Well Known Ports & Protocols (Info)
201 - 208
AppleTalk. AppleTalk is a proprietary suite of protocols developed by Apple Inc. for networking computers and corresponds closely to the Network layer of the Open Systems Interconnection (OSI) communication model.
68
BOOTPC, DHCP. Bootstrap Protocol (BOOTP - is a network protocol used by a network client to obtain an IP address from a configuration server) Server; also used by Dynamic Host Configuration Protocol Client (DHCP - allows a computer to be configured automatically, eliminating the need for intervention by a network administrator)
67
BOOTPS, DHCP. Bootstrap Protocol (BOOTP - is a network protocol used by a network client to obtain an IP address from a configuration server) Server; also used by Dynamic Host Configuration Protocol Server (DHCP - allows a computer to be configured automatically, eliminating the need for intervention by a network administrator)
19
CHARGEN. Character Generator
13
DAYTIME.
135
DCOM Service Control Manager. The SCM server running on the user's computer opens port 135 and listens for incoming requests from clients wishing to locate the ports where DCOM services can be found on that machine.
9
DISCARD. The Discard Protocol is a service in the Internet Protocol Suite defined in RFC 863. It is intended for testing, debugging, and measurement purposes. Data is discarded, no response is returned.
53
DNS (domain name system). the name service of the Internet, used by http, smtp and all others to resolve symbolic names into the IP layer addresses, name resolution is done via udp, zone transfers between several name servers via tcp.
7
ECHO. It was originally proposed for testing and measurement of round-trip times in IP networks.
79
FINGER. In computer networking, the Name/Finger protocol and the Finger user information protocol are simple network protocols for the exchange of human-oriented status and user information.
21
FTP (command). The FTP protocol uses a pair of connections between the FTP client and FTP server. The connection with the FTP server's port 20 is the second connection created during an FTP session, the first one being to the server's port 21.
20
FTP (data). The FTP protocol uses a pair of connections between the FTP client and FTP server. The connection with the FTP server's port 20 is the second connection created during an FTP session, the first one being to the server's port 21.
70
GOPHER. The Gopher protocol is a TCP/IP Application layer protocol designed for distributing, searching, and retrieving documents over the Internet.
47
GRE. Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels, creating a virtual point-to-point link to various brands of routers at remote points over an Internet Protocol (IP) internetwork
8080
HTTP (alternative). This port is a popular alternative to port 80 for offering web services. "8080" was chosen since it is "two 80's", and also because it is above the restricted well known service port range. Its use in a URL requires an explicit "default port override" to request a web browser to connect to port 8080 rather than the http default of port 80. See the discussion of URL defaults and port overrides on the port 81 page.
80
HTTP. This is the primary port used by the world wide web (www) system. Web servers open this port then listen for incoming connections from web browsers. Similarly, when a web browser is given a remote address (like grc.com or amazon.com), it assumes that a remote web server will be listening for connections on port 80 at that location.
443
HTTPS. This port is used for secure (via TLS/SSL) web browser communication. Data transferred across such connections are highly resistant to eavesdropping and interception. Moreover, the identity of the remotely connected server can be verified with significant confidence. Web servers offering to accept and establish secure connections listen on this port for connections from web browsers desiring strong communication security.
113
IDENT. Authentication Service / Identification Protocol. Auth/Ident servers — which are supposed to run on the local user's machine — open port 113 and listen for incoming connections and queries from remote machines. These querying machines provide a local and remote "port pair" describing some other already-existing connection between the machines.
500
IKE. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP[1] and uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived.
143
IMAP. The Internet Message Access Protocol (commonly known as IMAP) is an Application Layer Internet protocol that allows an e-mail client to access e-mail on a remote mail server via an unencrypted connection. Incoming e-mail messages are sent to an e-mail server that stores messages in the recipient's email box. The user retrieves the messages with an e-mail client that uses one of a number of e-mail retrieval protocols. IMAP supports both on-line and off-line modes of operation.
