TCP/UDP port cheat sheet, 60+ services, search by number or name, copy in one click, browser-only
- Runs locally
- Category Developer & DevOps
- Best for Formatting, validating, shrinking, or inspecting code-adjacent text.
| Port | Protocol | Service |
|---|---|---|
| TCP | FTP Data — Active-mode FTP file transfer channel. The control channel is on 21; the server opens 20 back to the client to push file bytes. Well-known 0-1023 | |
| TCP | File Transfer Protocol — FTP control channel: login, directory listing and transfer commands. Plaintext, so credentials travel unencrypted unless wrapped in FTPS. Well-known 0-1023 | |
| TCP | Secure Shell — Encrypted remote login and command execution. Also carries SCP, SFTP file transfer and git-over-ssh. The default target for any ssh user@host. Well-known 0-1023 | |
| TCP | Telnet — Legacy plaintext remote terminal. Everything including passwords is sent in the clear, so it is replaced by SSH almost everywhere. Well-known 0-1023 | |
| TCP | Simple Mail Transfer Protocol — Server-to-server email relay. Many home ISPs block outbound 25 to fight spam, so clients submit mail on 587 instead. Well-known 0-1023 | |
| TCP/UDP | Domain Name System — Name resolution. UDP for normal queries, TCP for large responses and zone transfers. Every domain lookup on the internet starts here. Well-known 0-1023 | |
| UDP | DHCP Server — The server side of automatic IP address assignment. The client broadcasts from 68 and the server answers on 67. Well-known 0-1023 | |
| UDP | DHCP Client — The client side of DHCP. A booting machine listens here for the lease offer that hands it an IP, gateway and DNS. Well-known 0-1023 | |
| UDP | Trivial File Transfer Protocol — Minimal UDP file transfer with no authentication. Used for PXE network boot and pushing firmware to routers and switches. Well-known 0-1023 | |
| TCP | HyperText Transfer Protocol — Unencrypted web traffic. Most public sites now redirect 80 to 443; it stays open mainly to perform that redirect to HTTPS. Well-known 0-1023 | |
| TCP | Post Office Protocol v3 — Downloads email from the server, traditionally deleting it after. Largely superseded by IMAP, which keeps mail on the server. Well-known 0-1023 | |
| UDP | Network Time Protocol — Clock synchronisation. A drifting clock breaks TLS certificate validation and TOTP two-factor codes, so NTP quietly matters a lot. Well-known 0-1023 | |
| TCP | Internet Message Access Protocol — Reads email while keeping it on the server, syncing folders and read state across devices. The encrypted variant IMAPS is on 993. Well-known 0-1023 | |
| UDP | Simple Network Management Protocol — Polls switches, routers and printers for metrics like interface counters and CPU load. Traps (alerts) go to the manager on 162. Well-known 0-1023 | |
| UDP | SNMP Trap — The alert channel of SNMP: devices push unsolicited trap notifications to the management station instead of waiting to be polled. Well-known 0-1023 | |
| TCP | Lightweight Directory Access Protocol — Directory queries and authentication, the backbone of Active Directory and corporate single sign-on. The TLS variant LDAPS is on 636. Well-known 0-1023 | |
| TCP | HTTP over TLS — Encrypted web traffic. The default for every modern site, also where HTTP/2 and HTTP/3 (over QUIC/UDP) negotiate. The most-opened port on the internet. Well-known 0-1023 | |
| TCP | SMB / Microsoft-DS — Windows file and printer sharing. A frequent ransomware vector (EternalBlue), so it should never be exposed to the public internet. Well-known 0-1023 | |
| TCP | SMTP over TLS — Mail submission wrapped in implicit TLS from the first byte. Came back into favour after 587-with-STARTTLS as a simpler always-encrypted option. Well-known 0-1023 | |
| UDP | Syslog — The classic UNIX log shipping protocol. Network devices and servers stream log lines to a central collector here, usually over UDP. Well-known 0-1023 | |
| TCP | Mail Submission (STARTTLS) — The modern port for an email client to submit outgoing mail, upgraded to TLS via STARTTLS. Use this, not 25, for sending from an app. Well-known 0-1023 | |
| TCP | LDAP over TLS — The encrypted form of LDAP directory access. Required when binding with credentials so they are not sniffed on the wire. Well-known 0-1023 | |
