Latest Blog Posts

We're members of the

We've ridden there:


Layne's certifications:


Ports are logical connections, provided by the TCP or UDP protocols at the Transport layer, for use by protocols in the upper layers of the OSI model. The TCP/IP protocol stack uses port numbers stored in the header of a packet to determine what protocol incoming traffic should be directed to. Some characteristics of ports are listed below:

  • Ports allow a single host with a single IP address to run multiple network services. Each port number identifies a distinct service.
  • Each host can have over 65,000 ports per IP address.
  • Port use is regulated by the Internet Corporation for Assigning Names and Numbers (ICANN).

ICANN specifies three categories for ports.

  • Well-knownports range from 0 to 1023 and are assigned to common protocols and services.
  • Registeredports range from 1024 to 49151 and are assigned by ICANN to a specific service.
  • Dynamic (also called private or high) ports range from 49,152 to 65,535 and can be used by any service on an ad hoc basis. Ports are assigned when a session is established, and released when the session ends.

The following table lists the well-known ports that correspond to common Internet services.

Port(s) Service
20 TCP 21 TCP File Transfer Protocol (FTP)
22 TCP and UDP Secure Shell (SSH) SSH File Transfer Protocol (SFTP) Secure Copy (SCP)
23 TCP Telnet
25 TCP Simple Mail Transfer Protocol (SMTP)
49 TCP and UDP Terminal Access Controller Access-Control System (TACACS)
*IP protocol number 50 Encapsulating Security Payload (ESP) (used with IPSec)
*IP protocol number 51 Authenticating Header (AH) (used with IPSec)
53 TCP and UDP Domain Name Server (DNS)
67 UDP 68 UDP Dynamic Host Configuration Protocol (DHCP)
69 UDP Trivial File Transfer Protocol (TFTP)
80 TCP HyperText Transfer Protocol (HTTP)
88 TCP Kerberos
110 TCP Post Office Protocol (POP3)
119 TCP Network News Transport Protocol (NNTP)
123 UDP Network Time Protocol (NTP)
135 TCP 137 and 138 TCP and UDP 139 TCP Network Basic Input/Output System (NetBIOS)
143 TCP and UDP Internet Message Access Protocol (IMAP4)
161 TCP and UDP 162 TCP and UDP Simple Network Management Protocol (SNMP)
389 TCP and UDP Lightweight Directory Access Protocol (LDAP)
443 TCP and UDP HTTP with Secure Sockets Layer (SSL/TLS) (HTTPS)
445 TCP Windows 2000 CIFS/SMB (file access)
500 UDP Internet Key Exchange (IKE) (used with IPSec)
636 TCP and UDP Lightweight Directory Access Protocol over TLS/SSL (LDAPS)
989 TCP and UDP 990 TCP and UDP FTP Secure (FTPS or FTP over SSL/TLS)
1701 UDP Layer 2 Tunneling Protocol (L2TP)
1723 TCP and UDP Point-to-Point Tunneling Protocol (PPTP)
1812 TCP and UDP 1813 TCP and UDP Remote Authentication Dial In User Service (RADIUS)
3389 TCP Remote Desktop Protocol (RDP)

* Is not a port number, but an IP protocol number used with IPSec.

Note: Ports listed in the table above that are higher than the well known range (0-1023) are newer protocols that were released after the initial Internet protocols were established.

Be aware of the following regarding ports:

  • Attackers use port scanning software to identify open ports, then focus their attacks on services that use those ports.
  • Configure a firewall to open (allow) or block ports through the firewall or on a device.
  • As a best practice, only open the necessary ports. For example, if the server is only being used for e-mail, then shut down ports that correspond to FTP, DNS, and HTTP (among others).
  • For auditing purposes, you can use a port scanner to check systems and firewalls for open ports.
    • Use netstat -ato view a list of opened ports on a system.
    • Use a port scanning tool such as Nmap to scan for open ports on local and remote systems.