Network Ports & Protocols
A static reference for common TCP and UDP ports with service context, security notes, firewall commands, and Nmap checks.
Use the port number as the first triage step
Port numbers narrow down which protocol stack, daemon, and access policy you should inspect first. This directory focuses on high-utility ports developers, operators, and security teams actually encounter when they troubleshoot listeners, firewall rules, and exposed services.
Curated TCP and UDP entries with Nmap checks, firewall commands, and risk context.
Vulnerable Port Profiles
- 20Vulnerable
FTP Data
TCP
FTP data channels move file payloads after the control connection negotiates a transfer session.
Quick Checknmap -sV -p 20 <host> - 21Vulnerable
FTP Control
TCP
Port 21 handles FTP authentication and command negotiation for file servers and legacy transfer workflows.
Quick Checknmap -sV -p 21 <host> - 23Vulnerable
Telnet
TCP
Telnet provides remote terminal access without transport encryption, which is why modern systems usually disable it.
Quick Checknmap -sV -p 23 <host> - 69Vulnerable
TFTP
UDP
TFTP is a lightweight file transfer protocol often used for boot images and network appliance provisioning.
Quick Checknmap -sU -p 69 <host> - 111Vulnerable
RPCbind
TCP/UDP
RPCbind maps ONC RPC services to dynamic ports and often appears on Unix and NFS-heavy networks.
Quick Checknmap -sS -sU -p 111 <host> - 135Vulnerable
MS RPC
TCP
Microsoft RPC endpoint mapping supports Windows administration and many domain-integrated services.
Quick Checknmap -sV -p 135 <host> - 137Vulnerable
NetBIOS Name Service
UDP
NetBIOS name resolution helps older Windows networks discover hosts and shared services.
Quick Checknmap -sU -p 137 <host> - 138Vulnerable
NetBIOS Datagram
UDP
NetBIOS datagrams support legacy browsing and messaging behavior on older Windows networks.
Quick Checknmap -sU -p 138 <host> - 139Vulnerable
NetBIOS Session Service
TCP
NetBIOS sessions carry Windows file and printer sharing traffic in legacy environments.
Quick Checknmap -sV -p 139 <host> - 161Vulnerable
SNMP
UDP
SNMP exposes monitoring and device-management data for switches, routers, printers, and appliances.
Quick Checknmap -sU -p 161 <host> - 445Vulnerable
SMB
TCP
SMB powers Windows file sharing, printer access, and some Active Directory-adjacent workflows.
Quick Checknmap -sV -p 445 <host> - 1433Vulnerable
Microsoft SQL Server
TCP
Port 1433 is the default listener for Microsoft SQL Server instances and application data access.
Quick Checknmap -sV -p 1433 <host> - 1521Vulnerable
Oracle Database
TCP
Oracle listeners use port 1521 for client connectivity, service discovery, and administration handshakes.
Quick Checknmap -sV -p 1521 <host> - 2049Vulnerable
NFS
TCP/UDP
NFS exports remote filesystems to Unix and Linux hosts over trusted internal networks.
Quick Checknmap -sS -sU -p 2049 <host> - 2375Vulnerable
Docker API (Insecure)
TCP
Port 2375 exposes the Docker daemon without TLS and should not be reachable from untrusted networks.
Quick Checknmap -sV -p 2375 <host> - 3306Vulnerable
MySQL
TCP
MySQL servers listen on port 3306 for application queries, replication, and administrative access.
Quick Checknmap -sV -p 3306 <host> - 3389Vulnerable
RDP
TCP
Remote Desktop Protocol enables graphical remote administration of Windows systems.
Quick Checknmap -sV -p 3389 <host> - 5432Vulnerable
PostgreSQL
TCP
PostgreSQL uses port 5432 for SQL traffic, replication, and operational tooling.
Quick Checknmap -sV -p 5432 <host> - 5900Vulnerable
VNC
TCP
VNC exposes remote desktop control and is often paired with weak authentication or flat-network deployment.
Quick Checknmap -sV -p 5900 <host> - 6379Vulnerable
Redis
TCP
Redis serves caching, queues, and ephemeral data, but should rarely be exposed beyond trusted application networks.
Quick Checknmap -sV -p 6379 <host> - 9200Vulnerable
Elasticsearch
TCP
Elasticsearch exposes REST APIs and cluster management features on port 9200.
