Common TCP & UDP Ports
📡 Well-Known Ports (0–1023)
| Port | Protocol | Description |
|---|---|---|
| 20, 21 | FTP | File Transfer Protocol (20 = data, 21 = control) |
| 22 | SSH | Secure Shell (remote login, tunneling, SCP, SFTP) |
| 23 | Telnet | Unencrypted remote login (legacy/insecure) |
| 25 | SMTP | Simple Mail Transfer Protocol (email sending) |
| 53 | DNS | Domain Name System (UDP queries, TCP for zone transfers) |
| 67/68 | DHCP | Dynamic Host Configuration Protocol (server=67, client=68) |
| 69 | TFTP | Trivial File Transfer Protocol (lightweight file transfer) |
| 80 | HTTP | Hypertext Transfer Protocol (web) |
| 110 | POP3 | Post Office Protocol v3 (retrieving email) |
| 123 | NTP | Network Time Protocol (clock sync) |
| 137–139 | NetBIOS | Legacy Windows file/printer sharing |
| 143 | IMAP | Internet Message Access Protocol (email retrieval) |
| 161/162 | SNMP | Simple Network Management Protocol (monitoring) |
| 179 | BGP | Border Gateway Protocol (routing between ISPs) |
| 389 | LDAP | Lightweight Directory Access Protocol (directory services) |
| 443 | HTTPS | Secure HTTP (encrypted web traffic via TLS/SSL) |
| 445 | SMB | Windows file/printer sharing (modern) |
| 465 | SMTPS | SMTP over SSL/TLS |
| 514 | Syslog | System logging |
| 587 | SMTP (submission) | Outbound email submission |
| 636 | LDAPS | Secure LDAP |
| 993 | IMAPS | Secure IMAP |
| 995 | POP3S | Secure POP3 |
🔒 Registered / Other Common Ports (1024–49151)
| Port | Protocol | Description |
|---|---|---|
| 1080 | SOCKS proxy | Proxy server |
| 1433 | MS-SQL | Microsoft SQL Server |
| 1521 | Oracle DB | Oracle database |
| 2049 | NFS | Network File System |
| 3306 | MySQL | MySQL database |
| 3389 | RDP | Remote Desktop Protocol |
| 5432 | PostgreSQL | PostgreSQL database |
| 5900 | VNC | Virtual Network Computing (remote desktop) |
| 8080 | HTTP-alt | Often used for proxy/web servers |
🎮 Ephemeral/Dynamic Ports (49152–65535)
- Used for temporary client-side connections.
- Example: Your browser might connect to a web server’s port 443 from a random high port like 53472.
- These are assigned automatically by the OS.
🎸 Fun Analogy
- Ports 0–1023 = “Front row VIP seats” — reserved for the famous bands (HTTP, DNS, SSH).
- 1024–49151 = “Mid-level bands” — still well-known (databases, RDP).
- 49152–65535 = “General admission” — random fans filling in (ephemeral client sessions).
⚡ TL;DR
49152–65535: ephemeral/dynamic (temporary client connections).
Ports = identify services running on a host.
0–1023: well-known services (HTTP, DNS, SSH).
1024–49151: registered (databases, RDP).