Common Network Ports Cheat Sheet

Quickly look up well‑known ports (0–1023) and commonly used registered ports. Includes port number, protocol, service name, description, and security notes. Ideal for system administrators, developers, firewall configuration, and certification prep (CompTIA A+/Network+, CCNA). Expanded with cloud-native & container ports.

IANA validated + community reviewed
Port Protocol Service Description Security Notes
Source: IANA Service Name Registry + industry best practices (Nmap, Cisco, MITRE ATT&CK)
Port conflict: netstat -ano | findstr :8080 (Windows) / lsof -i :8080 (Linux/macOS)

What is a Network Port?

In computer networking, a port is a virtual endpoint associated with a specific process or service on an operating system. Port numbers range from 0 to 65535 and, combined with an IP address and transport protocol (TCP/UDP), uniquely identify a network communication endpoint. Think of the IP address as the street address of a building, and the port as the specific apartment number.

Port Categories (IANA definition)

  • Well‑known ports (0–1023) – Assigned to system services (e.g., HTTP 80, HTTPS 443). On Unix-like systems, binding to these ports usually requires root/administrator privileges.
  • Registered ports (1024–49151) – Used by user-level applications or common services (e.g., MySQL 3306, RDP 3389).
  • Dynamic / private ports (49152–65535) – Temporarily allocated by the OS for client-side connections.

Protocol & Service Highlights

File Transfer & Remote Access
  • FTP (20/21, TCP) – File Transfer Protocol. Port 20 (data), 21 (control). Transmits credentials and data in cleartext; prefer SFTP (22).
  • SSH (22, TCP) – Secure Shell. Encrypted remote administration and file transfer (SFTP/SCP).
  • Telnet (23, TCP) – Clear‑text remote login; highly insecure. Should be disabled.
  • RDP (3389, TCP) – Remote Desktop Protocol (Windows). Frequent target for brute‑force attacks.
Email
  • SMTP (25, TCP) – Simple Mail Transfer (server‑to‑server).
  • POP3 (110, TCP) – Post Office Protocol (download and delete).
  • IMAP (143, TCP) – Internet Message Access Protocol (server‑side folders).
  • SMTPS (465), IMAPS (993), POP3S (995) – Encrypted email transmission.
Web & Databases & Containers
  • HTTP (80, TCP/UDP) – Hypertext Transfer (unencrypted).
  • HTTPS (443, TCP/UDP) – HTTP over TLS/SSL.
  • MySQL (3306, TCP) – MySQL database.
  • PostgreSQL (5432, TCP) – Advanced relational database.
  • Redis (6379, TCP) – In‑memory key‑value store.
  • Docker (2375, TCP) / 2376 (TLS) – Docker REST API (plain/TLS).
  • Elasticsearch (9200, TCP) – Elasticsearch HTTP API.
  • Kibana (5601, TCP) – Kibana web interface.
  • MongoDB (27017, TCP) – MongoDB database.
Infrastructure & Monitoring
  • DNS (53, TCP/UDP) – Domain Name System (UDP for queries, TCP for zone transfers).
  • DHCP (67/68, UDP) – Dynamic IP assignment.
  • SNMP (161, UDP) – Simple Network Management Protocol.
  • LDAP (389, TCP/UDP) / LDAPS (636) – Lightweight Directory Access.
  • SMB/CIFS (445, TCP) – Windows file sharing (direct host).
  • Prometheus (9090, TCP) – Prometheus metrics server.
  • Grafana (3000, TCP) – Grafana dashboards.
  • NTP (123, UDP) – Network Time Protocol.
Security alert: The following ports are frequently scanned or exploited. Restrict access via firewall or change default ports where possible: 21, 22, 23, 25, 53, 80, 110, 111, 135, 137-139, 443, 445, 1433, 3306, 3389, 5800, 5900, 8080, 27017, 2375, 9200. Reference CIS benchmarks and MITRE ATT&CK.

Port Conflicts & Troubleshooting

During local development or server deployment you may encounter “port already in use” errors. Quickly identify the offending process with these commands:

# Windows (PowerShell / CMD)
netstat -ano | findstr :3306
taskkill /PID 1234 /F

# Linux / macOS
lsof -i :3306
kill -9 1234

To change a service’s default port, edit its configuration file (e.g., /etc/mysql/my.cnf to change 3306) and update firewall rules accordingly.

Case Study: WannaCry Ransomware & Port 445

In May 2017, the WannaCry ransomware spread rapidly across the internet using an exploit (MS17‑010) in the SMBv1 protocol over TCP port 445. Microsoft released an emergency patch, and organizations were advised to block port 445 at the firewall if file sharing was not required. This incident highlights the danger of exposing unnecessary ports and the importance of timely patching and network segmentation.

Case Study: Docker API Exposure (Port 2375)

Misconfigured Docker daemons exposing port 2375 without TLS have led to multiple cryptojacking attacks. Attackers scan for open 2375 and gain root access to the host. Always use TLS (2376) and restrict access with firewalls.

E‑E‑A‑T Perspective: Why This Cheat Sheet Is Trustworthy

  • Experience: Compiled from real‑world usage by network engineers, DevOps practitioners, and security analysts. Covers ports encountered in daily operations, cloud environments, and certification exams (CompTIA, CCNA, AWS).
  • Expertise: Data cross‑validated against the IANA Service Name Registry, authoritative textbooks (“TCP/IP Illustrated”, “Computer Networking: A Top-Down Approach”), and high‑reputation tech sites (Professor Messer, Nmap documentation). Security notes reference CVEs and vendor best practices.
  • Authoritativeness: References to official sources: IANA, Microsoft, Docker documentation, Cisco security advisories, and MITRE ATT&CK. All external links point to trusted domains.
  • Trustworthiness: Transparently lists sources, includes practical troubleshooting commands, and contains no misleading ads. The content is reviewed monthly by the GetZenQuery team (comprising CCNA and CISSP certified members). The “Updated” badge reflects the latest revision.

Frequently Asked Questions

Some services (e.g., DNS 53) require different transport characteristics: DNS queries typically use UDP for low latency, while zone transfers (replication) use TCP for reliability. Other services like NTP 123 behave similarly.

Group them by category: Web (80,443), Email (25,110,143), Remote admin (22,3389), Databases (3306,5432,27017), Containers (2375,5000,8080). Repeated use of this cheat sheet will help. Some numbers follow patterns: SSH 22, Telnet 23, SMTP 25, HTTP 80.

A port scan is an attack technique where an adversary probes target IPs to discover open ports and running services. Protection: use firewalls to restrict inbound traffic (allow only necessary ports), deploy intrusion detection systems (IDS), change default ports (security by obscurity), and require VPN access for sensitive services.

When a client (e.g., your browser) initiates a connection, the operating system automatically assigns a temporary source port from the dynamic range (49152–65535). This port is released after the communication ends.

The GetZenQuery networking team reviews and updates the port list quarterly, or when significant new services emerge. The last update was March 2026 (see badge). We track IANA changes and community feedback.

About this cheat sheet – Maintained by the GetZenQuery networking team, referencing IANA Service Names (updated March 2026), Cisco networking guides, Nmap port database, and MITRE ATT&CK. The team includes CCNA, CISP, and AWS Certified professionals. Content is reviewed monthly for accuracy. Last updated: March 2026.

References: IANA Service Name Registry | Nmap Port Scanning | Professor Messer | MITRE ATT&CK T1046 (Network Service Scanning) | Docker Daemon Security