Commonly used TCP/IP ports and how they are used
When your web browser or email program connects to another computer on the Internet, it does so through a TCP/IP port. If you have a web server or FTP server running on your PC, it opens a port through which other computers can connect to those services. Port numbers are used to distinguish one network service from another.
Mostly, this is done behind the scenes. However, knowing which programs use a specific port number becomes important when you starting considering security. A firewall uses ports to form its rules about which types of network traffic to allow, and which to prohibit. And the Active Connections utility (netstat.exe), used to determine which ports are currently in use, allows you to uncover vulnerabilities in your system using ports.
Some firewalls make a distinction between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports, which is typically unnecessary. In most cases, programs that use the more common TCP protocol will use the same port numbers as their counterparts that use the lessreliable UDP protocol.
Ports are divided into three ranges:
Well-known ports: 0–1023
Registered ports: 1024–49151
Dynamic and/or private ports: 49152–65535
| Port Number | Description |
|---|---|
| 20–21 | FTP (File Transfer Protocol) |
| 22 | SSH (Secure Shell) |
| 23 | Telnet |
| 25 | SMTP (Simple Mail Transfer Protocol), used for sending email |
| 42 | WINS (Windows Internet Name Service) |
| 43 | WhoIs |
| 50-51 | IPSec (PPTP Passthrough for VPN, Virtual Private Networking) |
| 53 | DNS (Domain Name Server), used for looking up domain names |
| 67 | DHCP (Dynamic Host Configuration Protocol) |
| 69 × | TFTP |
| 70 | Gopher |
| 79 | Finger |
| 80 | HTTP (Hyper Text Transfer Protocol), used by web browsers to download standard web pages |
| 110 | POP3 (Post Office Protocol, version 3), used for retrieving email |
| 119 | NNTP (Network News Transfer Protocol), used for newsgroups |
| 123 | NTP (Network Time Protocol), used for Windows’ Internet Time feature |
| 135 × | RPC (Microsoft Windows Remote Procedure Call) |
| 137–139 × | NETBIOS Services |
| 143 | IMAP4 (Internet Mail Access Protocol version 4) |
| 161–162 | SNMP (Simple Network Management Protocol) |
| 194 | IRC (Internet Relay Chat) |
| 220 | IMAP3 (Internet Mail Access Protocol version 3) |
| 443 | HTTPS (HTTP over TLS/SSL), used by web browsers to download secure web pages |
| 445 × | Active Directory, file sharing for Microsoft Windows networks (445 UDP used for SMB/Samba) |
| 500 | IPSec (PPTP Passthrough for VPN, Virtual Private Networking) |
| 514 | RSH (Remote Shell) |
| 531 | AOL Instant Messenger (AIM) |
| 554 | RTSP (Real Time Streaming Protocol), used for streaming audio and video |
| 563 | NNTPS (Network News Transfer Protocol over SSL), used for secure newsgroups |
| 593 × | RPC (Microsoft Windows Remote Procedure Call) over HTTP |
| 691 | Microsoft Exchange Routing |
| 750 | Kerberos IV email authenticating agent |
| 989–990 | FTP over SSL (Secure File Transfer Protocol) |
| 992 | Telnet over SSL (secure Telnet) |
| 993 | IMAP4 over SSL (secure Internet Mail Access Protocol version 4) |
| 995 | POP3 over SSL (secure Post Office Protocol, version 3) |
| 1026 × | Windows Messenger - pop ups (spam) |
| 1194 | OpenVPN |
| 1214 × | Kazaa peer-to-peer file sharing |
| 1270 | Microsoft Operations Manager 2005 agent (MOM 2005) |
| 1352 | Lotus Notes/Domino mail routing |
| 1433–1434 | Microsoft SQL database system, monitor |
| 1503 | Windows Messenger - application sharing and whiteboard |
| 1512 | WINS (Windows Internet Name Service) |
| 1701 | VPN (Virtual Private Networking) over L2TP |
| 1723 | VPN (Virtual Private Networking) over PPTP |
| 1755 | MMS (Microsoft Media Services) for Windows Media Player |
| 1812–1813 | RADIUS authentication protocol |
| 1863 | Windows Live Messenger - instant messenging |
| 1900 | Microsoft SSDP Enables discovery of UPnP devices |
| 3074 | Xbox Live (Microsoft gaming console) |
| 3306 | MySQL database |
| 3389 | Remote Desktop Sharing (Microsoft Terminal Services), used for remote control |
| 4444 × | W32.BLASTER.WORM virus |
| 5004 | and up Windows Messenger - audio and video conferencing (port is chosen dynamically) |
| 5010 | Yahoo! Messenger |
| 5190 | AOL Instant Messenger |
| 5631, 5632 | pcAnywhere, used for remote control |
| 5800, 5801, 5900, 5901 | VNC (Virtual Network Computing), used for remote control |
| 6699 | Peer-to-peer file sharing, used by Napster-like programs |
| 6891–6901 | Windows Live Messenger - file transfer, voice |
| 6881–6999 | BitTorrent peer-to-peer file transfer clients |
Those ports marked with an × are commonly exploited by worms and other types of remote attacks. Unless you specifically need them, you should block them in your firewall or router.
Related Articles