What is the difference between TCP and UDP ports?

TCP (Transmission Control Protocol) provides reliable, ordered delivery with error checking and is used for applications requiring guaranteed delivery like web browsing, email, and file transfers. UDP (User Datagram Protocol) is faster but connectionless, making it ideal for streaming, gaming, and DNS queries where speed matters more than perfect reliability.

What are well-known ports?

Well-known ports range from 0 to 1023 and are reserved for common services like HTTP (80), HTTPS (443), SSH (22), and FTP (21). On Unix-like systems, binding to these ports requires root/administrator privileges. They are assigned by IANA (Internet Assigned Numbers Authority).

Why is port 22 (SSH) considered secure while port 23 (Telnet) is insecure?

SSH (port 22) encrypts all data including passwords and commands, making it secure for remote access. Telnet (port 23) transmits everything in plaintext, meaning anyone intercepting the traffic can read passwords and sensitive data. Always use SSH instead of Telnet for remote server access.

Which database ports should I know?

Common database ports include: MySQL/MariaDB (3306), PostgreSQL (5432), MongoDB (27017), Redis (6379), Elasticsearch (9200/9300), MS SQL Server (1433), and Oracle (1521). These should never be exposed directly to the internet - use VPNs, SSH tunnels, or proper firewall rules.

What ports should I open in my firewall?

Only open ports that your services require. For a web server, typically 80 (HTTP), 443 (HTTPS), and 22 (SSH). Block all unnecessary ports, especially insecure ones like Telnet (23), FTP (21), and unencrypted database ports. Use the principle of least privilege.

What is the difference between port 80 and port 443?

Port 80 is used for unencrypted HTTP traffic, while port 443 is for HTTPS (HTTP with TLS/SSL encryption). In modern web development, all production websites should use HTTPS (443) to protect user data and improve SEO rankings. Most sites redirect port 80 traffic to 443.

What are ephemeral or dynamic ports?

Ephemeral ports (49152-65535) are temporary ports automatically assigned by the operating system for client-side connections. When you browse a website, your browser uses an ephemeral port to connect to the server's port 443. These ports are released after the connection closes.

port-reference

Network Port Reference - Complete TCP/UDP Guide

Comprehensive network port reference with 50+ common ports documented. Search by port number or service name, filter by category or security level. Includes security ratings and best practices for DevOps and system administrators.

