Skip to main content

Common Ports Reference — TCP/UDP Port Number Lookup

TCP/UDP port cheat sheet, 60+ services, search by number or name, copy in one click, browser-only

  • Runs locally
  • Category Developer & DevOps
  • Best for Formatting, validating, shrinking, or inspecting code-adjacent text.
Range:Well-known 0-1023Registered 1024-49151Dynamic 49152-65535
122 of 122 ports
PortProtocolService
TCP
FTP DataActive-mode FTP file transfer channel. The control channel is on 21; the server opens 20 back to the client to push file bytes.
Well-known 0-1023
TCP
File Transfer ProtocolFTP control channel: login, directory listing and transfer commands. Plaintext, so credentials travel unencrypted unless wrapped in FTPS.
Well-known 0-1023
TCP
Secure ShellEncrypted remote login and command execution. Also carries SCP, SFTP file transfer and git-over-ssh. The default target for any ssh user@host.
Well-known 0-1023
TCP
TelnetLegacy plaintext remote terminal. Everything including passwords is sent in the clear, so it is replaced by SSH almost everywhere.
Well-known 0-1023
TCP
Simple Mail Transfer ProtocolServer-to-server email relay. Many home ISPs block outbound 25 to fight spam, so clients submit mail on 587 instead.
Well-known 0-1023
TCP/UDP
Domain Name SystemName resolution. UDP for normal queries, TCP for large responses and zone transfers. Every domain lookup on the internet starts here.
Well-known 0-1023
UDP
DHCP ServerThe server side of automatic IP address assignment. The client broadcasts from 68 and the server answers on 67.
Well-known 0-1023
UDP
DHCP ClientThe client side of DHCP. A booting machine listens here for the lease offer that hands it an IP, gateway and DNS.
Well-known 0-1023
UDP
Trivial File Transfer ProtocolMinimal UDP file transfer with no authentication. Used for PXE network boot and pushing firmware to routers and switches.
Well-known 0-1023
TCP
HyperText Transfer ProtocolUnencrypted web traffic. Most public sites now redirect 80 to 443; it stays open mainly to perform that redirect to HTTPS.
Well-known 0-1023
TCP
Post Office Protocol v3Downloads email from the server, traditionally deleting it after. Largely superseded by IMAP, which keeps mail on the server.
Well-known 0-1023
UDP
Network Time ProtocolClock synchronisation. A drifting clock breaks TLS certificate validation and TOTP two-factor codes, so NTP quietly matters a lot.
Well-known 0-1023
TCP
Internet Message Access ProtocolReads email while keeping it on the server, syncing folders and read state across devices. The encrypted variant IMAPS is on 993.
Well-known 0-1023
UDP
Simple Network Management ProtocolPolls switches, routers and printers for metrics like interface counters and CPU load. Traps (alerts) go to the manager on 162.
Well-known 0-1023
UDP
SNMP TrapThe alert channel of SNMP: devices push unsolicited trap notifications to the management station instead of waiting to be polled.
Well-known 0-1023
TCP
Lightweight Directory Access ProtocolDirectory queries and authentication, the backbone of Active Directory and corporate single sign-on. The TLS variant LDAPS is on 636.
Well-known 0-1023
TCP
HTTP over TLSEncrypted web traffic. The default for every modern site, also where HTTP/2 and HTTP/3 (over QUIC/UDP) negotiate. The most-opened port on the internet.
Well-known 0-1023
TCP
SMB / Microsoft-DSWindows file and printer sharing. A frequent ransomware vector (EternalBlue), so it should never be exposed to the public internet.
Well-known 0-1023
TCP
SMTP over TLSMail submission wrapped in implicit TLS from the first byte. Came back into favour after 587-with-STARTTLS as a simpler always-encrypted option.
Well-known 0-1023
UDP
SyslogThe classic UNIX log shipping protocol. Network devices and servers stream log lines to a central collector here, usually over UDP.
Well-known 0-1023
TCP
Mail Submission (STARTTLS)The modern port for an email client to submit outgoing mail, upgraded to TLS via STARTTLS. Use this, not 25, for sending from an app.
Well-known 0-1023
TCP
LDAP over TLSThe encrypted form of LDAP directory access. Required when binding with credentials so they are not sniffed on the wire.
Well-known 0-1023
TCP/UDP
