82 ports found
| Port | Protocol | Service | Description | Category | Security |
|---|---|---|---|---|---|
| 80 | TCP | HTTP | Hypertext Transfer Protocol (unencrypted) | Web | Insecure |
| 443 | TCP | HTTPS | HTTP over TLS/SSL (encrypted) | Web | Safe |
| 8080 | TCP | HTTP Alt | Alternative HTTP port, commonly used for proxies | Web | Caution |
| 8443 | TCP | HTTPS Alt | Alternative HTTPS port | Web | Safe |
| 25 | TCP | SMTP | Simple Mail Transfer Protocol (unencrypted) | Insecure | |
| 465 | TCP | SMTPS | SMTP over SSL (implicit TLS) | Safe | |
| 587 | TCP | SMTP Submission | Mail submission with STARTTLS | Safe | |
| 110 | TCP | POP3 | Post Office Protocol v3 (unencrypted) | Insecure | |
| 995 | TCP | POP3S | POP3 over SSL/TLS | Safe | |
| 143 | TCP | IMAP | Internet Message Access Protocol (unencrypted) | Insecure | |
| 993 | TCP | IMAPS | IMAP over SSL/TLS | Safe | |
| 20 | TCP | FTP Data | FTP data transfer channel | File Transfer | Insecure |
| 21 | TCP | FTP Control | FTP command/control channel (unencrypted) | File Transfer | Insecure |
| 22 | TCP | SFTP/SSH | Secure File Transfer over SSH | File Transfer | Safe |
| 69 | UDP | TFTP | Trivial File Transfer Protocol (no auth) | File Transfer | Insecure |
| 989 | TCP | FTPS Data | FTP data over TLS/SSL | File Transfer | Safe |
| 990 | TCP | FTPS Control | FTP control over TLS/SSL | File Transfer | Safe |
| 22 | TCP | SSH | Secure Shell for encrypted remote login | Remote Access | Safe |
| 23 | TCP | Telnet | Unencrypted remote terminal access | Remote Access | Insecure |
| 3389 | TCP | RDP | Microsoft Remote Desktop Protocol | Remote Access | Caution |
| 5900 | TCP | VNC | Virtual Network Computing remote display | Remote Access | Caution |
| 53 | TCP/UDP | DNS | Domain Name System resolution | DNS & Network | Caution |
| 67 | UDP | DHCP Server | Dynamic Host Configuration Protocol server | DNS & Network | Caution |
| 68 | UDP | DHCP Client | Dynamic Host Configuration Protocol client | DNS & Network | Caution |
| 123 | UDP | NTP | Network Time Protocol synchronization | DNS & Network | Caution |
| 161 | UDP | SNMP | Simple Network Management Protocol | DNS & Network | Caution |
| 162 | UDP | SNMP Trap | SNMP trap notifications | DNS & Network | Caution |
| 853 | TCP | DNS over TLS | Encrypted DNS queries over TLS | DNS & Network | Safe |
| 3306 | TCP | MySQL | MySQL / MariaDB database server | Database | Caution |
| 5432 | TCP | PostgreSQL | PostgreSQL database server | Database | Caution |
| 1433 | TCP | MSSQL | Microsoft SQL Server | Database | Caution |
| 1521 | TCP | Oracle DB | Oracle database listener | Database | Caution |
| 27017 | TCP | MongoDB | MongoDB NoSQL database | Database | Caution |
| 6379 | TCP | Redis | Redis in-memory data store | Database | Caution |
| 9200 | TCP | Elasticsearch | Elasticsearch REST API | Database | Caution |
| 5984 | TCP | CouchDB | Apache CouchDB REST API | Database | Caution |
| 9042 | TCP | Cassandra | Apache Cassandra CQL native transport | Database | Caution |
| 11211 | TCP | Memcached | Memcached distributed caching | Database | Caution |
| 500 | UDP | IKE | Internet Key Exchange for IPSec VPN | Security & VPN | Safe |
| 1194 | TCP/UDP | OpenVPN | OpenVPN tunneling protocol | Security & VPN | Safe |
| 1723 | TCP | PPTP | Point-to-Point Tunneling Protocol (weak encryption) | Security & VPN | Insecure |
| 4500 | UDP | IPSec NAT-T | IPSec NAT traversal | Security & VPN | Safe |
| 51820 | UDP | WireGuard | WireGuard modern VPN protocol | Security & VPN | Safe |
| 5222 | TCP | XMPP Client | XMPP/Jabber client connection | Messaging | Caution |
| 5269 | TCP | XMPP Server | XMPP server-to-server federation | Messaging | Caution |
| 6667 | TCP | IRC | Internet Relay Chat (unencrypted) | Messaging | Insecure |
| 6697 | TCP | IRC TLS | IRC over TLS/SSL | Messaging | Safe |
| 1883 | TCP | MQTT | Message Queuing Telemetry Transport (IoT) | Messaging | Caution |
| 8883 | TCP | MQTT TLS | MQTT over TLS/SSL | Messaging | Safe |
| 5672 | TCP | AMQP | Advanced Message Queuing Protocol (RabbitMQ) | Messaging | Caution |
| 5671 | TCP | AMQP TLS | AMQP over TLS/SSL | Messaging | Safe |
| 3000 | TCP | Dev Server | Common development server (Node.js, React) | Development | Caution |