| TCP/UDP | DNS over TLS / QUIC — Encrypted DNS so resolvers and ISPs cannot read your lookups in plaintext. TCP for DoT, UDP for the newer DNS-over-QUIC. Well-known 0-1023 | |
| TCP | rsync Daemon — The native rsync daemon protocol for fast incremental file sync and mirroring, distinct from running rsync tunnelled over SSH on 22. Well-known 0-1023 | |
| TCP | FTPS Data — The data channel of FTP wrapped in implicit TLS. Pairs with the control channel on 990 to encrypt legacy file transfers. Well-known 0-1023 | |
| TCP | FTPS Control — FTP control channel with implicit TLS from connect. Encrypts the credentials and commands that plain FTP on 21 sends in the clear. Well-known 0-1023 | |
| TCP | IMAP over TLS — Encrypted IMAP. This is what a mail app actually connects to today for reading mail securely; plain 143 is rarely used directly. Well-known 0-1023 | |
| TCP | POP3 over TLS — Encrypted POP3 for downloading mail over TLS. The secure counterpart to plaintext 110. Well-known 0-1023 | |
| TCP | SOCKS Proxy — A general-purpose proxy that forwards arbitrary TCP (and UDP) connections, used for tunnelling, circumvention and ssh -D dynamic proxies. Registered 1024-49151 | |
| TCP | Microsoft SQL Server — The default listener for Microsoft SQL Server. Should sit behind a firewall; exposing it invites brute-force and injection scans. Registered 1024-49151 | |
| TCP | Oracle Database Listener — The Oracle TNS listener that brokers client connections to an Oracle database instance. Registered 1024-49151 | |
| TCP | PPTP VPN — An old Microsoft VPN protocol. Cryptographically broken and deprecated; modern setups use WireGuard or OpenVPN instead. Registered 1024-49151 | |
| TCP/UDP | Network File System — UNIX network file sharing that mounts remote directories as if local. Common in clusters and homelab NAS setups. Registered 1024-49151 | |
| TCP | Docker API (plain) — The unencrypted Docker daemon REST API. Anyone reaching it gets root on the host, so it must never be exposed without TLS on 2376. Registered 1024-49151 | |
| TCP | Docker API (TLS) — The TLS-protected Docker daemon API with mutual-certificate auth. The only safe way to expose Docker to a remote client. Registered 1024-49151 | |
| TCP | etcd Client API — The client API of etcd, the distributed key-value store behind Kubernetes. Peer traffic between etcd nodes uses 2380. Registered 1024-49151 | |
| TCP | Dev Server / Grafana — A de-facto default for local dev servers (Node, Next.js, Rails) and the Grafana dashboard. Not IANA-assigned, just convention. Registered 1024-49151 | |
| TCP | MySQL / MariaDB — The default port for MySQL and MariaDB. App code connects here; bind it to localhost or a private network rather than 0.0.0.0. Registered 1024-49151 | |
| TCP | Remote Desktop Protocol — Windows graphical remote desktop. A top brute-force and ransomware target, so put it behind a VPN rather than facing the internet. Registered 1024-49151 | |
| TCP/UDP | Session Initiation Protocol — Sets up and tears down VoIP calls and video sessions. The encrypted variant SIPS runs on 5061. Registered 1024-49151 | |
| TCP | PostgreSQL — The default port for PostgreSQL. Like any database port, keep it off the public internet and use SSL plus host-based auth. Registered 1024-49151 | |
| TCP | AMQP / RabbitMQ — The Advanced Message Queuing Protocol, the default for RabbitMQ brokers. The management web UI is on a separate port, 15672. Registered 1024-49151 | |
| TCP | Virtual Network Computing — Cross-platform graphical remote control. Display :0 is 5900, :1 is 5901, and so on. Tunnel it over SSH rather than exposing it raw. Registered 1024-49151 | |
| TCP | WinRM (HTTP) — Windows Remote Management over HTTP, used by PowerShell Remoting and Ansible to drive Windows hosts. The HTTPS variant is 5986. Registered 1024-49151 | |
| TCP | Redis — The default Redis port. Redis has no auth by default, so an exposed 6379 is a classic data-leak and crypto-mining entry point. Registered 1024-49151 | |
| TCP | Kubernetes API Server — The HTTPS endpoint of the Kubernetes control plane that kubectl and every controller talk to. Guard it with strong RBAC. Registered 1024-49151 | |
| TCP | Internet Relay Chat — The classic real-time text chat protocol still used by open-source communities. TLS-encrypted IRC commonly runs on 6697. Registered 1024-49151 | |
