What is the difference between TCP and UDP ports?

TCP (Transmission Control Protocol) provides reliable, connection-oriented communication with error checking and guaranteed delivery. UDP (User Datagram Protocol) offers connectionless, faster communication without delivery guarantees. TCP suits applications needing reliability (HTTP, SSH, email); UDP suits speed-critical services (DNS, streaming, gaming). Many services support both protocols on the same port.

What are well-known ports vs registered ports?

Well-known ports (0-1023) are reserved for common services by IANA and require administrator privileges. Examples: 22 (SSH), 80 (HTTP), 443 (HTTPS). Registered ports (1024-49151) are assigned to specific applications by IANA but don't require privileges. Dynamic/private ports (49152-65535) are temporary ports for client connections. Always verify port assignments before deployment.

Which ports should I block on my firewall?

Block inbound connections on all ports except those explicitly required for services. High-risk ports include: 23 (Telnet), 135-139/445 (SMB/NetBIOS), 3389 (RDP), 5900 (VNC). Allow only: 80/443 for web, 22 for SSH (change default), required application ports. Implement egress filtering too, blocking unexpected outbound connections to prevent data exfiltration and command-and-control communication.

What are common ports used by attackers?

Attackers frequently target: 22 (SSH brute force), 23 (Telnet default credentials), 80/443 (web vulnerabilities), 3389 (RDP attacks), 445 (SMB exploits like WannaCry), 21 (FTP), 1433/3306 (databases). They also scan high ports for backdoors and use non-standard ports to evade detection. Monitor all open ports, not just common targets, with intrusion detection systems.

How do I find what ports are open on my system?

Windows: Run "netstat -ano" or "Get-NetTCPConnection" in PowerShell. Linux/Mac: Run "netstat -tuln", "ss -tuln", or "lsof -i". External scanning: Use nmap ("nmap -sT [IP]") or online port scanners. Always scan from both internal and external perspectives to understand exposure. Document all open ports and their purposes for security baseline and compliance.

Should I change default ports for security?

Changing default ports provides minimal security through obscurity. It reduces automated scanning but determined attackers will discover services regardless. Better strategies: disable unnecessary services, use strong authentication, keep software updated, implement network segmentation, and monitor traffic. If changing ports, document changes carefully and ensure monitoring tools reflect new configurations to avoid blind spots.

What is port forwarding and when should I use it?

Port forwarding redirects external traffic to internal network devices, enabling services like remote desktop, web servers, or game servers behind NAT. Configure on routers to map external ports to internal IP:port combinations. Use cautiously: each forwarded port increases attack surface. Prefer VPN access over port forwarding. If necessary, use non-standard ports, strong authentication, and monitor logs regularly.

Which ports should I block on my firewall?

Block unused ports and known-vulnerable services like Telnet (23), NetBIOS (135-139, 445), and RDP (3389) unless needed. Allow only essential services through specific ports. Implement default-deny policies where all traffic is blocked except explicitly allowed connections.

What is the difference between TCP and UDP ports?

TCP (Transmission Control Protocol) is connection-oriented with guaranteed delivery, ordering, and error checking - ideal for web, email, and file transfers. UDP (User Datagram Protocol) is connectionless with no delivery guarantees but lower latency - used for streaming, gaming, and DNS.

Home/Tools/Network/Port Reference

Port Reference

Comprehensive database of common network ports and their associated services

100% Private - Runs Entirely in Your Browser

No data is sent to any server. All processing happens locally on your device.

Loading Port Reference...

JavaScript Required

This interactive tool requires JavaScript to function. Please enable JavaScript in your browser to use the full features.

The tool description and documentation above provide information about this tool's capabilities. For the best experience, please enable JavaScript and refresh the page.

Need Professional IT & Security Help?

Our team of experts is ready to help protect and optimize your technology infrastructure.

Learn About Risk Assessment Explore vCISO Services

What Is a Port Reference Guide

A port reference provides a comprehensive lookup of TCP and UDP port numbers, their assigned protocols, and their security implications. Ports are logical endpoints that operating systems use to direct network traffic to the correct application—like apartment numbers in a building. Understanding which services run on which ports is fundamental to network administration, firewall configuration, and security operations.

The Internet Assigned Numbers Authority (IANA) maintains the official port registry, dividing the 65,535 available ports per protocol into three ranges: Well-Known Ports (0-1023), Registered Ports (1024-49151), and Dynamic/Ephemeral Ports (49152-65535). Security professionals need to know these assignments to interpret network scans, write firewall rules, and identify potentially malicious traffic.

How Network Ports Work

When a client connects to a server, it specifies both an IP address and a port number. The server listens on a specific port for incoming connections. The combination of IP address + port number + protocol (TCP or UDP) uniquely identifies a network service.

Port	Protocol	Service	Security Notes
22	TCP	SSH	Secure remote access; target for brute-force attacks
25	TCP	SMTP	Email relay; often blocked to prevent spam
53	TCP/UDP	DNS	Name resolution; DNS tunneling risk
80	TCP	HTTP	Unencrypted web traffic
443	TCP	HTTPS	Encrypted web traffic (TLS)
445	TCP	SMB	File sharing; historically vulnerable (WannaCry)
1433	TCP	MSSQL	Database; should never be internet-exposed
3306	TCP	MySQL	Database; restrict to localhost or VPN
3389	TCP	RDP	Remote desktop; major attack target
5432	TCP	PostgreSQL	Database; restrict access carefully
8080	TCP	HTTP Alt	Common for proxies and dev servers
8443	TCP	HTTPS Alt	Common for management interfaces

Port states in scanning:

Open: A service is actively listening and accepting connections
Closed: The port is accessible but no service is listening
Filtered: A firewall is blocking the port; no response received

Common Use Cases

Firewall rule creation: Know which ports to allow/block based on required services
Network scanning interpretation: Understand what services Nmap or Nessus results indicate
Incident investigation: Identify unusual port activity that may indicate compromise or data exfiltration
Server hardening: Determine which ports should be open and close everything else
Application deployment: Configure the correct ports for web servers, databases, and APIs

Best Practices

Follow the principle of least privilege — Only open ports that are required for business operations
Never expose database ports to the internet — MySQL (3306), PostgreSQL (5432), and MSSQL (1433) should be accessible only from application servers
Use non-standard ports cautiously — Moving SSH from 22 to another port reduces noise but is not a security control; attackers scan all ports
Monitor for unauthorized listeners — Regularly audit which processes are listening on which ports with tools like netstat or ss
Block outbound ports by default — Egress filtering prevents malware from establishing command-and-control connections on non-standard ports

References & Citations

Internet Assigned Numbers Authority. (2024). IANA Port Number Registry. Retrieved from https://www.iana.org/assignments/service-names-port-numbers/ (accessed January 2025)
Gordon "Fyodor" Lyon. (2009). Nmap Network Scanning Guide. Retrieved from https://nmap.org/book/ (accessed January 2025)

Note: These citations are provided for informational and educational purposes. Always verify information with the original sources and consult with qualified professionals for specific advice related to your situation.

Key Security Terms

Understand the essential concepts behind this tool

Firewall

A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Learn more →

View all terms in our glossary →

Frequently Asked Questions

Common questions about the Port Reference

Network ports are logical endpoints in TCP/IP networking, numbered 0-65535, that enable multiple services to operate on a single IP address. Ports direct traffic to specific applications: web servers use 80/443, email uses 25/587/993, SSH uses 22. Understanding ports is essential for firewall configuration, troubleshooting connectivity, and securing network services properly.