220
IMAP3. The Internet Message Access Protocol (IMAP) is one of the two most prevalent Internet standard protocols for e-mail retrieval, the other being the Post Office Protocol (POP).[1] Virtually all modern e-mail clients and mail servers support both protocols as a means of transferring e-mail messages from a server.
993
IMAPS. Internet Message Access Protocol over SSL (IMAPS). TLS/SSL encrypted mail retrieval system (see also imap above).
631
IPP. Internet Printing Protocol. Unencrypted port for (local) printer access via browser and CUPS client
50
IPSec AH (Authentication Header). AH guarantees connectionless integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets.
51
IPSec ESP (Encapsulated Security Payload). In IPsec it provides origin authenticity, integrity, and confidentiality protection of packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure
213
IPX. Internetwork Packet Exchange (IPX) is the OSI-model Network layer protocol in the IPX/SPX protocol stack.
6667
IRC. Internet Relay Chat
194
IRC. Internet Relay Chat (IRC) is a popular form of real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer (including file sharing).
994
IRCS. the Internet chat system TLS/SSL encrypted
9100
JETDIRECT. PDL Data Stream. Dieser Port wird vor allem von Netzwerkdruckern der Firma Hewlett Packard für die Kommunikation zwischen Computer und dem Drucker genutzt. Auch andere Druckerhersteller nutzen mittlerweise diesen Port für ihre Geräte.
88
KERBEROS. It's a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.
543
KLOGIN. Kerberos Login
1109
KPOP. In computing, local e-mail clients can use the Kerberized Post Office Protocol (KPOP), an application-layer Internet standard protocol, to retrieve e-mail from a remote server over a TCP/IP connection. The KPOP protocol is based on the POP3 protocol with the differences that it adds Kerberos security and that it runs by default over TCP port number 1109 instead of 110
754
KPROP. Kerberos Prop. Kerberos Slave propagation.
544
KSHELL. Kerberos Shell
749
Kerberos Admin. Kerberos (protocol) administration.
751
Kerberos Master. Kerberos authentication.
1701
L2TP. In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
636
LDAP over SSL.
389
LDAP. LDAP (which is what people call it) is a modern and popular Internet directory access protocol used by many systems and services. Most Windows users will encounter it because Microsoft's NetMeeting uses and opens the LDAP port 389 while it is running.
515
LPD. The Line Printer Daemon protocol/Line Printer Remote protocol (or LPD, LPR) is a network protocol for submitting print jobs to a remote printer.
1434
Microsoft-SQL-Monitor. Microsoft's SQL Server, including the desktop editions that are often silently installed with other Microsoft applications, opens and services queries delivered over incoming UDP connections through this port.
1433
Microsoft-SQL-Server. Microsoft's SQL Server, including the desktop editions that are often silently installed with other Microsoft applications, opens and services queries delivered over incoming TCP connections through this port.
3306
MySQL Database System.
139
NETBIOS SSN. TCP NetBIOS connections are made over this port, usually with Windows machines but also with any other system running Samba (SMB). These TCP connections form "NetBIOS sessions" to support connection oriented file sharing activities.
15
NETSTAT. netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on Unix, Unix-like, and Windows NT-based operating systems.
2049
NFS. Network File System (NFS) is a network file system protocol originally developed by Sun Microsystems in 1984,[1] allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed.
137
NMDB. UDP NetBIOS name query packets are sent to this port, usually of Windows machines but also of any other system running Samba (SMB), to ask the receiving machine to disclose and return its current set of NetBIOS names.
138
NMDG. UDP NetBIOS datagrams packets are exchanged over this port, usually with Windows machines but also with any other system running Samba (SMB). These UDP NetBIOS datagrams support non-connection oriented file sharing activities.
119
NNTP. Port 119 hosts the servers of the famous and infamous Internet USENET newsgroup world. NNTP servers push and pull news articles to and from other NNTP servers over port 119, and news reading (and writing) clients talking to news servers over the same port.