Total Ports

Secure

Conditional

Insecure

FTP Data

Insecure

File Transfer Protocol - Data channel

File TransferWell-KnownUse 990

21TCP

FTP Control

Insecure

File Transfer Protocol - Command channel

File TransferWell-KnownUse 22

22TCP

SSH / SFTP / SCP

Secure

Secure Shell - Encrypted remote access and file transfer

Remote AccessWell-Known

23TCP

Telnet

Insecure

Unencrypted remote terminal access

Remote AccessWell-KnownUse 22

25TCP

SMTP

Conditional

Simple Mail Transfer Protocol - Email transmission

EmailWell-KnownUse 587

53TCP/UDP

DNS

Conditional

Domain Name System - Translates domain names to IP addresses

System & NetworkWell-Known

67UDP

DHCP Server

Conditional

Dynamic Host Configuration Protocol - Server

System & NetworkWell-Known

68UDP

DHCP Client

Conditional

Dynamic Host Configuration Protocol - Client

System & NetworkWell-Known

69UDP

TFTP

Insecure

Trivial File Transfer Protocol - Simple file transfers

File TransferWell-Known

80TCP

HTTP

Insecure

Hypertext Transfer Protocol - Web traffic

Web ServicesWell-KnownUse 443

88TCP/UDP

Kerberos

Secure

Network authentication protocol

System & NetworkWell-Known

110TCP

POP3

Insecure

Post Office Protocol v3 - Email retrieval

EmailWell-KnownUse 995

111TCP/UDP

RPC Portmapper

Conditional

Remote Procedure Call port mapping

System & NetworkWell-Known

119TCP

NNTP

Insecure

Network News Transfer Protocol - Usenet

MessagingWell-KnownUse 563

123UDP

NTP

Conditional

Network Time Protocol - Time synchronization

System & NetworkWell-Known

135TCP

MS RPC / EPMAP

Conditional

Microsoft Remote Procedure Call Endpoint Mapper

System & NetworkWell-Known

137UDP

NetBIOS-NS

Insecure

NetBIOS Name Service

System & NetworkWell-Known

138UDP

NetBIOS-DGM

Insecure

NetBIOS Datagram Service

System & NetworkWell-Known

139TCP

NetBIOS-SSN

Insecure

NetBIOS Session Service

File TransferWell-Known

143TCP

IMAP

Insecure

Internet Message Access Protocol - Email access

EmailWell-KnownUse 993

161UDP

SNMP

Conditional

Simple Network Management Protocol

MonitoringWell-Known

162UDP

SNMP Trap

Conditional

SNMP Trap receiver - Event notifications

MonitoringWell-Known

179TCP

BGP

Conditional

Border Gateway Protocol - Internet routing

System & NetworkWell-Known

389TCP

LDAP

Conditional

Lightweight Directory Access Protocol

System & NetworkWell-KnownUse 636

443TCP

HTTPS

Secure

HTTP Secure - Encrypted web traffic

Web ServicesWell-Known

445TCP

SMB / CIFS

Conditional

Server Message Block - Windows file sharing

File TransferWell-Known

464TCP/UDP

Kerberos Password

Secure

Kerberos password change protocol

System & NetworkWell-Known

465TCP

SMTPS

Secure

SMTP over SSL - Secure email submission (implicit TLS)

EmailWell-Known

500UDP

IKE / ISAKMP

Secure

Internet Key Exchange - VPN negotiation

System & NetworkWell-Known

514UDP

Syslog

Insecure

System logging protocol

MonitoringWell-KnownUse 6514

515TCP

LPD

Insecure

Line Printer Daemon - Print services

OtherWell-Known

543TCP

Klogin

Conditional

Kerberos login

Remote AccessWell-Known

544TCP

Kshell

Conditional

Kerberos shell

Remote AccessWell-Known

547UDP

DHCPv6

Conditional

DHCP for IPv6 - Server

System & NetworkWell-Known

587TCP

SMTP Submission

Secure

Email submission with STARTTLS

EmailWell-Known

631TCP

IPP / CUPS

Conditional

Internet Printing Protocol

OtherWell-Known

636TCP

LDAPS

Secure

LDAP over SSL - Secure directory access

System & NetworkWell-Known

853TCP

DNS over TLS

Secure

Encrypted DNS queries

System & NetworkWell-Known

873TCP

rsync

Conditional

Remote file synchronization

File TransferWell-Known

990TCP

FTPS

Secure

FTP over SSL - Secure file transfer (implicit TLS)

File TransferWell-Known

993TCP

IMAPS

Secure

IMAP over SSL - Secure email access

EmailWell-Known

995TCP

POP3S

Secure

POP3 over SSL - Secure email retrieval

EmailWell-Known

1080TCP

SOCKS

Conditional

SOCKS proxy protocol

System & NetworkRegistered

1433TCP

MS SQL Server

Conditional

Microsoft SQL Server database

DatabaseRegistered

1434UDP

MS SQL Browser

Conditional

SQL Server Browser service

DatabaseRegistered

1521TCP

Oracle Database

Conditional

Oracle Database listener

DatabaseRegistered

1701UDP

L2TP

Conditional

Layer 2 Tunneling Protocol

System & NetworkRegistered

1723TCP

PPTP

Insecure

Point-to-Point Tunneling Protocol

System & NetworkRegistered

1883TCP

MQTT

Conditional

Message Queue Telemetry Transport

MessagingRegisteredUse 8883

2049TCP/UDP

NFS

Conditional

Network File System

File TransferRegistered

2082TCP

cPanel

Insecure

cPanel web hosting control panel (HTTP)

Web ServicesRegisteredUse 2083

2083TCP

cPanel HTTPS

Secure

cPanel web hosting control panel (HTTPS)

Web ServicesRegistered

2181TCP

ZooKeeper

Conditional

Apache ZooKeeper coordination service

OtherRegistered

2375TCP

Docker API

Insecure

Docker daemon API (unencrypted)