DNS over TLS / QUICEncrypted DNS so resolvers and ISPs cannot read your lookups in plaintext. TCP for DoT, UDP for the newer DNS-over-QUIC.
Well-known 0-1023
TCP
rsync DaemonThe native rsync daemon protocol for fast incremental file sync and mirroring, distinct from running rsync tunnelled over SSH on 22.
Well-known 0-1023
TCP
FTPS DataThe data channel of FTP wrapped in implicit TLS. Pairs with the control channel on 990 to encrypt legacy file transfers.
Well-known 0-1023
TCP
FTPS ControlFTP control channel with implicit TLS from connect. Encrypts the credentials and commands that plain FTP on 21 sends in the clear.
Well-known 0-1023
TCP
IMAP over TLSEncrypted IMAP. This is what a mail app actually connects to today for reading mail securely; plain 143 is rarely used directly.
Well-known 0-1023
TCP
POP3 over TLSEncrypted POP3 for downloading mail over TLS. The secure counterpart to plaintext 110.
Well-known 0-1023
TCP
SOCKS ProxyA general-purpose proxy that forwards arbitrary TCP (and UDP) connections, used for tunnelling, circumvention and ssh -D dynamic proxies.
Registered 1024-49151
TCP
Microsoft SQL ServerThe default listener for Microsoft SQL Server. Should sit behind a firewall; exposing it invites brute-force and injection scans.
Registered 1024-49151
TCP
Oracle Database ListenerThe Oracle TNS listener that brokers client connections to an Oracle database instance.
Registered 1024-49151
TCP
PPTP VPNAn old Microsoft VPN protocol. Cryptographically broken and deprecated; modern setups use WireGuard or OpenVPN instead.
Registered 1024-49151
TCP/UDP
Network File SystemUNIX network file sharing that mounts remote directories as if local. Common in clusters and homelab NAS setups.
Registered 1024-49151
TCP
Docker API (plain)The unencrypted Docker daemon REST API. Anyone reaching it gets root on the host, so it must never be exposed without TLS on 2376.
Registered 1024-49151
TCP
Docker API (TLS)The TLS-protected Docker daemon API with mutual-certificate auth. The only safe way to expose Docker to a remote client.
Registered 1024-49151
TCP
etcd Client APIThe client API of etcd, the distributed key-value store behind Kubernetes. Peer traffic between etcd nodes uses 2380.
Registered 1024-49151
TCP
Dev Server / GrafanaA de-facto default for local dev servers (Node, Next.js, Rails) and the Grafana dashboard. Not IANA-assigned, just convention.
Registered 1024-49151
TCP
MySQL / MariaDBThe default port for MySQL and MariaDB. App code connects here; bind it to localhost or a private network rather than 0.0.0.0.
Registered 1024-49151
TCP
Remote Desktop ProtocolWindows graphical remote desktop. A top brute-force and ransomware target, so put it behind a VPN rather than facing the internet.
Registered 1024-49151
TCP/UDP
Session Initiation ProtocolSets up and tears down VoIP calls and video sessions. The encrypted variant SIPS runs on 5061.
Registered 1024-49151
TCP
PostgreSQLThe default port for PostgreSQL. Like any database port, keep it off the public internet and use SSL plus host-based auth.
Registered 1024-49151
TCP
AMQP / RabbitMQThe Advanced Message Queuing Protocol, the default for RabbitMQ brokers. The management web UI is on a separate port, 15672.
Registered 1024-49151
TCP
Virtual Network ComputingCross-platform graphical remote control. Display :0 is 5900, :1 is 5901, and so on. Tunnel it over SSH rather than exposing it raw.
Registered 1024-49151
TCP
WinRM (HTTP)Windows Remote Management over HTTP, used by PowerShell Remoting and Ansible to drive Windows hosts. The HTTPS variant is 5986.
Registered 1024-49151
TCP
RedisThe default Redis port. Redis has no auth by default, so an exposed 6379 is a classic data-leak and crypto-mining entry point.
Registered 1024-49151
TCP
Kubernetes API ServerThe HTTPS endpoint of the Kubernetes control plane that kubectl and every controller talk to. Guard it with strong RBAC.
Registered 1024-49151
TCP
Internet Relay ChatThe classic real-time text chat protocol still used by open-source communities. TLS-encrypted IRC commonly runs on 6697.
Registered 1024-49151
TCP
HTTP Alternate / DevA common alternate HTTP port for local dev servers and Python http.server. Convention, not an IANA assignment for browsing.
Registered 1024-49151
TCP