123
NTP. Network Time Protocol.
109
POP2. PostOffice V.2
110
POP3. Pop3 "post office protocol" is used by eMail clients for the retrieval of their eMail from designated eMail "post office" servers.
995
POP3S. TLS/SSL encrypted mail retrieval system.
1723
PPTP. The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
17
QUOTE. Quote of the day
1813
RADIUS Accounting.
1812
RADIUS Authentication. Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server (NAS), are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server.
3389
RDP, Microsoft Terminal Services
2105
RLOGIN. eklogin Kerberos encrypted remote login (rlogin)
39
RLP. Resource Location Protocol[6] (RLP)—used for determining the location of higher level services from hosts on a network
554
RTSP. Real Time Streaming Protocol - used by Real Media for video and audio streaming
5060
SIP. The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP). The protocol can be used for creating, modifying and terminating two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams.
445
SMB over TCP. Netbios File- and Printersharing. This port replaces the notorious Windows NetBIOS trio (ports 137-139), for all versions of Windows after NT, as the preferred port for carrying Windows file sharing and numerous other services.
25
SMTP. SMTP is the protocol used to shuttle eMail across the Internet from one mail server to another. Over its years of use, the protocol has evolved significantly to become much more capable, and much less "simple" than it was in the beginning. SMTP servers open and listen for incoming connections on port 25. Another SMTP server, or a personal eMail client, will connect to the server on its port 25 to transfer some eMail into it for subsequent forwarding toward its destination
161
SNMP. Operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent.
162
SNMPTRAP. The agent response will be sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162.
22
SSH. Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices.[1] The two major versions of the protocol are referred to as SSH1 or SSH-1 and SSH2 or SSH-2. Used primarily on Linux and Unix based systems to access shell accounts, SSH was designed as a replacement for Telnet and other insecure remote shells, which send information, notably passwords, in plaintext, rendering them susceptible to packet analysis
901
SWAT. Samba Web Administration Tool. Browser/web bound Samba administration (see above, 137/nmbd and 139/smbd), use with care: it's not encrypted without additional measures
111
Sun RPC (Remote Procedure Call). This port is used as a well-defined means for determining the ports upon which other services in the system are running. It is referred to as a "portmapper" because it provides a directory, or "mapping" between available services and their ports.
49
TACACS. Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD. This server was normally a program running on a host. The host would determine whether to accept or deny the request and send a response back.
23
TELNET. Telnet is one of the earliest, original protocols of the Internet. A machine offering Telnet services is essentially offering to accept an "across the Internet" remote console terminal connection from any client device. This makes Telnet quite powerful and, without proper security, a significant security concern.
69
TFTP. Trivial File Transfer Protocol (TFTP) is a file transfer protocol, with the functionality of a very basic form of File Transfer Protocol (FTP). Only reads and writes files from/to a server.
37
TIME. Provides remote timing stat's of internal processing events. Security Concerns: Gives remote attacker info on host's internal processing load. Can identify critical processing times, plus output can be looped to echo port (7) and create a DOS threat to the subnet.
514
UNIX Syslog Listener. A syslog server opens port 514 and listens for incoming syslog event notifications (carried by UDP protocol packets) generated by remote syslog clients. Any number of client devices can be programmed to send syslog event messages to whatever servers they choose.
540
UUCP. UUCP is an abbreviation for Unix-to-Unix Copy. The term generally refers to a suite of computer programs and protocols allowing remote execution of commands and transfer of files, email and netnews between computers
43
WHOIS. WHOIS is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information.
2111
X over Kerberos.
6000
X11. Standard GUI base server of the X/Open Group, the ports above 6000 up to 6063 are addressed via display (variable: upper case) setting to 1, 2 and so on, instead of 0, for the ports 6001, 6002 and so on instead of 6000 (display number part 1 = port offset)