Ports and Protocols

Network Protocols
- Network protocols define the rules for formatting and transmitting data between
devices on a network.
- Operates on Layer 3 (Network) and Layer 4 (Transport) of OSI model.

Internet Protocols (IP):

- IP is a Network protocol that establishes the rules for relaying and routing data
on the internet.
- Uses IP addresses to Identify the device and Port Numbers to identify the
endpoints.

Network Protocol Categories:

1. Connection-oriented protocol: Ex: Phone call between two people. a

connection is established.
- TCP: Transmission control protocol; provides a reliable, connection
oriented, ordered delivery of bitstreams over IP network.
- TCP + IP form the TCP/IP protocol suite, a set of protocols that the
internet runs on.

2. Connectionless protocol: Ex: sending a package to someone. No

connection is established, therefore the package could get lost.
- UDP : User Datagram Protocol; uses simple connectionless protocol to
deliver data over IP network
- Media is a good example as streams buffer and words are not in sync
with a video.
- It has a lower overhead and is faster than TCP.

Port Numbers:
- A device might send and receive data from multiple devices, port numbers allow
the device in a network to further identify the other devices or applications that
communicate with it.
- It is also known as a endpoint

Common Ports + Associated Protocols

● Port 22 - SSH (used to create a secure network connection)

 ● Port 53 - DNS (used for modern internet)

● Port 80 - HTTP (protocol used to connect to a web page)

● Port 443 - HTTPS (a secure version of HTTP, used more for purchases and the
need for secure sites)

● Port 3389 - RDP (can remotely connect to their desktop from another computer)

● Port 25 - SMTP (used to travel email messages between servers)

● Port 143 - IMAP (Management of Digital Mail)

● Port 110 - POP (used by e-mail clients to retrieve e-mails from a server)

● Port 21 - FTP (network protocol that enables file transfer between two
computers)

General Ports and Protocols

The following are some of the most common service names, transport protocol names,
and port numbers used to differentiate between specific services that employ TCP,
UDP, DCCP, and SCTP.

Port Service Transport

Number   name  protocol Description

TCP,
7 Echo UDP Echo service

 TCP,
20 FTP-data SCTP File Transfer Protocol data transfer

21 FTP  TCP, File Transfer Protocol (FTP) control

UDP, connection
 Port Service Transport
Number   name  protocol Description

SCTP

TCP,
UDP,  Secure Shell, secure logins, file transfers
22 SSH-SCP SCTP  (scp, sftp), and port forwarding

Telnet protocol—unencrypted text

23 Telnet TCP communications

 Simple Mail Transfer Protocol, used for

25 SMTP TCP email routing between mail servers

TCP,
53 DNS UDP  Domain Name System name resolver

69 TFTP UDP Trivial File Transfer Protocol

Hypertext Transfer Protocol (HTTP) uses

TCP in versions 1.x and 2. 
TCP,
UDP, HTTP/3 uses QUIC, a transport protocol
80 HTTP SCTP on top of UDP

TCP,
88 Kerberos UDP Network authentication system

ISO Transport Service Access Point

102 Iso-tsap TCP (TSAP) Class 0 protocol

110 POP3 TCP Post Office Protocol, version 3 (POP3)

135 Microsoft TCP, Microsoft EPMAP (End Point Mapper),

 Port Service Transport
Number   name  protocol Description

also known as DCE/RPC Locator service,

used to remotely manage services
including DHCP server, DNS server, and
EPMAP UDP WINS. Also used by DCOM

TCP,  NetBIOS Name Service, used for name

137 NetBIOS-ns UDP registration and resolution

NetBIOS- TCP,
139 ssn UDP NetBIOS Session Service

 Internet Message Access Protocol

TCP, (IMAP), management of electronic mail
143 IMAP4 UDP messages on a server

HP TCP,
381 Openview UDP HP data alarm manager

HP TCP,
383 Openview UDP HP data alarm manager

Hypertext Transfer Protocol Secure

TCP, (HTTPS) uses TCP in versions 1.x and 2.
HTTP over UDP, HTTP/3 uses QUIC, a transport protocol
443 SSL SCTP on top of UDP.

TCP,
464 Kerberos UDP Kerberos Change/Set password

SMTP over Authenticated SMTP over TLS/SSL

TLS/SSL, (SMTPS), URL Rendezvous Directory for
465 SSM TCP SSM (Cisco protocol)
 Port Service Transport
Number   name  protocol Description

587 SMTP TCP Email message submission

HTTP RPC Ep Map, Remote procedure

call over Hypertext Transfer Protocol,
often used by Distributed Component
Microsoft TCP, Object Model services and Microsoft
593 DCOM UDP Exchange Server

LDAP over TCP, Lightweight Directory Access Protocol

636 TLS/SSL UDP over TLS/SSL

MS
691 Exchange TCP MS Exchange Routing

VMware
902 Server unofficial VMware ESXi

FTP over TCP,

989 SSL UDP FTPS Protocol (data), FTP over TLS/SSL

FTP over TCP,  FTPS Protocol (control), FTP over

990 SSL UDP TLS/SSL

IMAP4 over Internet Message Access Protocol over

993 SSL TCP TLS/SSL (IMAPS)

POP3 over TCP,

995 SSL UDP Post Office Protocol 3 over TLS/SSL

1025 Microsoft TCP Microsoft operating systems tend to

RPC allocate one or more unsuspected,
publicly exposed services (probably
 Port Service Transport
Number   name  protocol Description

DCOM, but who knows) among the first

handful of ports immediately above the
end of the service port range (1024+).

