Back to Free Tools
Well-Known Ports Reference
Well-known ports (0–1023) are the TCP/UDP port numbers reserved by IANA for system-level services like SSH (22), HTTPS (443), and DNS (53). This searchable reference covers ~150 of the most common ports a pentester or sysadmin actually encounters — from web (80, 443, 8080) and databases (3306, 5432, 27017) to ICS/SCADA (102, 502) and out-of-band management (623, 5985, 5986).
Each entry includes the transport, common service name, a one-line description (with relevant attack-surface notes where they exist), and a category for quick filtering. Click any port number to copy it.
170 ports
| Port | Transport | Service | Description | Category |
|---|---|---|---|---|
| tcp/udp | echo | Echo Protocol — sends back received data. Often disabled but historically abused for amplification. | Other | |
| tcp/udp | discard | Discard Protocol — silently drops received data. | Other | |
| tcp/udp | daytime | Daytime Protocol — returns the current date and time. | Other | |
| tcp/udp | qotd | Quote of the Day — returns a quote string. Amplification vector. | Other | |
| tcp/udp | chargen | Character Generator Protocol. Common DDoS amplification source. | Other | |
| tcp | ftp-data | FTP active-mode data channel. | File transfer | |
| tcp | ftp | File Transfer Protocol control channel. Plain-text auth. | File transfer | |
| tcp | ssh | Secure Shell. SFTP and SCP also run over this port. | Remote access | |
| tcp | telnet | Telnet — plain-text remote shell. Should never be exposed. | Remote access | |
| tcp | smtp | Simple Mail Transfer Protocol — server-to-server mail relay. | ||
| tcp/udp | time | Time Protocol — returns time as 32-bit integer since 1900. | Other | |
| tcp/udp | nameserver | WINS / Host Name Server. | Naming / discovery | |
| tcp | whois | WHOIS protocol — domain and IP registration lookups. | Naming / discovery | |
| tcp/udp | tacacs | TACACS+ login and AAA. Used by Cisco/network gear. | Authentication | |
| tcp/udp | dns | Domain Name System. UDP for queries; TCP for zone transfers and large responses. | Naming / discovery | |
| udp | dhcp-server | DHCP server (BOOTP). | Naming / discovery | |
| udp | dhcp-client | DHCP client (BOOTP). | Naming / discovery | |
| udp | tftp | Trivial FTP. No authentication. Often used by network gear for firmware. | File transfer | |
| tcp | gopher | Gopher protocol — predecessor to HTTP. SSRF gadget for some services. | Web | |
| tcp | finger | Finger user info service. Information-disclosure risk. | Other | |
| tcp | http | Hypertext Transfer Protocol — unencrypted web traffic. | Web | |
| tcp/udp | kerberos | Kerberos authentication system. Critical AD service. | Authentication | |
| tcp | iso-tsap | ISO-TSAP / Siemens S7 PLC. ICS/SCADA target. | IoT / ICS | |
| tcp | pop3 | Post Office Protocol v3. Plain-text mail retrieval. | ||
| tcp/udp | sunrpc | Sun RPC / portmapper / rpcbind. Enumerates RPC services. | Other | |
| tcp | ident | Identification Protocol (RFC 1413). | Authentication | |
| tcp | nntp | Network News Transfer Protocol. | Messaging | |
| udp | ntp | Network Time Protocol. Amplification vector when monlist is enabled. | Other | |
| tcp | msrpc | Microsoft RPC Endpoint Mapper (epmap). DCOM, WMI, Exchange. | Remote access | |
| udp | netbios-ns | NetBIOS Name Service. Information disclosure on Windows. | Naming / discovery | |
| udp | netbios-dgm | NetBIOS Datagram Service. | Messaging | |
