Network Ports Reference

Searchable database of 100+ ports with security risk ratings, protocol details, category filters, and actionable security notes.

Search Ports

Search by port number, service, or keyword

118 ports found

Reserved

TCP/UDP

InfoSystem

Reserved — not assignable. Used for OS-level signaling.

FTP Data

TCP

HighFile Transfer

File Transfer Protocol data channel for active mode transfers.

Unencrypted data. Use SFTP (port 22) or FTPS instead.

FTP Control

TCP

CriticalFile Transfer

File Transfer Protocol command channel. Sends credentials in plain text.

Sends passwords unencrypted. Common target for brute-force attacks.

SSH

TCP

MediumRemote Access

Secure Shell — encrypted remote login, file transfer (SFTP/SCP), and tunneling.

Secure but heavily targeted. Use key-based auth and fail2ban.

Telnet

TCP

CriticalRemote Access

Unencrypted remote terminal protocol. All data including passwords sent in cleartext.

Never use on untrusted networks. Replace with SSH.

SMTP

TCP

HighMail

Simple Mail Transfer Protocol — server-to-server email relay.

Often blocked by ISPs. Commonly abused for spam relay.

DNS

TCP/UDP

MediumSystem

Domain Name System — resolves domain names to IP addresses.

UDP for queries, TCP for zone transfers. DNS amplification attacks are common.

DHCP Server

UDP

LowSystem

Dynamic Host Configuration Protocol — server listens for client requests.

DHCP Client

UDP

LowSystem

Dynamic Host Configuration Protocol — client receives IP configuration.

TFTP

UDP

HighFile Transfer

Trivial File Transfer Protocol — simple, unauthenticated file transfers.

No authentication. Used for firmware updates and PXE booting.

HTTP

TCP

MediumWeb

Hypertext Transfer Protocol — unencrypted web traffic.

All data visible in transit. Always redirect to HTTPS (443).

Kerberos

TCP/UDP

MediumSecurity/VPN

Network authentication protocol used in Active Directory environments.

110

POP3

TCP

HighMail

Post Office Protocol v3 — retrieves email from server (unencrypted).

Sends credentials in plain text. Use POP3S (995) instead.

111

RPCBind

TCP/UDP

HighSystem

SunRPC portmapper — maps RPC program numbers to ports.

Should never be exposed to the internet.

123

NTP

UDP

LowSystem

Network Time Protocol — clock synchronization across networks.

NTP amplification attacks possible if misconfigured.

135

MS-RPC

TCP

CriticalSystem

Microsoft RPC Endpoint Mapper. Gateway to Windows services.

Major attack surface. Block from the internet.

137

NetBIOS Name

UDP

HighSystem

NetBIOS Name Service — Windows network name resolution.

Leaks system info. Block from the internet.

138

NetBIOS Datagram

UDP

HighSystem

NetBIOS Datagram Service — Windows browser elections and announcements.

139

NetBIOS Session

TCP

CriticalFile Transfer

NetBIOS Session Service — file and printer sharing over NetBIOS.

Legacy SMB. Replace with SMB over TCP (445) and restrict access.

143

IMAP

TCP

HighMail

Internet Message Access Protocol — email retrieval with server-side management.

Unencrypted. Use IMAPS (993) instead.

161

SNMP

UDP

HighSystem

Simple Network Management Protocol — monitor and manage network devices.

v1/v2c use community strings (passwords) in cleartext. Use SNMPv3.

162

SNMP Trap

UDP

MediumSystem

SNMP trap messages — asynchronous notifications from network devices.

179

BGP

TCP

CriticalSystem

Border Gateway Protocol — internet routing between autonomous systems.

BGP hijacking can redirect internet traffic. Critical infrastructure.

389

LDAP

TCP/UDP

HighSecurity/VPN

Lightweight Directory Access Protocol — directory services (Active Directory).

Use LDAPS (636) for encryption. Credential theft risk over plain LDAP.

443

HTTPS

TCP

LowWeb

HTTP over TLS — encrypted web traffic. The standard for secure websites.