HTTP Alternate / ProxyThe most common alternate HTTP port: app servers behind a reverse proxy (Tomcat, Jenkins, many containers) and forward proxies listen here.
Registered 1024-49151
TCP
HTTPS AlternateA common alternate HTTPS port for admin consoles and app servers (Tomcat SSL, Kubernetes dashboards) that should not sit on 443.
Registered 1024-49151
TCP
InfluxDB HTTP APIThe HTTP API and write endpoint of InfluxDB, the time-series database often paired with Grafana for metrics dashboards.
Registered 1024-49151
TCP
PHP-FPM / SonarQubeA heavily reused port: PHP-FPM FastCGI, the MinIO/SonarQube consoles and Portainer all default here, so collisions are common.
Registered 1024-49151
TCP
PrometheusThe Prometheus monitoring server web UI and query API. It scrapes metrics from targets that usually expose them on 9100, 9091, etc.
Registered 1024-49151
TCP
Apache KafkaThe default broker port for Apache Kafka. Producers and consumers connect here to publish and subscribe to event streams.
Registered 1024-49151
TCP
Elasticsearch HTTPThe Elasticsearch / OpenSearch REST API. Node-to-node transport uses 9300. An open 9200 with no auth has leaked many databases.
Registered 1024-49151
TCP/UDP
MemcachedAn in-memory cache with no built-in auth. Its UDP side was abused for massive amplification DDoS, so bind it to localhost only.
Registered 1024-49151
TCP
RabbitMQ Management UIThe web management dashboard for RabbitMQ, separate from the AMQP message port on 5672. Used to inspect queues and connections.
Registered 1024-49151
TCP
Minecraft ServerThe default port for a Java-edition Minecraft server. Friends connect to your IP on this port to join the world.
Registered 1024-49151
TCP
MongoDBThe default MongoDB port. Early versions bound to 0.0.0.0 with no auth, causing famous mass ransom incidents — bind it privately.
Registered 1024-49151
TCP/UDP
Source Engine GamesThe default for Valve Source-engine game servers (Counter-Strike, Team Fortress 2). UDP carries gameplay, TCP the optional RCON console.
Registered 1024-49151
UDP
WireGuard VPNThe default UDP port for WireGuard, the modern lightweight VPN. There is no listening TCP port; all traffic is UDP by design.
Dynamic 49152-65535
TCP/UDP
Echo ProtocolA diagnostic service that bounces back whatever bytes it receives. Almost always disabled now, since it can be abused as a UDP amplification reflector.
Well-known 0-1023
TCP/UDP
Character GeneratorA legacy test service that spews a stream of characters. Like echo, its UDP form is a classic DDoS amplification vector, so keep it off.
Well-known 0-1023
TCP/UDP
Time Protocol (RFC 868)An old clock service returning the seconds since 1900 as a 32-bit number. Superseded by NTP on 123, which gives far better precision.
Well-known 0-1023
TCP
WHOISQueries registration records for a domain or IP block: registrar, registrant and nameservers. The whois CLI connects straight here.
Well-known 0-1023
TCP/UDP
KerberosThe ticket-granting authentication protocol at the core of Active Directory and many enterprise single sign-on setups.
Well-known 0-1023
TCP/UDP
ONC RPC PortmapperThe portmapper that tells clients which dynamic ports NFS and other RPC services live on. Exposing it leaks your internal service map.
Well-known 0-1023
TCP
Network News Transfer ProtocolCarries Usenet newsgroup articles between servers and to readers. Largely historical now but still alive in a few corners of the internet.
Well-known 0-1023
UDP
NetBIOS Name ServiceLegacy Windows name resolution on the LAN. It leaks hostnames and is a recon target, so block it at the network edge.
Well-known 0-1023
TCP
NetBIOS SessionThe older session channel for Windows file sharing before SMB moved to 445. Often still open on legacy hosts and a frequent scan target.
Well-known 0-1023
TCP
Border Gateway ProtocolThe protocol that exchanges routing tables between autonomous systems and effectively glues the whole internet together.
Well-known 0-1023
TCP
IRC (IANA-assigned)The IANA-assigned port for Internet Relay Chat. In practice most networks listen on 6667 instead, with 194 rarely used.
Well-known 0-1023
TCP/UDP
Service Location ProtocolA discovery protocol used by VMware ESXi and some NAS gear. Exposed SLP has been weaponised for huge DDoS amplification, so firewall it.