Quick Checknmap -sV -p 9200 <host> - 27017Vulnerable
MongoDB
TCP
MongoDB instances use port 27017 for database traffic, replication, and admin tooling.
Quick Checknmap -sV -p 27017 <host>
Unknown Port Profiles
- 25Unknown
SMTP
TCP
SMTP routes outbound mail between applications, relays, and mail transfer agents.
Quick Checknmap -sV -p 25 <host> - 53Unknown
DNS
TCP/UDP
DNS resolves hostnames, serves zone transfers, and supports service discovery across most networks.
Quick Checknmap -sS -sU -p 53 <host> - 67Unknown
DHCP Server
UDP
DHCP servers assign IP leases and hand out network configuration to clients on boot.
Quick Checknmap -sU -p 67 <host> - 68Unknown
DHCP Client
UDP
DHCP clients listen for lease offers and renewal traffic after broadcast discovery.
Quick Checknmap -sU -p 68 <host> - 110Unknown
POP3
TCP
POP3 lets mail clients download messages from remote mailboxes for local storage.
Quick Checknmap -sV -p 110 <host> - 123Unknown
NTP
UDP
NTP keeps hosts synchronized to authoritative time sources so logs, certs, and scheduled jobs remain trustworthy.
Quick Checknmap -sU -p 123 <host> - 143Unknown
IMAP
TCP
IMAP keeps messages on the server while synchronizing mailbox state across multiple clients.
Quick Checknmap -sV -p 143 <host> - 179Unknown
BGP
TCP
BGP sessions exchange routing information between autonomous systems and edge routers.
Quick Checknmap -sV -p 179 <host> - 389Unknown
LDAP
TCP/UDP
LDAP backs identity lookups, directory queries, and authentication workflows across enterprise systems.
Quick Checknmap -sS -sU -p 389 <host> - 514Unknown
Syslog
UDP
Syslog forwards operational events and device logs into central observability pipelines.
Quick Checknmap -sU -p 514 <host> - 631Unknown
IPP / CUPS
TCP
IPP manages print jobs and printer capabilities on Unix, macOS, and many office networks.
Quick Checknmap -sV -p 631 <host> - 2376Unknown
Docker API (TLS)
TCP
Port 2376 is the TLS-protected Docker API endpoint for remote daemon management.
Quick Checknmap -sV -p 2376 <host> - 8080Unknown
HTTP Alternate
TCP
Port 8080 often fronts application servers, proxies, admin panels, and development deployments.
Quick Checknmap -sV -p 8080 <host> - 8443Unknown
HTTPS Alternate
TCP
Port 8443 is a common TLS alternative for admin consoles, sidecar apps, and internal web tools.
Quick Checknmap -sV -p 8443 <host> - 9092Unknown
Apache Kafka
TCP
Kafka brokers use port 9092 for client traffic, producers, consumers, and cluster-adjacent integrations.
Quick Checknmap -sV -p 9092 <host>
Safe Port Profiles
- 22Safe
SSH / SFTP
TCP
SSH secures interactive shell access, tunneling, and SFTP transfers for servers and infrastructure tooling.
Quick Checknmap -sV -p 22 <host> - 80Safe
HTTP
TCP
HTTP serves unencrypted web traffic and remains common behind reverse proxies, load balancers, and redirect rules.
Quick Checknmap -sV -p 80 <host> - 443Safe
HTTPS
TCP
HTTPS secures web applications and APIs with TLS, making it the default entry point for production internet traffic.
Quick Checknmap -sV -p 443 <host> - 465Safe
SMTPS
TCP
SMTPS wraps SMTP in TLS from connection start for encrypted mail submission and relay paths.
Quick Checknmap -sV -p 465 <host> - 587Safe
SMTP Submission
TCP
Port 587 is the standard authenticated submission port for outbound email clients and apps.
Quick Checknmap -sV -p 587 <host> - 636Safe
LDAPS
TCP
LDAPS protects directory queries and authentication traffic with TLS from connection start.
Quick Checknmap -sV -p 636 <host> - 993Safe
IMAPS
TCP
IMAPS secures mailbox synchronization for clients that keep server-side message state.
Quick Checknmap -sV -p 993 <host> - 995Safe
POP3S
TCP
POP3S protects POP mailbox retrieval with TLS from the start of the session.
Quick Checknmap -sV -p 995 <host>