445

SMB

TCP

CriticalFile Transfer

Server Message Block — Windows file/printer sharing and AD communication.

Target of WannaCry/EternalBlue (MS17-010). Never expose to the internet.

464

Kerberos Change

TCP/UDP

MediumSecurity/VPN

Kerberos password change protocol.

465

SMTPS

TCP

LowMail

SMTP over implicit TLS — encrypted email submission.

500

IKE (IPSec)

UDP

LowSecurity/VPN

Internet Key Exchange — IPSec VPN tunnel negotiation.

514

Syslog

UDP

LowSystem

System logging protocol — centralized log collection from network devices.

548

AFP

TCP

MediumFile Transfer

Apple Filing Protocol — macOS file sharing.

587

SMTP Submission

TCP

LowMail

Email submission with STARTTLS — the recommended port for sending email.

631

IPP/CUPS

TCP

MediumSystem

Internet Printing Protocol / CUPS print server.

636

LDAPS

TCP

LowSecurity/VPN

LDAP over SSL/TLS — encrypted directory services.

853

DNS over TLS

TCP

LowSystem

Encrypted DNS queries over TLS (DoT).

873

Rsync

TCP

MediumFile Transfer

Rsync file synchronization daemon.

990

FTPS

TCP

LowFile Transfer

FTP over TLS — encrypted file transfer.

993

IMAPS

TCP

LowMail

IMAP over SSL/TLS — encrypted email retrieval.

995

POP3S

TCP

LowMail

POP3 over SSL/TLS — encrypted email download.

1080

SOCKS Proxy

TCP

MediumWeb

SOCKS proxy protocol — application-level proxy routing.

1194

OpenVPN

UDP

LowSecurity/VPN

OpenVPN — widely deployed open-source VPN solution.

1433

MS SQL Server

TCP

HighDatabase

Microsoft SQL Server default instance. Enterprise database.

Never expose directly. Use VPN or SSH tunneling.

1434

MS SQL Browser

UDP

HighDatabase

SQL Server Browser service — resolves named instances to ports.

1521

Oracle DB

TCP

HighDatabase

Oracle Database TNS Listener — default database connection port.

Common target for TNS poisoning attacks.

1723

PPTP

TCP

CriticalSecurity/VPN

Point-to-Point Tunneling Protocol — legacy VPN. Broken encryption.

MS-CHAPv2 is cracked. Migrate to WireGuard or OpenVPN.

1812

RADIUS Auth

UDP

MediumSecurity/VPN

Remote Authentication Dial-In User Service — network access control.

1813

RADIUS Acct

UDP

LowSecurity/VPN

RADIUS accounting — usage tracking for network access.

1883

MQTT

TCP

MediumIoT

Message Queuing Telemetry Transport — lightweight IoT messaging protocol.

Unencrypted by default. Use 8883 for MQTT over TLS.

1900

SSDP/UPnP

UDP

HighIoT

Simple Service Discovery Protocol for Universal Plug and Play.

UPnP can expose internal services. Disable on routers.

2049

NFS

TCP/UDP

HighFile Transfer

Network File System — Unix/Linux network file sharing.

Misconfigured exports can leak sensitive data.

2181

ZooKeeper

TCP

HighDevOps

Apache ZooKeeper — distributed coordination service.

Often lacks authentication. Exposes cluster metadata.

2375

Docker (unencrypted)

TCP

CriticalDevOps

Docker daemon REST API without TLS. Grants root-level access.

Full host compromise if exposed. Always use 2376 with TLS.

2376

Docker (TLS)

TCP

MediumDevOps

Docker daemon REST API with TLS client authentication.

2379

etcd

TCP

CriticalDevOps

etcd client API — distributed key-value store used by Kubernetes.

Contains all cluster secrets. Never expose.

3000

Grafana / Dev Servers

TCP

MediumDevOps

Grafana dashboard default port. Also common for Node.js/React dev servers.

3128

Squid Proxy

TCP

MediumWeb

Squid web proxy cache default port.