| 4200 | TCP | Angular CLI | Angular development server default | Development | Caution |
| 5173 | TCP | Vite | Vite development server default | Development | Caution |
| 8000 | TCP | Python/PHP Dev | Common dev port for Python/PHP/Laravel | Development | Caution |
| 9090 | TCP | Prometheus | Prometheus monitoring web UI | Development | Caution |
| 3100 | TCP | Grafana Loki | Grafana Loki log aggregation | Development | Caution |
| 2375 | TCP | Docker (unenc) | Docker daemon API (unencrypted) | Container & Orchestration | Insecure |
| 2376 | TCP | Docker TLS | Docker daemon API over TLS | Container & Orchestration | Safe |
| 6443 | TCP | Kubernetes API | Kubernetes API server (HTTPS) | Container & Orchestration | Safe |
| 10250 | TCP | Kubelet | Kubernetes Kubelet API | Container & Orchestration | Caution |
| 2379 | TCP | etcd Client | etcd key-value store client API | Container & Orchestration | Caution |
| 2380 | TCP | etcd Peer | etcd peer-to-peer communication | Container & Orchestration | Caution |
| 8500 | TCP | Consul | HashiCorp Consul HTTP API | Container & Orchestration | Caution |
| 554 | TCP | RTSP | Real Time Streaming Protocol | Media | Caution |
| 1935 | TCP | RTMP | Real-Time Messaging Protocol (streaming) | Media | Caution |
| 8554 | TCP | RTSP Alt | Alternative RTSP port | Media | Caution |
| 3128 | TCP | Squid Proxy | Squid web proxy cache | Proxy & Load Balancing | Caution |
| 8081 | TCP | HTTP Proxy | Common HTTP proxy alternative port | Proxy & Load Balancing | Caution |
| 9443 | TCP | HTTPS Proxy | Alternative HTTPS proxy port | Proxy & Load Balancing | Safe |
| 514 | UDP | Syslog | System log message transport | Monitoring | Caution |
| 6514 | TCP | Syslog TLS | Syslog over TLS (encrypted) | Monitoring | Safe |
| 9100 | TCP | Node Exporter | Prometheus Node Exporter metrics | Monitoring | Caution |
| 3000 | TCP | Grafana | Grafana dashboards web UI | Monitoring | Caution |
| 5601 | TCP | Kibana | Kibana data visualization for Elasticsearch | Monitoring | Caution |
| 8080 | TCP | Jenkins | Jenkins CI/CD server default | CI/CD | Caution |
| 9000 | TCP | SonarQube | SonarQube code quality analysis | CI/CD | Caution |
| 8200 | TCP | Vault | HashiCorp Vault secrets management | CI/CD | Safe |
| 9092 | TCP | Kafka | Apache Kafka message broker | Message Queues | Caution |
| 4369 | TCP | EPMD | Erlang Port Mapper (RabbitMQ discovery) | Message Queues | Caution |
| 15672 | TCP | RabbitMQ Mgmt | RabbitMQ management web UI | Message Queues | Caution |
| 4222 | TCP | NATS | NATS messaging system | Message Queues | Caution |
How to Use the Port Reference Guide
- 1
Search by Port Number or Service Name
Type a port number like 443 or a service name like SSH into the search bar. The guide instantly filters results to show matching entries with protocol details, descriptions, and security ratings. - 2
Filter by Protocol or Category
Use the Protocol dropdown to narrow results to TCP-only or UDP-only ports. Select a Category filter to focus on a specific group such as Web, Database, Email, or File Transfer services. - 3
Review Security Ratings and Notes
Each port entry includes a security badge: Safe (encrypted or inherently secure), Caution (secure with proper configuration), or Insecure (plaintext or vulnerable by default). Click any entry to expand its detailed security notes and recommended alternatives. - 4
Apply Findings to Your Firewall Rules
Use the security information to build or audit your firewall configuration. Block insecure ports you do not need, allow only required services, and replace legacy protocols with their encrypted counterparts identified in the guide.
Common Use Cases
1
Firewall Configuration and Auditing
System administrators use this reference when writing or reviewing firewall rules. Quickly confirm which port a service needs, check whether the protocol is encrypted, and decide whether to allow, restrict, or block the traffic.
2
Penetration Testing and Security Assessments
Security professionals reference port assignments during network scans and vulnerability assessments. The security ratings help prioritize which open ports represent the highest risk and need immediate remediation.
