Ports are logical connections, provided by the TCP or UDP protocols at the Transport layer, for use by protocols in the upper layers of the OSI model. The TCP/IP protocol stack uses port numbers stored in the header of a packet to determine what protocol incoming traffic should be directed to. Some characteristics of ports are listed below:
- Ports allow a single host with a single IP address to run multiple network services. Each port number identifies a distinct service.
- Each host can have over 65,000 ports per IP address.
- Port use is regulated by the Internet Corporation for Assigning Names and Numbers (ICANN).
ICANN specifies three categories for ports.
- Well-knownports range from 0 to 1023 and are assigned to common protocols and services.
- Registeredports range from 1024 to 49151 and are assigned by ICANN to a specific service.
- Dynamic (also called private or high) ports range from 49,152 to 65,535 and can be used by any service on an ad hoc basis. Ports are assigned when a session is established, and released when the session ends.
The following table lists the well-known ports that correspond to common Internet services.
|20 TCP 21 TCP||File Transfer Protocol (FTP)|
|22 TCP and UDP||Secure Shell (SSH) SSH File Transfer Protocol (SFTP) Secure Copy (SCP)|
|25 TCP||Simple Mail Transfer Protocol (SMTP)|
|49 TCP and UDP||Terminal Access Controller Access-Control System (TACACS)|
|*IP protocol number 50||Encapsulating Security Payload (ESP) (used with IPSec)|
|*IP protocol number 51||Authenticating Header (AH) (used with IPSec)|
|53 TCP and UDP||Domain Name Server (DNS)|
|67 UDP 68 UDP||Dynamic Host Configuration Protocol (DHCP)|
|69 UDP||Trivial File Transfer Protocol (TFTP)|
|80 TCP||HyperText Transfer Protocol (HTTP)|
|110 TCP||Post Office Protocol (POP3)|
|119 TCP||Network News Transport Protocol (NNTP)|
|123 UDP||Network Time Protocol (NTP)|
|135 TCP 137 and 138 TCP and UDP 139 TCP||Network Basic Input/Output System (NetBIOS)|
|143 TCP and UDP||Internet Message Access Protocol (IMAP4)|
|161 TCP and UDP 162 TCP and UDP||Simple Network Management Protocol (SNMP)|
|389 TCP and UDP||Lightweight Directory Access Protocol (LDAP)|
|443 TCP and UDP||HTTP with Secure Sockets Layer (SSL/TLS) (HTTPS)|
|445 TCP||Windows 2000 CIFS/SMB (file access)|
|500 UDP||Internet Key Exchange (IKE) (used with IPSec)|
|636 TCP and UDP||Lightweight Directory Access Protocol over TLS/SSL (LDAPS)|
|989 TCP and UDP 990 TCP and UDP||FTP Secure (FTPS or FTP over SSL/TLS)|
|1701 UDP||Layer 2 Tunneling Protocol (L2TP)|
|1723 TCP and UDP||Point-to-Point Tunneling Protocol (PPTP)|
|1812 TCP and UDP 1813 TCP and UDP||Remote Authentication Dial In User Service (RADIUS)|
|3389 TCP||Remote Desktop Protocol (RDP)|
* Is not a port number, but an IP protocol number used with IPSec.
Note: Ports listed in the table above that are higher than the well known range (0-1023) are newer protocols that were released after the initial Internet protocols were established.
Be aware of the following regarding ports:
- Attackers use port scanning software to identify open ports, then focus their attacks on services that use those ports.
- Configure a firewall to open (allow) or block ports through the firewall or on a device.
- As a best practice, only open the necessary ports. For example, if the server is only being used for e-mail, then shut down ports that correspond to FTP, DNS, and HTTP (among others).
- For auditing purposes, you can use a port scanner to check systems and firewalls for open ports.
- Use netstat -ato view a list of opened ports on a system.
- Use a port scanning tool such as Nmap to scan for open ports on local and remote systems.