3306

MySQL / MariaDB

TCP

HighDatabase

MySQL and MariaDB database server default port.

Never expose to the internet. Use SSH tunnels or VPN.

3389

RDP

TCP/UDP

CriticalRemote Access

Remote Desktop Protocol — Windows remote access.

Top target for brute-force and ransomware. Use NLA and VPN.

3478

STUN/TURN

TCP/UDP

LowMedia/VoIP

NAT traversal for WebRTC and VoIP applications.

4222

NATS

TCP

MediumMessaging

NATS messaging system — lightweight cloud-native messaging.

4369

Erlang EPMD

TCP

HighDevOps

Erlang Port Mapper Daemon — service discovery for Erlang nodes.

4500

IPSec NAT-T

UDP

LowSecurity/VPN

IPSec NAT Traversal — VPN through NAT gateways.

4646

Nomad HTTP

TCP

HighDevOps

HashiCorp Nomad HTTP API — workload orchestration.

5060

SIP

TCP/UDP

MediumMedia/VoIP

Session Initiation Protocol — voice/video call signaling (VoIP).

5061

SIP TLS

TCP

LowMedia/VoIP

SIP over TLS — encrypted VoIP signaling.

5222

XMPP Client

TCP

LowMessaging

Extensible Messaging and Presence Protocol — real-time communication.

5269

XMPP Server

TCP

MediumMessaging

XMPP server-to-server federation protocol.

5353

mDNS

UDP

LowSystem

Multicast DNS — zero-configuration local network name resolution.

5432

PostgreSQL

TCP

HighDatabase

PostgreSQL database server default port.

Ensure pg_hba.conf restricts access. Never expose directly.

5672

RabbitMQ AMQP

TCP

MediumMessaging

RabbitMQ message broker — AMQP protocol.

5683

CoAP

UDP

MediumIoT

Constrained Application Protocol — IoT web transfer protocol.

5684

CoAP DTLS

UDP

LowIoT

CoAP over DTLS — encrypted IoT communication.

5900

VNC

TCP

CriticalRemote Access

Virtual Network Computing — remote desktop sharing.

Weak default security. Many versions have no encryption.

5901

VNC Display :1

TCP

HighRemote Access

VNC server display 1 (base 5900 + display number).

5984

CouchDB

TCP

HighDatabase

Apache CouchDB HTTP API — document-oriented NoSQL database.

6379

Redis

TCP

CriticalDatabase

Redis in-memory data store. Used as cache, message broker, and database.

No auth by default. Major source of data breaches when exposed.

6443

Kubernetes API

TCP

CriticalDevOps

Kubernetes API server — cluster management and orchestration.

Exposed API servers grant full cluster control.

6660

IRC Range Start

TCP

MediumMessaging

IRC server common port range (6660-6669).

6667

IRC

TCP

MediumMessaging

Internet Relay Chat — unencrypted real-time messaging.

6697

IRC TLS

TCP

LowMessaging

IRC over TLS — encrypted real-time messaging.

7000

Cassandra Internode

TCP

MediumDatabase

Cassandra inter-node cluster communication.

7474

Neo4j HTTP

TCP

HighDatabase

Neo4j graph database browser and REST API.

7687

Neo4j Bolt

TCP

MediumDatabase

Neo4j Bolt binary protocol for queries.

8000

HTTP Alt / Dev

TCP

MediumWeb

Common development server port (Django, Python HTTP).

8080

HTTP Proxy

TCP

MediumWeb

Common alternative HTTP port. Used for proxies, dev servers, and admin panels.

8081

Jenkins / App Server

TCP

MediumDevOps

Common port for Jenkins CI, application servers, and admin panels.

8086

InfluxDB

TCP

MediumDatabase

InfluxDB time-series database HTTP API.

8089

Splunk Management

TCP

HighDevOps

Splunk REST API and management port.

8123

ClickHouse HTTP

TCP

MediumDatabase

ClickHouse column-oriented OLAP database HTTP interface.