| tcp | netbios-ssn | NetBIOS Session Service. SMB over NetBIOS. | File transfer | |
| tcp | imap | Internet Message Access Protocol. Plain-text mail. | ||
| udp | snmp | Simple Network Management Protocol. Default community strings: public/private. | Monitoring | |
| udp | snmptrap | SNMP traps — async event notifications. | Monitoring | |
| tcp | bgp | Border Gateway Protocol. Internet routing. | Naming / discovery | |
| tcp | irc | Internet Relay Chat. | Messaging | |
| tcp | imap3 | IMAP v3 (deprecated; v4 uses 143). | ||
| tcp | bgmp | Border Gateway Multicast Protocol. Check Point firewall management. | Naming / discovery | |
| tcp/udp | ldap | Lightweight Directory Access Protocol. AD directory queries. | Directory | |
| tcp/udp | svrloc | Service Location Protocol (SLP). Amplification vector. | Naming / discovery | |
| tcp | https | HTTP over TLS. Also used for QUIC/HTTP3 over UDP. | Web | |
| tcp | microsoft-ds | SMB over TCP. EternalBlue, PrintNightmare, ZeroLogon vector. | File transfer | |
| tcp/udp | kpasswd | Kerberos password change. | Authentication | |
| tcp | smtps | Legacy SMTP over TLS (deprecated; submission now uses 587 with STARTTLS). | ||
| udp | isakmp | IPsec ISAKMP / IKE. Aggressive-mode auth weaknesses. | VPN / proxy | |
| tcp | modbus | Modbus over TCP. Common ICS/PLC protocol — typically unauthenticated. | IoT / ICS | |
| tcp | exec | rexec — Unix remote execution. Plain-text auth. | Remote access | |
| tcp | login | rlogin — Unix remote login. Plain-text. | Remote access | |
| udp | syslog | Syslog (UDP). TCP variant exists on the same port. | Monitoring | |
| tcp | lpd | Line Printer Daemon (BSD print service). | Other | |
| udp | rip | Routing Information Protocol v1/v2. | Naming / discovery | |
| tcp | uucp | Unix-to-Unix Copy Protocol. | File transfer | |
| udp | dhcpv6-client | DHCPv6 client. | Naming / discovery | |
| udp | dhcpv6-server | DHCPv6 server. | Naming / discovery | |
| tcp | afp | Apple Filing Protocol — macOS file sharing. | File transfer | |
| tcp/udp | rtsp | Real Time Streaming Protocol. IP cameras and DVRs. | IoT / ICS | |
| tcp | submission | SMTP submission with STARTTLS — modern outbound mail port. | ||
| tcp | http-rpc-epmap | HTTP RPC Endpoint Mapper (DCOM over HTTP). | Remote access | |
| udp | ipmi | IPMI / iDRAC / iLO — out-of-band server management. RAKP authentication weaknesses. | Monitoring | |
| tcp | ipp | Internet Printing Protocol (CUPS). Often exposes printer queues. | Other | |
| tcp | ldaps | LDAP over TLS. | Directory | |
| tcp | rsync | rsync daemon. Often exposes filesystems without auth. | File transfer | |
| tcp | vmware-auth | VMware authentication daemon. | Remote access | |
| tcp | ftps-data | FTP over TLS — data channel (implicit TLS). | File transfer | |
| tcp | ftps | FTP over TLS — control channel (implicit TLS). | File transfer | |
| tcp | imaps | IMAP over TLS. | ||
| tcp | pop3s | POP3 over TLS. | ||
| tcp | socks | SOCKS proxy. | VPN / proxy | |
| tcp | rmi-registry | Java RMI registry. Frequent RCE vector via deserialization. | Remote access | |
| udp | openvpn | OpenVPN default port. | VPN / proxy | |
| tcp | nessus | Nessus vulnerability scanner. | Monitoring | |
| tcp | dell-openmanage | Dell OpenManage Server Administrator web GUI. | Monitoring | |
| tcp | lotusnotes | IBM Lotus Notes / Domino. | ||
| tcp | mssql | Microsoft SQL Server. | Database | |