Well-known 0-1023
UDP
IPsec IKEThe key-exchange phase of IPsec VPNs. It negotiates the tunnel; the encrypted payload then flows over ESP or UDP 4500 when behind NAT.
Well-known 0-1023
TCP
Kerberos rloginThe Kerberos-authenticated version of the old BSD rlogin remote shell. Obsolete and replaced by SSH everywhere.
Well-known 0-1023
TCP
Apple Filing ProtocolThe native macOS network file-sharing protocol, used by Time Machine over the network. Apple now favours SMB, but AFP persists on older NAS.
Well-known 0-1023
TCP
Internet Printing Protocol / CUPSThe Internet Printing Protocol behind CUPS on Linux and macOS. It both submits print jobs and serves the printer admin web UI.
Well-known 0-1023
UDP
OpenVPNThe default port for OpenVPN, the long-standing TLS-based VPN. UDP is the default for speed; it can also run over TCP 443 to slip past firewalls.
Registered 1024-49151
UDP
RADIUS AuthenticationCentralised authentication for VPNs, Wi-Fi (WPA2-Enterprise) and network gear. Accounting runs on the neighbouring 1813.
Registered 1024-49151
TCP
MQTTThe lightweight publish-subscribe protocol that dominates IoT messaging. Plaintext by default; the TLS variant listens on 8883.
Registered 1024-49151
TCP
Apache ZooKeeperThe client port of ZooKeeper, the coordination service older Kafka and Hadoop clusters rely on for leader election and config.
Registered 1024-49151
TCP/UDP
Oracle DB (no TLS)The IANA-registered Oracle database port without SSL. The TLS-wrapped variant is 2484; many installs still default to the legacy 1521.
Registered 1024-49151
TCP
iSCSI TargetBlock storage over IP: a SAN exposes raw disks that hosts mount as local drives. Keep it on a dedicated storage network, never public.
Registered 1024-49151
TCP/UDP
STUN / TURNNAT-traversal helpers for WebRTC and VoIP. STUN discovers your public address; TURN relays media when a direct peer link is impossible.
Registered 1024-49151
UDP
IPsec NAT TraversalCarries IPsec ESP packets wrapped in UDP so the VPN can cross NAT gateways. Pairs with IKE on 500 to complete the tunnel.
Registered 1024-49151
UDP
Multicast DNS / BonjourZero-config local name resolution behind Apple Bonjour and Avahi. It is how .local hostnames and AirPlay or Chromecast discovery work.
Registered 1024-49151
TCP
KibanaThe web dashboard for Kibana, the visualisation front end of the Elastic stack that queries Elasticsearch on 9200.
Registered 1024-49151
TCP
Nagios NRPEThe Nagios Remote Plugin Executor, letting a Nagios server run check scripts on a remote host to gather monitoring data.
Registered 1024-49151
TCP
WinRM (HTTPS)Windows Remote Management over HTTPS, the encrypted counterpart to plain WinRM on 5985. Preferred for PowerShell Remoting and Ansible.
Registered 1024-49151
TCP
Amazon RedshiftThe default port for Amazon Redshift, the managed data warehouse. It speaks the PostgreSQL wire protocol but defaults to 5439, not 5432.
Registered 1024-49151
TCP
Redis over TLSThe common convention for a TLS-enabled Redis listener, kept separate from the plaintext default on 6379 so both can run side by side.
Registered 1024-49151
TCP
Cassandra InternodeThe inter-node cluster communication port for Apache Cassandra. Clients connect separately on 9042; TLS internode traffic uses 7001.
Registered 1024-49151
TCP
Cassandra CQLThe native CQL client port for Apache Cassandra and ScyllaDB. Application drivers connect here to read and write rows.
Registered 1024-49151
TCP
Elasticsearch TransportThe binary node-to-node transport for an Elasticsearch / OpenSearch cluster, distinct from the REST API on 9200. Internal traffic only.
Registered 1024-49151
TCP
CockroachDBThe default SQL client port for CockroachDB, the distributed SQL database. It speaks the PostgreSQL wire protocol, so psql can connect.
Registered 1024-49151
TCP
RethinkDB ClientThe client driver port for RethinkDB. Its web admin UI runs separately on 8080 and the intracluster port is 29015.
Registered 1024-49151
TCP
Apache Spark MasterThe cluster manager port that Spark workers and spark-submit jobs register with on a standalone Spark master. The web UI is on 8080.
Registered 1024-49151
TCP
NATS MessagingThe client port for NATS, a high-throughput cloud-native messaging system. Its HTTP monitoring endpoint runs separately on 8222.