TCP,
1194 OpenVPN UDP OpenVPN

1337 WASTE unofficial WASTE Encrypted File Sharing Program

TCP,
1589 Cisco VQP UDP Cisco VLAN Query Protocol (VQP)

1725 Steam UDP Valve Steam Client uses port 1725 

2082 cPanel unofficial cPanel default

radsec, TCP,  Secure RADIUS Service (radsec), cPanel

2083 cPanel UDP default SSL

Oracle database listening for insecure

TCP, client connections to the listener, replaces
2483 Oracle DB UDP port 1521

TCP, Oracle database listening for SSL client

2484 Oracle DB UDP connections to the listener

Symantec TCP, Symantec System Center agent (SSC-

2967 AV UDP AGENT)

TCP, Xbox LIVE and Games for Windows –

3074 XBOX Live UDP Live
 Port Service Transport
Number   name  protocol Description

3306 MySQL TCP  MySQL database system

World of TCP, Some Blizzard games, Unofficial Club

3724 Warcraft UDP Penguin Disney online game for kids

Google
4664 Desktop unofficial Google Desktop Search

5432 PostgreSQL TCP PostgreSQL database system

RFB/VNC TCP, virtual Network Computing (VNC) Remote

5900 Server UDP Frame Buffer RFB protocol

6665 IRC TCP Internet Relay Chat 

6669 IRC TCP Internet Relay Chat 

BitTorrent is part of the full range of ports

6881 BitTorrent unofficial used most often

BitTorrent is part of the full range of ports

6999 BitTorrent unofficial used most often

6970 Quicktime unofficial QuickTime Streaming Server

Kaspersky
8086 AV TCP Kaspersky AV Control Center

Kaspersky
8087 AV UDP Kaspersky AV Control Center
 Port Service Transport
Number   name  protocol Description

VMware TCP, VMware Server Management User

8222 Server UDP Interface (insecure Web interface).

PDL Data Stream, used for printing to

9100 PDL TCP certain network printers[1

Webmin, Web-based Unix/Linux system

10000 BackupExec unofficial administration tool (default port)

NetBus remote administration tool (often

12345 NetBus unofficial Trojan horse).

27374 Sub7 unofficial Sub7 default

Back Orifice 2000 remote administration

18006 Back Orifice unofficial tools

Linux Ports
The following tables list the most common communication ports used by services,
daemons, and programs included in Red Hat Enterprise Linux.
This listing can also be found in the /etc/services file.