3
Troubleshooting Network Connectivity
When a service fails to connect, engineers look up the expected port and protocol to verify that firewalls, load balancers, and security groups are configured correctly. The guide eliminates guesswork by providing definitive port-to-service mappings.
4
Cloud Infrastructure and Container Security
DevOps teams building AWS security groups, Azure NSGs, or Kubernetes network policies use this reference to define precise ingress and egress rules. Knowing the exact ports for services like PostgreSQL (5432), Redis (6379), or Elasticsearch (9200) prevents overly permissive configurations.
Why Use Port Reference Guide?
Understanding network ports is essential for system architects designing secure infrastructure, firewall administrators writing access control rules, and security teams performing penetration tests or incident response.
This interactive reference covers the most commonly used TCP and UDP ports with security ratings and detailed notes. Use it to quickly identify what services run on specific ports, assess their security implications, and make informed decisions about which ports to open or block in your firewall configurations.
The Port Reference Guide is a searchable, filterable database of common TCP and UDP network ports used across modern infrastructure. It covers well-known ports (0-1023) assigned by IANA, registered ports used by popular applications and databases, and service ports for protocols ranging from HTTP and SSH to MQTT and gRPC. Each entry includes the port number, protocol type, service name, a plain-language description, and a security rating that flags whether the default protocol is safe, requires caution, or is inherently insecure.
This tool is designed for system administrators writing firewall rules, security engineers running assessments, and DevOps teams configuring cloud security groups. Instead of searching through scattered documentation or memorizing port numbers, you get a single interactive reference with instant search and filtering. Combine it with the DNS Lookup tool to verify that domain names resolve to the correct IPs behind your firewall rules, or run the Security Headers Analyzer after opening web-facing ports to confirm your HTTP security headers are properly configured.
For deeper network analysis, use the Subnet Calculator to plan IP address ranges alongside your port configurations, check domain ownership with WHOIS Lookup, or verify SSL certificates on HTTPS ports using the SSL Certificate Checker. Everything runs in your browser with no data uploaded to external servers, making it safe to reference even when working with sensitive infrastructure details.
How It Compares
Traditional port references like the IANA Service Name and Transport Protocol Port Number Registry provide authoritative data but offer no filtering, no search, and no security context. Wikipedia port lists are comprehensive but lack interactivity and security ratings. Command-line tools like grep /etc/services or getent services work offline but show only port-to-service mappings without descriptions or security guidance.
The FindUtils Port Reference Guide combines the accuracy of official registries with interactive search, protocol and category filters, and color-coded security ratings. Unlike static reference pages, you can instantly narrow results to find exactly the port you need. The security notes provide actionable guidance on whether a port's default protocol is safe or should be replaced with an encrypted alternative. All processing is client-side, so it works on any device without installation, and you can use it freely without creating an account or paying for a subscription.
Tips for Network Port Security
1
Always replace insecure protocols with encrypted alternatives: use SSH (22) instead of Telnet (23), SFTP (22) instead of FTP (21), and HTTPS (443) instead of HTTP (80). 2
Apply the principle of least privilege to firewall rules. Only open the specific ports your services require, and restrict source IP ranges whenever possible. 3
Use port knocking or VPN access for sensitive management ports like SSH (22) and RDP (3389) to reduce exposure to brute-force attacks. 4
Run regular port scans on your own infrastructure with tools like nmap to detect unintended open ports or services that should have been decommissioned. 5
Document every open port in your infrastructure with a justification. Unexplained open ports are a common finding in security audits and penetration tests. Frequently Asked Questions
1
What is a network port?
A network port is a virtual endpoint for communication. It's a 16-bit number (0-65535) that identifies a specific process or service on a device. When combined with an IP address, a port creates a unique socket for network communication. For example, web servers typically listen on port 443 (HTTPS).
2
What is the difference between TCP and UDP?
TCP (Transmission Control Protocol) provides reliable, ordered delivery with error checking and flow control. It's used for web browsing, email, and file transfers. UDP (User Datagram Protocol) is faster but unreliable — it doesn't guarantee delivery or order. It's used for DNS queries, video streaming, and gaming.
3
Which ports should I block in my firewall?
Block all ports that aren't needed for your services. Common ports to block include: 23 (Telnet - unencrypted), 21 (FTP - unencrypted), 135-139 (NetBIOS), 445 (SMB), and 1433/3306 (databases) from external access. Always use the principle of least privilege — only open ports that are absolutely necessary.
4
What are well-known ports?
Well-known ports (0-1023) are assigned by IANA for common services. Registered ports (1024-49151) are for vendor applications. Dynamic/private ports (49152-65535) are used for temporary connections. On Unix/Linux systems, binding to well-known ports requires root privileges.
5
How do I check which ports are open on my server?
Use `netstat -tlnp` or `ss -tlnp` on Linux to see listening ports. On Windows, use `netstat -an`. For external scanning, tools like nmap can probe a host's open ports. Always ensure you have authorization before scanning — unauthorized port scanning may violate security policies or laws.