Registered 1024-49151
TCP
ActiveMQ (OpenWire)The default OpenWire broker port for Apache ActiveMQ. Its web console is on 8161, and STOMP clients use 61613.
Dynamic 49152-65535
TCP
Hugo Dev ServerThe default port for the Hugo static-site generator dev server with live reload. A convention, not an IANA assignment.
Registered 1024-49151
TCP
Jekyll / Phoenix DevA common local dev-server port: Jekyll serves its preview here, and Elixir Phoenix defaults to it too. Convention rather than assigned.
Registered 1024-49151
TCP
Angular CLI Dev ServerThe default port for ng serve, the Angular CLI development server. Convention, easily changed with --port.
Registered 1024-49151
TCP
Vite Dev ServerThe default port for the Vite dev server, used by modern Vue, React and Svelte projects. Vite picks the next free port if it is taken.
Registered 1024-49151
TCP
Jupyter NotebookThe default port for Jupyter Notebook and JupyterLab. Access is token-protected by default; never expose it raw to the internet.
Registered 1024-49151
TCP
Expo Dev ServerThe default port for the Expo development server used in React Native projects. The Metro bundler runs alongside it.
Registered 1024-49151
TCP
etcd PeerThe peer-to-peer port etcd nodes use to replicate and elect a leader, distinct from the client API on 2379. Internal cluster traffic only.
Registered 1024-49151
TCP
HashiCorp VaultThe HTTP API and UI port for HashiCorp Vault, the secrets manager. Always front it with TLS since it brokers your most sensitive credentials.
Registered 1024-49151
TCP
HashiCorp ConsulThe HTTP API and web UI of HashiCorp Consul for service discovery and health checks. The DNS interface answers on 8600.
Registered 1024-49151
TCP
Prometheus AlertmanagerThe Alertmanager that receives alerts from Prometheus on 9090 and routes them to email, Slack or PagerDuty after grouping and silencing.
Registered 1024-49151
TCP
Prometheus Node ExporterThe default port where the Prometheus node exporter publishes host metrics (CPU, memory, disk) for the Prometheus server to scrape.
Registered 1024-49151
TCP
Grafana LokiThe HTTP port for Grafana Loki, the log-aggregation system designed to pair with Grafana the way Prometheus pairs for metrics.
Registered 1024-49151
UDP
Minecraft BedrockThe default UDP port for a Minecraft Bedrock-edition server, distinct from the Java edition on TCP 25565. Mobile and console clients use it.
Registered 1024-49151
TCP/UDP
Mumble Voice ServerThe default port for a Mumble (Murmur) low-latency voice server. TCP carries control and TLS, UDP carries the encrypted voice stream.
Dynamic 49152-65535
TCP
Minecraft RCONThe default remote-console port for administering a Minecraft server, letting operators run commands over the network. Protect it with a strong password.
Registered 1024-49151
TCP/UDP
Xbox LiveThe main port Xbox Live consoles use for multiplayer matchmaking and voice. Routers often need it forwarded for an open NAT type.
Registered 1024-49151
TCP
Squid ProxyThe default port for the Squid caching forward proxy. Clients route HTTP through it for caching, filtering or access control.
Registered 1024-49151
TCP/UDP
ShadowsocksA frequently used default for a Shadowsocks encrypted proxy server. The port is configurable and often changed to blend in with normal traffic.
Registered 1024-49151
UDP
SSDP / UPnP DiscoveryThe discovery layer of UPnP that finds smart TVs, printers and media servers on the LAN. Exposed SSDP is a known DDoS amplification vector.
Registered 1024-49151
TCP/UDP
LLMNRLink-Local Multicast Name Resolution, a Windows fallback for resolving names when DNS fails. A classic target for credential-spoofing attacks.
Registered 1024-49151
TCP
MQTT over TLSThe TLS-secured form of MQTT, the encrypted counterpart to plaintext 1883. The right choice for any IoT messaging crossing the public internet.
Registered 1024-49151
TCP
IRC over TLSThe de-facto port for TLS-encrypted IRC, the secure counterpart to plaintext 6667. Most modern IRC networks default to it.
Registered 1024-49151
TCP
SIP over TLSThe TLS-secured form of SIP, the encrypted counterpart to plaintext 5060. It protects VoIP call signalling from interception.
Registered 1024-49151