8200

Vault

TCP

HighSecurity/VPN

HashiCorp Vault — secrets management and encryption.

Contains all secrets. Ensure TLS and proper ACLs.

8443

HTTPS Alt

TCP

LowWeb

Alternative HTTPS port. Common for admin UIs and application servers.

8500

Consul

TCP

HighDevOps

HashiCorp Consul HTTP API — service discovery and configuration.

8600

Consul DNS

TCP/UDP

MediumDevOps

Consul DNS interface for service discovery.

8883

MQTT TLS

TCP

LowIoT

MQTT over TLS — encrypted IoT messaging.

8888

Jupyter Notebook

TCP

HighDevOps

Jupyter Notebook default port — interactive computing.

Often runs without authentication. Code execution risk.

8929

GitLab Mattermost

TCP

LowDevOps

GitLab integrated Mattermost messaging port.

9000

ClickHouse Native

TCP

MediumDatabase

ClickHouse native TCP interface / also common for various apps.

9042

Cassandra CQL

TCP

HighDatabase

Apache Cassandra CQL native transport — distributed NoSQL database.

9050

Tor SOCKS

TCP

MediumSecurity/VPN

Tor network SOCKS proxy for anonymous browsing.

9051

Tor Control

TCP

HighSecurity/VPN

Tor control port for managing the Tor daemon.

9090

Prometheus

TCP

MediumDevOps

Prometheus monitoring server — metrics collection and alerting.

9092

Apache Kafka

TCP

MediumMessaging

Apache Kafka distributed event streaming platform.

9200

Elasticsearch

TCP

CriticalDatabase

Elasticsearch HTTP API — search and analytics engine.

No authentication by default in older versions. Data breaches common.

9300

Elasticsearch Transport

TCP

HighDatabase

Elasticsearch internal cluster communication.

9418

Git

TCP

MediumDevOps

Git daemon protocol — unauthenticated read-only Git access.

9997

Splunk Forwarder

TCP

MediumDevOps

Splunk universal forwarder data input.

10161

SNMP over TLS

TCP

LowSystem

Secure SNMP over DTLS — encrypted network management.

10250

Kubelet

TCP

HighDevOps

Kubelet API — node-level container management in Kubernetes.

11211

Memcached

TCP/UDP

CriticalDatabase

Memcached distributed caching system.

UDP reflection attacks caused 1.3 Tbps DDoS in 2018. Disable UDP.

15672

RabbitMQ Management

TCP

HighMessaging

RabbitMQ web management console.

Default credentials guest/guest. Change immediately.

25565

Minecraft

TCP

LowGaming

Minecraft Java Edition server default port.

27015

Source Engine

UDP

LowGaming

Valve Source engine game server (CS:GO, TF2, etc).

27017

MongoDB

TCP

CriticalDatabase

MongoDB NoSQL database default port.

Historically no auth by default. Thousands of exposed instances breached.

27018

MongoDB Shard

TCP

HighDatabase

MongoDB shard server (shardsvr) default port.

32400

Plex Media

TCP

LowMedia/VoIP

Plex Media Server web interface and streaming.

41641

Tailscale

UDP

LowSecurity/VPN

Tailscale WireGuard-based mesh VPN direct connections.

50000

Jenkins Agent

TCP

HighDevOps

Jenkins JNLP agent communication port.

51820

WireGuard

UDP

LowSecurity/VPN

WireGuard VPN — modern, fast, cryptographically sound VPN tunnel.

Was this tool helpful?

How to Use

Look up any network port instantly. Search by port number, service name, or keyword. Filter by category (Database, Web, DevOps) or risk level (Critical, High, Medium, Low) to find exactly what you need.