| udp | mssql-monitor | Microsoft SQL Server browser/monitor. | Database | |
| tcp | oracle | Oracle TNS listener. | Database | |
| udp | l2tp | Layer 2 Tunneling Protocol. | VPN / proxy | |
| tcp | pptp | PPTP VPN. MS-CHAPv2 vulnerable to brute force. | VPN / proxy | |
| udp | radius | RADIUS authentication. | Authentication | |
| udp | radius-acct | RADIUS accounting. | Authentication | |
| tcp | mqtt | MQTT message broker (unencrypted). IoT staple. | IoT / ICS | |
| udp | ssdp | SSDP / UPnP discovery. Common amplification vector. | Naming / discovery | |
| tcp/udp | nfs | Network File System. | File transfer | |
| tcp | cpanel | cPanel control panel (HTTP). | Web | |
| tcp | cpanel-ssl | cPanel control panel (HTTPS). | Web | |
| tcp | whm | WebHost Manager (HTTP). | Web | |
| tcp | whm-ssl | WebHost Manager (HTTPS). | Web | |
| tcp | cpanel-webmail | cPanel webmail (HTTP). | ||
| tcp | cpanel-webmail-ssl | cPanel webmail (HTTPS). | ||
| tcp | zookeeper | Apache ZooKeeper client port. | Messaging | |
| tcp | directadmin | DirectAdmin control panel. Also common SSH alternate. | Remote access | |
| tcp | docker | Docker daemon (unencrypted). RCE if exposed. | Containers | |
| tcp | docker-ssl | Docker daemon (TLS). | Containers | |
| tcp | oracle-listener | Oracle DB listener (alternate). | Database | |
| tcp | oracle-listener-ssl | Oracle DB listener over SSL. | Database | |
| tcp | sybase | Sybase / SAP ASE SQL. | Database | |
| tcp | dev-server | Common dev-server default (Node, Rails, Grafana). | Web | |
| tcp | squid | Squid HTTP proxy. | VPN / proxy | |
| tcp | iscsi | iSCSI target. | File transfer | |
| tcp | globalcat-ldap | Active Directory Global Catalog (LDAP). | Directory | |
| tcp | globalcat-ldaps | Active Directory Global Catalog (LDAPS). | Directory | |
| tcp | mysql | MySQL / MariaDB. | Database | |
| tcp/udp | rdp | Remote Desktop Protocol. BlueKeep, NLA bypass. | Remote access | |
| tcp/udp | stun | STUN / TURN — WebRTC NAT traversal. | Voice / video | |
| udp | ws-discovery | WS-Discovery. Printer/IoT amplification. | Naming / discovery | |
| tcp | epmd | Erlang Port Mapper Daemon. RabbitMQ, CouchDB, ejabberd backend. | Messaging | |
| tcp | metasploit | Metasploit handler default. | Other | |
| udp | ipsec-nat-t | IPsec NAT-Traversal. | VPN / proxy | |
| udp | vxlan | VXLAN overlay encapsulation. | VPN / proxy | |
| tcp | glassfish-admin | GlassFish/Payara application server admin. | Web | |
| tcp | upnp | UPnP, Flask dev server, Docker registry. | Web | |
| tcp/udp | sip | Session Initiation Protocol — VoIP signaling. | Voice / video | |
| tcp | sip-tls | SIP over TLS. | Voice / video | |
| tcp | xmpp-client | XMPP / Jabber client-to-server. | Messaging | |
| tcp | xmpp-server | XMPP server-to-server. | Messaging | |
| udp | mdns | Multicast DNS / Bonjour. | Naming / discovery | |
| tcp/udp | llmnr | Link-Local Multicast Name Resolution. NTLM relay vector. | Naming / discovery | |
| tcp | postgresql | PostgreSQL. | Database | |
| tcp | vnc-listener | VNC reverse-listener. | Remote access | |
| tcp | kibana | Kibana web UI. | Monitoring | |
| tcp | amqp | AMQP / RabbitMQ. | Messaging | |
| udp | coap | Constrained Application Protocol — IoT. | IoT / ICS | |
| tcp | vnc-http | VNC over HTTP (Java applet). | Remote access | |
| tcp | vnc | VNC default port. Often unauthenticated. | Remote access | |
| tcp | couchdb | CouchDB HTTP API. | Database | |
| tcp | winrm | Windows Remote Management (HTTP). | Remote access | |