What this tool does

A searchable cheat sheet of the network ports you actually run into. Type a port number (22, 443, 3306) or a service keyword (ssh, https, redis) and the table filters to matching rows instantly. Each row gives the port number, the transport protocol (TCP, UDP or both), the service name, a one-line plain-language note on what runs there, and the IANA range it belongs to: well-known (0-1023), registered (1024-49151) or dynamic (49152-65535). It covers 60+ services every developer and ops engineer meets: FTP 20/21, SSH 22, Telnet 23, SMTP 25, DNS 53, HTTP 80, POP3 110, IMAP 143, HTTPS 443, MySQL 3306, PostgreSQL 5432, Redis 6379, MongoDB 27017, RDP 3389, the 8080 proxy port, AMQP 5672, Elasticsearch 9200 and more. Click any port or service to copy it. The whole thing is a static table baked into the page, so there is no upload, no API call and no logging, and your search term rides in the URL so a filtered view is shareable. Use it to remember which port to open in a firewall, to label a docker-compose port mapping, or to recognise an unfamiliar port in a log line.

Tool details

Input
Text
The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
Output
Live result + Copy + Preview
The result area focuses on usable output, with copy, download, or preview actions when supported.
Privacy
Browser-side processing
The main tool logic does not call an external API, so inputs normally stay in the current tab.
Save / share
Shareable URL state
Key settings are encoded in the URL so another person can reopen the same setup.
Performance budget
Initial JS <= 12 KB
No WASM budget is declared, keeping the tool quick to open on mobile.
Best fit
Developer & DevOps · Developer
Category and role tags drive related tools, internal links, and quick fit checks.

How to use

  1. 1. Input

    Paste or drop your content into the tool panel.