| TCP | HTTP Alternate / Dev — A common alternate HTTP port for local dev servers and Python http.server. Convention, not an IANA assignment for browsing. Registered 1024-49151 | |
| TCP | HTTP Alternate / Proxy — The most common alternate HTTP port: app servers behind a reverse proxy (Tomcat, Jenkins, many containers) and forward proxies listen here. Registered 1024-49151 | |
| TCP | HTTPS Alternate — A common alternate HTTPS port for admin consoles and app servers (Tomcat SSL, Kubernetes dashboards) that should not sit on 443. Registered 1024-49151 | |
| TCP | InfluxDB HTTP API — The HTTP API and write endpoint of InfluxDB, the time-series database often paired with Grafana for metrics dashboards. Registered 1024-49151 | |
| TCP | PHP-FPM / SonarQube — A heavily reused port: PHP-FPM FastCGI, the MinIO/SonarQube consoles and Portainer all default here, so collisions are common. Registered 1024-49151 | |
| TCP | Prometheus — The Prometheus monitoring server web UI and query API. It scrapes metrics from targets that usually expose them on 9100, 9091, etc. Registered 1024-49151 | |
| TCP | Apache Kafka — The default broker port for Apache Kafka. Producers and consumers connect here to publish and subscribe to event streams. Registered 1024-49151 | |
| TCP | Elasticsearch HTTP — The Elasticsearch / OpenSearch REST API. Node-to-node transport uses 9300. An open 9200 with no auth has leaked many databases. Registered 1024-49151 | |
| TCP/UDP | Memcached — An in-memory cache with no built-in auth. Its UDP side was abused for massive amplification DDoS, so bind it to localhost only. Registered 1024-49151 | |
| TCP | RabbitMQ Management UI — The web management dashboard for RabbitMQ, separate from the AMQP message port on 5672. Used to inspect queues and connections. Registered 1024-49151 | |
| TCP | Minecraft Server — The default port for a Java-edition Minecraft server. Friends connect to your IP on this port to join the world. Registered 1024-49151 | |
| TCP | MongoDB — The default MongoDB port. Early versions bound to 0.0.0.0 with no auth, causing famous mass ransom incidents — bind it privately. Registered 1024-49151 | |
| TCP/UDP | Source Engine Games — The default for Valve Source-engine game servers (Counter-Strike, Team Fortress 2). UDP carries gameplay, TCP the optional RCON console. Registered 1024-49151 | |
| UDP | WireGuard VPN — The default UDP port for WireGuard, the modern lightweight VPN. There is no listening TCP port; all traffic is UDP by design. Dynamic 49152-65535 |
What this tool does
A searchable cheat sheet of the network ports you actually run into. Type a port number (22, 443, 3306) or a service keyword (ssh, https, redis) and the table filters to matching rows instantly. Each row gives the port number, the transport protocol (TCP, UDP or both), the service name, a one-line plain-language note on what runs there, and the IANA range it belongs to: well-known (0-1023), registered (1024-49151) or dynamic (49152-65535). It covers 60+ services every developer and ops engineer meets: FTP 20/21, SSH 22, Telnet 23, SMTP 25, DNS 53, HTTP 80, POP3 110, IMAP 143, HTTPS 443, MySQL 3306, PostgreSQL 5432, Redis 6379, MongoDB 27017, RDP 3389, the 8080 proxy port, AMQP 5672, Elasticsearch 9200 and more. Click any port or service to copy it. The whole thing is a static table baked into the page, so there is no upload, no API call and no logging, and your search term rides in the URL so a filtered view is shareable. Use it to remember which port to open in a firewall, to label a docker-compose port mapping, or to recognise an unfamiliar port in a log line.
Tool details
- Input
- Form fields
- The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
- Output
- Live result + Copy
- The result area focuses on usable output, with copy, download, or preview actions when supported.
- Privacy
- Browser-side processing
- The main tool logic does not call an external API, so inputs normally stay in the current tab.
- Save / share
- Shareable URL state
- Key settings are encoded in the URL so another person can reopen the same setup.
- Performance budget
- Initial JS <= 12 KB
- No WASM budget is declared, keeping the tool quick to open on mobile.
- Best fit
- Developer & DevOps · Developer
- Category and role tags drive related tools, internal links, and quick fit checks.