Port # /
Name Comment
Layer
1 tcpmux TCP port service multiplexer
5 rje Remote Job Entry
7 echo Echo service
9 discard Null service for connection testing
11 systat System Status service for listing connected ports
13 daytime Sends date and time to requesting host
Port # /
Name Comment
Layer
17 qotd Sends quote of the day to connected host
18 msp Message Send Protocol
Character Generation service; sends endless
19 chargen
stream of characters
20 ftp-data FTP data port
File Transfer Protocol (FTP) port; sometimes used
21 ftp
by File Service Protocol (FSP)
22 ssh Secure Shell (SSH) service
23 telnet The Telnet service
25 smtp Simple Mail Transfer Protocol (SMTP)
37 time Time Protocol
39 rlp Resource Location Protocol
42 nameserver Internet Name Service
43 nicname WHOIS directory service
Terminal Access Controller Access Control System
49 tacacs
for TCP/IP based authentication and access
50 re-mail-ck Remote Mail Checking Protocol
53 domain domain name services (such as BIND)
63 whois++ WHOIS++, extended WHOIS services
Bootstrap Protocol (BOOTP) services; also used by
67 bootps Dynamic Host Configuration Protocol (DHCP)
services
Bootstrap (BOOTP) client; also used by Dynamic
68 bootpc
Host Configuration Protocol (DHCP) clients
69 tftp Trivial File Transfer Protocol (TFTP)
70 gopher Gopher Internet document search and retrieval
71 netrjs-1 Remote Job Service
72 netrjs-2 Remote Job Service
73 netrjs-3 Remote Job Service
73 netrjs-4 Remote Job Service
79 finger Finger service for user contact information
HyperText Transfer Protocol (HTTP) for World
80 http
Wide Web (WWW) services
88 kerberos Kerberos network authentication system
95 supdup Telnet protocol extension
101 hostname Hostname services on SRI-NIC machines
ISO Development Environment (ISODE) network
102/tcp iso-tsap
applications
Mailbox nameserver; also used by CSO
105 csnet-ns
nameserver
Port # /
Name Comment
Layer
107 rtelnet Remote Telnet
109 pop2 Post Office Protocol version 2
110 pop3 Post Office Protocol version 3
Remote Procedure Call (RPC) Protocol for remote
111 sunrpc command execution, used by Network Filesystem
(NFS)
113 auth Authentication and Ident protocols
115 sftp Simple File Transfer Protocol services
117 uucp-path Unix-to-Unix Copy Protocol (UUCP) Path services
Network News Transfer Protocol (NNTP) for the
119 nntp
USENET discussion system
123 ntp Network Time Protocol (NTP)
NETBIOS Name Service used in Red Hat
137 netbios-ns
Enterprise Linux by Samba
NETBIOS Datagram Service used in Red Hat
138 netbios-dgm
Enterprise Linux by Samba
NETBIOS Session Service used in Red Hat
139 netbios-ssn
Enterprise Linux by Samba
143 imap Internet Message Access Protocol (IMAP)
161 snmp Simple Network Management Protocol (SNMP)
162 snmptrap Traps for SNMP
163 cmip-man Common Management Information Protocol (CMIP)
164 cmip-agent Common Management Information Protocol (CMIP)
174 mailq MAILQ email transport queue
177 xdmcp X Display Manager Control Protocol (XDMCP)
178 nextstep NeXTStep window server
179 bgp Border Gateway Protocol
191 prospero Prospero distributed filesystem services
194 irc Internet Relay Chat (IRC)
199 smux SNMP UNIX Multiplexer
201 at-rtmp AppleTalk routing
202 at-nbp AppleTalk name binding
204 at-echo AppleTalk echo
206 at-zis AppleTalk zone information
209 qmtp Quick Mail Transfer Protocol (QMTP)
210 z39.50 NISO Z39.50 database
Internetwork Packet Exchange (IPX), a datagram
213 ipx protocol commonly used in Novell Netware
environments
220 imap3 Internet Message Access Protocol version 3
Port # /
Name Comment
Layer
245 link LINK / 3-DNS iQuery service
347 fatserv FATMEN file and tape management server
363 rsvp_tunnel RSVP Tunnel
369 rpc2portmap Coda file system portmapper
370 codaauth2 Coda file system authentication services
372 ulistproc UNIX LISTSERV
389 ldap Lightweight Directory Access Protocol (LDAP)
427 svrloc Service Location Protocol (SLP)
mobileip-
434 Mobile Internet Protocol (IP) agent
agent
435 mobilip-mn Mobile Internet Protocol (IP) manager
443 https Secure Hypertext Transfer Protocol (HTTP)
444 snpp Simple Network Paging Protocol
445 microsoft-ds Server Message Block (SMB) over TCP/IP
464 kpasswd Kerberos password and key changing services
468 photuris Photuris session key management protocol
487 saft Simple Asynchronous File Transfer (SAFT) protocol
488 gss-http Generic Security Services (GSS) for HTTP
Rendezvous Point Discovery (RP-DISC) for
496 pim-rp-disc
Protocol Independent Multicast (PIM) services
Internet Security Association and Key Management
500 isakmp
Protocol (ISAKMP)
535 iiop Internet Inter-Orb Protocol (IIOP)
538 gdomap GNUstep Distributed Objects Mapper (GDOMAP)
dhcpv6- Dynamic Host Configuration Protocol (DHCP)
546
client version 6 client
dhcpv6- Dynamic Host Configuration Protocol (DHCP)
547
server version 6 Service
554 rtsp Real Time Stream Control Protocol (RTSP)
Network News Transport Protocol over Secure
563 nntps
Sockets Layer (NNTPS)
565 whoami whoami user ID listing
587 submission Mail Message Submission Agent (MSA)
Network Peripheral Management Protocol (NPMP)
610 npmp-local
local / Distributed Queueing System (DQS)
Network Peripheral Management Protocol (NPMP)
611 npmp-gui
GUI / Distributed Queueing System (DQS)
HyperMedia Management Protocol (HMMP)
612 hmmp-ind
Indication / DQS
631 ipp Internet Printing Protocol (IPP)
Port # /
Name Comment
Layer
Lightweight Directory Access Protocol over Secure
636 ldaps
Sockets Layer (LDAPS)
674 acap Application Configuration Access Protocol (ACAP)
694 ha-cluster Heartbeat services for High-Availability Clusters
kerberos- Kerberos version 5 (v5) 'kadmin' database
749
adm administration
750 kerberos-iv Kerberos version 4 (v4) services
765 webster Network Dictionary
767 phonebook Network Phonebook
873 rsync rsync file transfer services
992 telnets Telnet over Secure Sockets Layer (TelnetS)
Internet Message Access Protocol over Secure
993 imaps
Sockets Layer (IMAPS)
Internet Relay Chat over Secure Sockets Layer
994 ircs
(IRCS)
Post Office Protocol version 3 over Secure Sockets
995 pop3s
Layer (POP3S)