  2. 2. Process

    Click the button. All processing is local in your browser.

  3. 3. Copy / Download

    Copy the result or download to disk in one click.

How Common Ports Reference fits into your work

Use it in the small gaps between coding, reviewing, debugging, and shipping.

Developer jobs

  • Formatting, validating, shrinking, or inspecting code-adjacent text.
  • Preparing snippets for documentation, tickets, commits, or handoff.
  • Checking a small payload quickly without switching tools.

Developer checks

  • Run irreversible transforms like minify or obfuscate on a copy.
  • Keep secrets out of pasted snippets unless the tool explicitly stays local.
  • Use your normal tests or linter before shipping transformed code.

Good next steps

These links move the current task into a more complete workflow.

  1. 1 HTTP Status Code Explorer HTTP status code explorer — all 70+ codes with meaning, common causes, real examples, and what to check. Open
  2. 2 DNS Record Explainer DNS record explainer — all 18 common record types (A, AAAA, CNAME, MX, TXT, SRV, etc.) with syntax, examples, and gotchas. Open
  3. 3 IP Subnet Calculator (CIDR) Type an IPv4 CIDR and get network, broadcast, host range, mask, wildcard, class and subnet splits — browser-only. Open

Real-world use cases

  • Open the right port in a firewall or security group

    You are writing a cloud security-group rule and need to allow your web app and its database. Search https to confirm 443, search postgres to confirm 5432, and open exactly those two inbound. The range tag reminds you that database ports are registered ports that should face a private subnet, not 0.0.0.0/0, so you scope the source range tightly instead of opening the world.

  • Label a docker-compose or Kubernetes port mapping

    You are mapping container ports in a compose file and cannot recall whether Redis is 6379 or 6739. Search redis, copy 6379, and write the mapping with confidence. For a stack of services, look each one up in turn (Kafka 9092, RabbitMQ 5672 plus its 15672 UI, Elasticsearch 9200) so every published port in the file is the real default and nothing collides.

  • Recognise an unfamiliar port in a log or netstat output

    A connection log shows traffic to port 11211 and you do not recognise it. Search the number here, find it is Memcached, read the note that its UDP side has been abused for amplification DDoS, and immediately know it should be bound to localhost. The reference turns a bare number in a log line into something you can act on.

  • Study for a networking certification or interview

    Preparing for CompTIA Network+, Security+ or a systems interview means memorising the default ports cold. Filter by the well-known range to drill the 0-1023 classics, search by service to test yourself in reverse, and use the one-line notes to anchor each port to a real scenario instead of rote numbers, which is what an interviewer actually probes.

Common pitfalls

  • Assuming a port number is the same on TCP and UDP. They are separate address spaces; 53 TCP and 53 UDP can host different services. DNS uses both for different jobs, which is why several rows are marked TCP/UDP.

  • Reading the port off a log and assuming the standard service is what is running. The reference shows the conventional purpose; anything can bind any port. Verify with a live ss -tulpn or netstat -ano before you trust it.

  • Exposing a database or cache port (3306, 5432, 6379, 27017) to 0.0.0.0 on the public internet. These default to weak or no authentication; bind them to localhost or a private subnet and firewall them, or you join the long list of mass-ransom victims.

  • Confusing the well-known boundary. Well-known ports end at 1023, not 1024. Port 1024 is the first registered port. Off-by-one here trips people on certification exams and when reasoning about which ports need root to bind.

Privacy

This tool is a static port table compiled into the page. There is no server call, no scan of your machine, and no logging of what you search. The only data that can leave your browser is the optional shareable URL, which encodes your current search term (for example ?q=ssh) in the query string so a colleague lands on the same filtered view. That term is harmless for normal lookups, but query strings do show up in browser history and server access logs, so if you ever search something you would rather not record, copy the result manually instead of sharing the URL.

FAQ

Tool combos

Folks in your role tend to reach for these alongside this tool.

Made by Toolora · 100% client-side · Updated 2026-07-02