Common Networking Ports

Along the lines of “knowing your network” with the network security guide. Here are some of the most commonly used network ports. There are 65535 ports that can listen for a connection, so this is not a thorough listing. (These are tcp unless noted otherwise.)

FTP 21 (file transfer protocol, usually ftp servers listen here – usually unencrypted)
SSH 22 (secure shell server, encrypted authentication and data sessions.)
TELNET 23 (unencrypted remote shell access)
SMTP 25 (mail “sending” server… it’s basically listening for incoming mail messages.)
HTTP 80 (web servers)
POP3 110 (Post office protocol – mail servers waiting for someone to retrieve messages.)
NNTP 119 (news server (network news transfer protocol) – this is a newsgroup server)
netbios-ns 137 (netbios nameserver (*Windows networking))
netbios-dgm 138 (netbios datagram (*Windows networking))
netbios-ssn 139 (netbios session (*Windows networking))
imap 143 (imap – a different mail retrieval server)
irc 195 (internet relay chat server)
ldap 389 (ldap directory server)
https 443 (secure http)
microsoft-ds 445
ipp 631 (internet printing protocol)

The above is NOT a complete list. I’ve probably left out many you might consider normal and common. If you have found other ports online it might be useful to compare what you’ve found with the /etc/services file in any available linux distro (that’s usually a pretty thorough list of what the ports are commonly used for.) However, it’s worth noting that a service can be run on a port other than what’s listed above. For instance, an alternate port that webservers frequently use is 8080, but there’s nothing to prevent a webserver from running on port 81, or 3 or 578 (as long as another service isn’t already running there.)

Also, malicious services could run on ports that might not raise suspicion, so it’s worth knowing what open ports are normal for your system and systems on your network.

   Send article as PDF   

Similar Posts