| tcp | winrm-ssl | Windows Remote Management (HTTPS). | Remote access | |
| tcp | x11 | X Window System (display 0). Keylogging if unauthenticated. | Remote access | |
| tcp | redis | Redis. Often unauthenticated; RCE via SSH key write or module load. | Database | |
| tcp | kubernetes-api | Kubernetes API server. | Containers | |
| tcp | irc | IRC default port. | Messaging | |
| tcp/udp | bittorrent | BitTorrent default range start. | File transfer | |
| tcp/udp | bittorrent-tracker | BitTorrent tracker. | File transfer | |
| tcp | cassandra | Cassandra inter-node. | Database | |
| tcp | weblogic | Oracle WebLogic. Many historic deserialization RCEs. | Web | |
| tcp | spark | Apache Spark master. | Messaging | |
| tcp | tr069 | TR-069 / CWMP — ISP-managed CPE protocol. Routinely abused. | IoT / ICS | |
| tcp | http-alt | Common dev-server alternate (Django, Python http.server, Shoutcast). | Web | |
| tcp | http-alt | HTTP alternate. | Web | |
| tcp | http-proxy | HTTP alternate / proxy / Tomcat / Jenkins default. | Web | |
| tcp | influxdb | InfluxDB HTTP API. | Database | |
| tcp | hadoop | Hadoop YARN ResourceManager. | Messaging | |
| tcp | splunk | Splunk Web (alternate). | Monitoring | |
| tcp | confluence | Atlassian Confluence (legacy default). | Web | |
| tcp | home-assistant | Home Assistant web UI. | IoT / ICS | |
| tcp | vault | HashiCorp Vault. | Authentication | |
| tcp | bitcoin | Bitcoin P2P. | Messaging | |
| tcp | https-alt | HTTPS alternate / Tomcat / VMware vCenter. | Web | |
| tcp | consul | HashiCorp Consul HTTP API. | Monitoring | |
| tcp | http-alt | HTTP alternate / Jupyter Notebook / Tornado. | Web | |
| tcp | solr | Apache Solr admin. | Database | |
| tcp | php-fpm | PHP-FPM / SonarQube / Portainer. | Web | |
| tcp | cassandra-cql | Cassandra CQL native protocol. | Database | |
| tcp | prometheus | Prometheus / Cockpit / OpenShift. | Monitoring | |
| tcp | kafka | Apache Kafka broker. | Messaging | |
| tcp | node-exporter | Prometheus node_exporter / RAW print (JetDirect). | Monitoring | |
| tcp | elasticsearch | Elasticsearch HTTP API. | Database | |
| tcp | elasticsearch-transport | Elasticsearch inter-node transport. | Database | |
| tcp | git | Git daemon. | File transfer | |
| tcp | jmx | JMX (Java Management Extensions). Frequent RCE. | Remote access | |
| tcp | webmin | Webmin admin panel. | Remote access | |
| tcp/udp | memcached | Memcached. Major UDP amplification vector. | Database | |
| tcp | rabbitmq-mgmt | RabbitMQ management plugin. | Messaging | |
| tcp | minecraft | Minecraft Java edition. | Gaming | |
| tcp | mongodb | MongoDB. Often exposed without auth. | Database | |
| tcp | mongodb-shard | MongoDB sharding. | Database | |
| tcp | mongodb-http | MongoDB HTTP status (legacy). | Database | |
| udp | bacnet | BACnet — building automation. | IoT / ICS | |
| tcp | sap | SAP NetWeaver dispatcher. | Web |
Why this list
Security-focused
Descriptions call out attack-surface notes (default community strings, common RCE vectors, amplification potential) where relevant.
Curated, not exhaustive
IANA registers ~14,000 ports. This list covers the ports you actually see in pentests — system services, common vendors, ICS, and modern SaaS infrastructure.
Search the way you think
Search matches port numbers, service names, descriptions, and transports simultaneously — so "3389", "rdp", and "remote desktop" all work.