queries)
162	UDP	SNMP Trap	Network monitoring (alerts)
389	TCP/UDP	LDAP	Directory services
443	TCP	HTTPS	Encrypted web traffic
465	TCP	SMTPS	SMTP over TLS (implicit)
514	UDP	Syslog	System logging
587	TCP	SMTP (submission)	Email submission (STARTTLS)
636	TCP	LDAPS	LDAP over TLS
993	TCP	IMAPS	IMAP over TLS
995	TCP	POP3S	POP3 over TLS

Port

Protocol

Service

Notes

20

TCP

FTP (data)

Active mode data transfer

21

TCP

FTP (control)

File transfer commands

22

TCP

SSH

Secure shell, SCP, SFTP

23

TCP

Telnet

Unencrypted — never use in production

25

TCP

SMTP

Email sending (outbound)

53

TCP/UDP

DNS

Queries (UDP), zone transfers (TCP)

67

UDP

DHCP (server)

IP address assignment

68

UDP

DHCP (client)

Client requests

69

UDP

TFTP

Trivial FTP — switch configs, PXE boot

80

TCP

HTTP

Unencrypted web traffic

88

TCP/UDP

Kerberos

Authentication protocol (AD)

110

TCP

POP3

Email retrieval

123

UDP

NTP

Time synchronization

143

TCP

IMAP

Email retrieval (server-side folders)

161

UDP

SNMP

Network monitoring (queries)

162

UDP

SNMP Trap

Network monitoring (alerts)

389

TCP/UDP

LDAP

Directory services

443

TCP

HTTPS

Encrypted web traffic

465

TCP

SMTPS

SMTP over TLS (implicit)

514

UDP

Syslog

System logging

587

TCP

SMTP (submission)

Email submission (STARTTLS)

636

TCP

LDAPS

LDAP over TLS

993

TCP

IMAPS

IMAP over TLS

995

TCP

POP3S

POP3 over TLS

Security and Authentication

Port	Protocol	Service	Notes
1812	UDP	RADIUS (auth)	Authentication (802.1X, VPN)
1813	UDP	RADIUS (acct)	Accounting
1645	UDP	RADIUS (legacy auth)	Old RADIUS — still seen in some configs
1646	UDP	RADIUS (legacy acct)	Old RADIUS accounting
49	TCP	TACACS+	Device administration AAA

Port

Protocol

Service

Notes

1812

UDP

RADIUS (auth)

Authentication (802.1X, VPN)

1813

UDP

RADIUS (acct)

Accounting

1645

UDP

RADIUS (legacy auth)

Old RADIUS — still seen in some configs

1646

UDP

RADIUS (legacy acct)

Old RADIUS accounting

49

TCP

TACACS+

Device administration AAA

Registered Ports (1024-49151)

Port	Protocol	Service	Notes
1433	TCP	MS SQL	Microsoft SQL Server
1521	TCP	Oracle DB	Oracle database listener
2049	TCP/UDP	NFS	Network File System
3268	TCP	LDAP GC	Global Catalog (AD)
3306	TCP	MySQL	MySQL/MariaDB database
3389	TCP	RDP	Remote Desktop Protocol
5432	TCP	PostgreSQL	PostgreSQL database
5900	TCP	VNC	Virtual Network Computing
6379	TCP	Redis	Redis key-value store
8080	TCP	HTTP (alt)	Common proxy/development port
8200	TCP	Vault	HashiCorp Vault API
8443	TCP	HTTPS (alt)	Common alternate HTTPS
8834	TCP	Nessus	Nessus vulnerability scanner
9090	TCP	Prometheus	Metrics collection
9200	TCP	Elasticsearch	Search engine API
27017	TCP	MongoDB	MongoDB database

Port

Protocol

Service

Notes

1433

TCP

MS SQL

Microsoft SQL Server

1521

TCP

Oracle DB

Oracle database listener

2049

TCP/UDP

NFS

Network File System

3268

TCP

LDAP GC

Global Catalog (AD)

3306

TCP

MySQL

MySQL/MariaDB database

3389

TCP

RDP

Remote Desktop Protocol

5432

TCP

PostgreSQL

PostgreSQL database

5900

TCP

VNC

Virtual Network Computing

6379

TCP

Redis

Redis key-value store

8080

TCP

HTTP (alt)

Common proxy/development port

8200

TCP

Vault

HashiCorp Vault API

8443

TCP

HTTPS (alt)

Common alternate HTTPS

8834

TCP

Nessus

Nessus vulnerability scanner

9090

TCP

Prometheus

Metrics collection

9200

TCP

Elasticsearch

Search engine API

27017

TCP

MongoDB

MongoDB database

CLI Quick Lookups

Check what is listening on a port

ss -tlnp | awk '$4 ~ /:443$/'

Scan common ports

nmap -sT -p 22,53,80,443,8443 target_host

Quick port test

nc -zv host 443 2>&1