How to use
-
1. Input
Paste or drop your content into the tool panel.
-
2. Process
Click the button. All processing is local in your browser.
-
3. Copy / Download
Copy the result or download to disk in one click.
How Common Ports Reference fits into your work
Use it in the small gaps between coding, reviewing, debugging, and shipping.
Developer jobs
- Formatting, validating, shrinking, or inspecting code-adjacent text.
- Preparing snippets for documentation, tickets, commits, or handoff.
- Checking a small payload quickly without switching tools.
Developer checks
- Run irreversible transforms like minify or obfuscate on a copy.
- Keep secrets out of pasted snippets unless the tool explicitly stays local.
- Use your normal tests or linter before shipping transformed code.
Good next steps
These links move the current task into a more complete workflow.
- 1 HTTP Status Code Explorer HTTP status code explorer — all 70+ codes with meaning, common causes, real examples, and what to check. Open
- 2 DNS Record Explainer DNS record explainer — all 18 common record types (A, AAAA, CNAME, MX, TXT, SRV, etc.) with syntax, examples, and gotchas. Open
- 3 IP Subnet Calculator (CIDR) Type an IPv4 CIDR and get network, broadcast, host range, mask, wildcard, class and subnet splits — browser-only. Open
Real-world use cases
Open the right port in a firewall or security group
You are writing a cloud security-group rule and need to allow your web app and its database. Search https to confirm 443, search postgres to confirm 5432, and open exactly those two inbound. The range tag reminds you that database ports are registered ports that should face a private subnet, not 0.0.0.0/0, so you scope the source range tightly instead of opening the world.
Label a docker-compose or Kubernetes port mapping
You are mapping container ports in a compose file and cannot recall whether Redis is 6379 or 6739. Search redis, copy 6379, and write the mapping with confidence. For a stack of services, look each one up in turn (Kafka 9092, RabbitMQ 5672 plus its 15672 UI, Elasticsearch 9200) so every published port in the file is the real default and nothing collides.
Recognise an unfamiliar port in a log or netstat output
A connection log shows traffic to port 11211 and you do not recognise it. Search the number here, find it is Memcached, read the note that its UDP side has been abused for amplification DDoS, and immediately know it should be bound to localhost. The reference turns a bare number in a log line into something you can act on.
Study for a networking certification or interview
Preparing for CompTIA Network+, Security+ or a systems interview means memorising the default ports cold. Filter by the well-known range to drill the 0-1023 classics, search by service to test yourself in reverse, and use the one-line notes to anchor each port to a real scenario instead of rote numbers, which is what an interviewer actually probes.
Common pitfalls
Assuming a port number is the same on TCP and UDP. They are separate address spaces; 53 TCP and 53 UDP can host different services. DNS uses both for different jobs, which is why several rows are marked TCP/UDP.
Reading the port off a log and assuming the standard service is what is running. The reference shows the conventional purpose; anything can bind any port. Verify with a live ss -tulpn or netstat -ano before you trust it.
Exposing a database or cache port (3306, 5432, 6379, 27017) to 0.0.0.0 on the public internet. These default to weak or no authentication; bind them to localhost or a private subnet and firewall them, or you join the long list of mass-ransom victims.
Confusing the well-known boundary. Well-known ports end at 1023, not 1024. Port 1024 is the first registered port. Off-by-one here trips people on certification exams and when reasoning about which ports need root to bind.
Privacy
This tool is a static port table compiled into the page. There is no server call, no scan of your machine, and no logging of what you search. The only data that can leave your browser is the optional shareable URL, which encodes your current search term (for example ?q=ssh) in the query string so a colleague lands on the same filtered view. That term is harmless for normal lookups, but query strings do show up in browser history and server access logs, so if you ever search something you would rather not record, copy the result manually instead of sharing the URL.
FAQ
Tool combos
Folks in your role tend to reach for these alongside this tool.
- Add Line Numbers Number every line of pasted text — set start, step and separator, zero-pad to align, skip blanks, or strip numbers back off — browser-only
- AES Text Encryptor Encrypt & decrypt text with a password — AES-256-GCM + PBKDF2 via WebCrypto — 100% in your browser, nothing uploaded
- Affine Cipher Encoder & Decoder Encrypt and decrypt the ax+b affine cipher with live modular-inverse check, browser-only
- Age Difference Calculator The exact gap between two birthdays — years/months/days, percentage, and the date one person is twice the other's age — browser-only