ContainersRegisteredUse 2376

2376TCP

Docker API TLS

Secure

Docker daemon API with TLS

ContainersRegistered

3000TCP

Development Server

Conditional

Common development server port

Web ServicesRegistered

3268TCP

LDAP Global Catalog

Conditional

Active Directory Global Catalog

System & NetworkRegisteredUse 3269

3306TCP

MySQL / MariaDB

Conditional

MySQL database server

DatabaseRegistered

3389TCP

RDP

Conditional

Remote Desktop Protocol

Remote AccessRegistered

4500UDP

IPsec NAT-T

Secure

IPsec NAT Traversal

System & NetworkRegistered

5000TCP

Flask / UPnP

Conditional

Flask dev server / UPnP control

Web ServicesRegistered

5432TCP

PostgreSQL

Conditional

PostgreSQL database server

DatabaseRegistered

5601TCP

Kibana

Conditional

Kibana visualization dashboard

MonitoringRegistered

5672TCP

AMQP / RabbitMQ

Conditional

Advanced Message Queuing Protocol

MessagingRegisteredUse 5671

5900TCP

VNC

Insecure

Virtual Network Computing

Remote AccessRegistered

6379TCP

Redis

Conditional

Redis in-memory data store

CacheRegistered

6443TCP

Kubernetes API

Secure

Kubernetes API server

ContainersRegistered

6514TCP

Syslog TLS

Secure

Syslog over TLS - Secure logging

MonitoringRegistered

6660TCP

IRC

Conditional

Internet Relay Chat

MessagingRegistered

8000TCP

HTTP Alt / Django

Conditional

Alternative HTTP / Python development

Web ServicesRegistered

8080TCP

HTTP Proxy / Alt

Conditional

HTTP proxy and alternative HTTP

Web ServicesRegistered

8443TCP

HTTPS Alt

Secure

Alternative HTTPS port

Web ServicesRegistered

8883TCP

MQTT over TLS

Secure

Secure MQTT messaging

MessagingRegistered

9000TCP

PHP-FPM / Portainer

Conditional

PHP-FPM / Various services

Web ServicesRegistered

9090TCP

Prometheus

Conditional

Prometheus monitoring server

MonitoringRegistered

9100TCP

Node Exporter

Conditional

Prometheus Node Exporter

MonitoringRegistered

9200TCP

Elasticsearch HTTP

Conditional

Elasticsearch REST API

DatabaseRegistered

9300TCP

Elasticsearch Transport

Conditional

Elasticsearch cluster communication

DatabaseRegistered

9418TCP

Git Protocol

Insecure

Git native protocol

OtherRegistered

10250TCP

Kubelet API

Conditional

Kubernetes Kubelet HTTPS API

ContainersRegistered

11211TCP/UDP

Memcached

Insecure

Memcached distributed cache

CacheRegistered

15672TCP

RabbitMQ Management

Conditional

RabbitMQ web management console

MessagingRegistered

27017TCP

MongoDB

Conditional

MongoDB database server

DatabaseRegistered

50000TCP

Jenkins Agent

Conditional

Jenkins JNLP agent communication

OtherDynamic/Private

51820UDP

WireGuard

Secure

WireGuard VPN protocol

System & NetworkDynamic/Private

Understanding Port Ranges

Well-Known

0 - 1023

Reserved for common services, requires root/admin to bind

Registered

1024 - 49151

Registered with IANA for specific services

Dynamic/Private

49152 - 65535

Ephemeral ports for temporary connections

Quick Reference: Essential Ports

Web Server

80, 443

SSH Access

25, 587, 993

Database

3306, 5432, 27017

Common Port Categories

Web Services

80 - HTTP
443 - HTTPS
8080 - HTTP Alt
8443 - HTTPS Alt

Email

25 - SMTP
587 - SMTP/TLS
993 - IMAPS
995 - POP3S

Databases

3306 - MySQL
5432 - PostgreSQL
27017 - MongoDB
6379 - Redis

Remote Access

22 - SSH/SFTP
3389 - RDP
5900 - VNC
23 - Telnet (insecure)

Port Security Best Practices

Do

• Use encrypted protocols (HTTPS, SSH, SFTP, IMAPS)
• Implement firewall rules to restrict port access
• Keep services updated and patched
• Use VPNs for remote database access
• Enable authentication on all services

Don't

• Expose database ports (3306, 5432) to the internet
• Use Telnet (23) or FTP (21) in production
• Leave default ports open unnecessarily
• Ignore security warnings and advisories
• Use services without TLS encryption

How to Use This Tool

Search by Port

Enter a port number (e.g., 22, 443, 3306) or service name to find details instantly

Filter Results

Use category filters (Web, Database, Email) or security level (Secure, Conditional, Insecure)

Review Security

Each port includes security notes and recommendations for secure alternatives when available

Frequently Asked Questions

Network ports are virtual endpoints for communication in computer networking. They are identified by 16-bit numbers (0-65535) and allow multiple network services to run on a single IP address. Ports work with protocols like TCP and UDP to route data to the correct application or service.

Related Tools

HTTP Status Codes

CIDR Calculator

Security Group Builder

Chmod Calculator