Search: Type a port number (e.g., 443), service name (e.g., "Redis"), or keyword (e.g., "encryption" or "EternalBlue") in the search bar. Results update instantly.
Quick ports: Click any of the common port buttons (:22, :80, :443, etc.) to jump directly to that port's details.
Filter by category: Click the Filters button to show category chips (Web, Database, DevOps, Remote Access, etc.) and risk level chips (Critical, High, Medium, Low). Multiple filters combine additively.
Read security notes: Ports with amber warning badges include actionable security guidance — why the port is risky and what to use instead.
Copy details: Hover over any port card and click the copy button to get a formatted text summary for documentation or chat.

About This Tool

Port Ranges and IANA Assignments

The Internet Assigned Numbers Authority (IANA) divides the 65,535 available port numbers into three ranges. Well-known ports (0-1023) are assigned to standard protocols like HTTP, SSH, and DNS. Registered ports (1024-49151) are assigned to specific applications like MySQL (3306), PostgreSQL (5432), and MongoDB (27017). Dynamic/ephemeral ports (49152-65535) are used temporarily by client-side connections and are not assigned to any service.

Security Risk Ratings

Each port is assigned a risk level based on its real-world attack surface. Critical ports (red) are those with well-documented exploits and should never be exposed to the internet — including FTP (21), Telnet (23), SMB (445), RDP (3389), and unauthenticated databases like Redis (6379). High risk ports transmit data unencrypted or lack default authentication. Medium risk ports are secure but commonly targeted. Low risk ports use encryption by default and have strong authentication.

TCP vs UDP Protocols

TCP provides reliable, ordered delivery through a three-way handshake (SYN, SYN-ACK, ACK), making it suitable for web traffic, file transfers, and database connections. UDP is connectionless — packets are sent without confirmation, making it faster but unreliable. This tradeoff makes UDP ideal for DNS queries, VoIP, video streaming, and gaming where speed matters more than guaranteed delivery. Some services use both: DNS uses UDP for standard queries but falls back to TCP for responses larger than 512 bytes or zone transfers.

Firewall Best Practices

The principle of least privilege applies directly to port management: only open ports that are actively needed, and restrict access by source IP where possible. Default-deny firewall rules (block everything, then allow specific ports) are more secure than default-allow rules. Internal services like databases (3306, 5432, 27017), caching (6379, 11211), and container orchestration (2375, 6443, 10250) should never be directly accessible from the internet — use VPN tunnels, SSH port forwarding, or private networks instead.

Why Use This Tool

Security-First Reference

Most port lists show a service name and nothing else. This reference includes security risk ratings, protocol details, and actionable notes explaining why a port is dangerous and what to do about it. Whether you're reviewing nmap scan results, configuring a firewall, or studying for a network certification, every entry gives you context that a bare service name cannot.

Filter by category to focus on database ports, DevOps infrastructure, or remote access tools. Filter by risk level to prioritize your security audit. Everything runs 100% client-side — your search queries never leave your browser.

FAQ

What are well-known ports and why do they matter?

Well-known ports (0-1023) are assigned by IANA to standard services like HTTP (80), HTTPS (443), and SSH (22). They matter because firewalls and security policies are built around them — knowing which port a service uses is essential for network configuration, security auditing, and troubleshooting.

Which network ports are the most dangerous to leave open?

The most critical ports to protect include: 21 (FTP — cleartext passwords), 23 (Telnet — no encryption), 135 (MS-RPC — Windows attack surface), 445 (SMB — WannaCry/EternalBlue), 3389 (RDP — ransomware target), 6379 (Redis — no auth by default), and 27017 (MongoDB — historically no auth). Never expose these directly to the internet.

What is the difference between TCP and UDP ports?

TCP (Transmission Control Protocol) provides reliable, ordered delivery with connection setup via a three-way handshake — used by HTTP, SSH, and databases. UDP (User Datagram Protocol) is connectionless and faster but unreliable — used by DNS queries, VoIP, gaming, and streaming. Some services like DNS use both: UDP for queries and TCP for zone transfers.

How do I use this tool to audit my network security?

Search for ports found in your scan results (e.g., nmap output) to identify each service and its risk level. Filter by 'Critical' or 'High' risk to see which ports need immediate attention. The security notes explain why specific ports are dangerous and recommend safer alternatives.