TCP and UDP Services and Ports

This post summarizes commonly used TCP and UDP ports.

Default TCP and UDP Ports

TCP 20: File Transfer Protocol (FTP) Active Mode Data Connection

TCP 21: File Transfer Protocol (FTP) Passive Mode Data Connection

TCP 22: SSH

TCP 23: Telnet

TCP 25: Simple Mail Transfer Protocol (SMTP)

UDP/TCP 50: Remote Mail Checking Protocol

TCP 51: IANA reserved

TCP/UDP 53: Domain Name System (DNS) Zone Transfer

UPD 67: Dynamic Host Configuration Protocol (DHCP)

TCP/UDP 69: Trivial File Transfer Protocol (TFTP)

TCP 80: HTTP

TCP 110: Post Office Protocol (POP3)

UDP 123: Network Time Protocol (NTP)

TCP/UDP 135: Microsoft RPC Endpoint Mapper

UDP 137: NetBIOS Name Service (NBNS)

TCP/UDP 138: netbios-dgm

TCP 139: NetBIOS Session Service (SMB over NetBIOS)

TCP 143: Internet Message Access Protocol (IMAP4)

UDP 161: Simple Network Management Protocol (SNMP)

TCP/UDP 162: SNMP Trap

TCP/UDP 389: Lightweight Directory Access Protocol (LDAP)

TCP 443: HTTPS

TCP/UDP 445: SMB over TCP (Direct Host); Active Directory

TCP 465: Implicit STMP

UDP 500: (ISAKMP)/Internet Key Exchange (IKE)

TCP 513: remote login

UDP 514: syslog

TCP 515: Line Printer Remote (LPR) or Daemon (LPD)

TCP 587: STARTTLS

TCP/UDP 1080: SOCKS

TCP 1241: Nessus daemon

TCP 1433-1434: Microsoft SQL Server

TCP 1521: Oracle

UDP 1701: L2TP

TCP 1720: H.323

TCP 1723: PPTP

TCP/UDP 2000-2001: Session Initiation Protocol (SIP)

TCP 2049: Network File System (NFS)

TCP 3389: Microsoft Remote Desktop Protocol (RDP)

UDP port 4500: IPsec NAT-T

TCP/UDP 5050: Session Initiation Protocol (SIP)

TCP/UDP 5060-5061: Session Initiation Protocol (SIP)

UDP 5355: LLMNR

TCP 6000-6063: X Window (Unix)

TCP 9100: HP JetDirect printing

TCP/UDP 48101: used by the infected devices to spread malicious files to the other devices in the network

Ports requested in certification exams

Some certification exams require to know the default use of ports by heart.

Here you can find some examples on different exams:

CEH v10

22, 23, 25, 50, 51, 53, 69, 80, 123, 135, 137, 139, 161, 162, 389, 443, 445, 500, 514, 515, 1080, 1241, 2000, 2001, 4500, 5050, 5060, 5061, 5355, 48101

CISSP 2021

20, 21, 22, 23, 25, 53, 67, 69, 80, 110, 123, 135, 137-139, 143, 161, 443, 445, 465, 515, 587, 1443, 1701, 1723, 2049, 6000-6063, 9100.

MD-100

80, 443, 513, 1433, 1723, 3389.

External references

• IANA; “Service Name and Transport Protocol Port Number Registry“; Internet Assigned Numbers Authority (IANA)
• Wikipedia; “List of TCP and UDP port numbers“; Wikipedia
• “CISSP Study Guide Ninth Edition”
  • Chapter 11, Section “Common Application Layer Protocols”, pp. 506-507
  • Chapter 15, Section “Network Vulnerability Scanner”, pp. 738-739