Network

Port Number Reference

A reference list of common TCP/UDP port numbers and what uses them — FTP, SSH, HTTP, HTTPS, MySQL, Redis, and more. Useful for configuring firewall rules and troubleshooting "connection refused" errors, with a live search filter.

Well-known 0–1023 Registered 1024–49151 Dynamic / private 49152–65535
Port Number Table
Port Protocol TCP/UDP Range Used for
20 FTP (Data) TCP Well-known Used for FTP data transfer (active mode). Increasingly replaced by SFTP and FTPS.
21 FTP (Control) TCP Well-known Used for the FTP control connection, which carries commands and responses.
22 SSH TCP Well-known Used for encrypted remote login via SSH, and file transfer via SCP/SFTP.
23 Telnet TCP Well-known Used for unencrypted remote login via Telnet. SSH is recommended instead due to eavesdropping risk.
25 SMTP TCP Well-known Used for SMTP mail relay between mail servers.
53 DNS TCP/UDP Well-known Used for DNS name resolution. Ordinary queries use UDP; zone transfers and large responses use TCP.
67 DHCP (Server) UDP Well-known Used by a DHCP server to hand out IP addresses to clients.
68 DHCP (Client) UDP Well-known Used by a DHCP client to request an IP address assignment.
69 TFTP UDP Well-known Used for unauthenticated, lightweight file transfer via TFTP, commonly for firmware updates on network devices.
80 HTTP TCP Well-known Used for unencrypted web page delivery via HTTP.
110 POP3 TCP Well-known Used by mail clients to download email via POP3.
123 NTP UDP Well-known Used for time synchronization between computers via NTP.
143 IMAP TCP Well-known Used for managing and syncing mail across multiple devices via IMAP.
161 SNMP UDP Well-known Used for monitoring and querying network device status via SNMP.
162 SNMP Trap UDP Well-known Used to receive SNMP traps, unsolicited notifications sent by devices.
194 IRC TCP Well-known Used for real-time chat via IRC.
389 LDAP TCP Well-known Used for querying directory services (user and organization data) via LDAP.
443 HTTPS TCP Well-known Used for secure web page delivery via HTTPS (HTTP over TLS).
445 SMB TCP Well-known Used for Windows file and printer sharing via SMB.
465 SMTPS TCP Well-known Used for encrypted mail submission via SMTPS (SMTP over TLS).
587 SMTP Submission TCP Well-known The standard port mail clients use to submit outgoing mail to a mail server.
636 LDAPS TCP Well-known Used for encrypted directory service communication via LDAPS (LDAP over TLS).
993 IMAPS TCP Well-known Used for encrypted mail sync via IMAPS (IMAP over TLS).
995 POP3S TCP Well-known Used for encrypted mail retrieval via POP3S (POP3 over TLS).
1433 MSSQL TCP Registered Used for Microsoft SQL Server database connections.
3306 MySQL TCP Registered Used for MySQL/MariaDB database connections.
3389 RDP TCP Registered Used for Windows Remote Desktop connections via RDP.
5432 PostgreSQL TCP Registered Used for PostgreSQL database connections.
5900 VNC TCP Registered Used for remote desktop screen sharing via VNC.
6379 Redis TCP Registered Used for connections to the Redis in-memory data store.
8080 HTTP (Alt) TCP Registered A common alternate HTTP port, often used by proxy servers and development web servers.
8443 HTTPS (Alt) TCP Registered A common alternate HTTPS port, often used by application servers such as Tomcat.
9200 Elasticsearch TCP Registered Used for connections to the Elasticsearch REST API.
27017 MongoDB TCP Registered Used for MongoDB database connections.

Tips

  • When writing firewall rules, open only the ports you actually need and default-deny everything else — the security fundamentals haven't changed in decades.
  • If you see "connection refused," first check whether the service is actually listening on that port with tools like netstat -an or ss -tlnp.
  • Well-known ports (0–1023) like 80 and 443 usually require administrator privileges to bind on most operating systems, which is why non-privileged apps often use alternates like 8080.
  • The same service often uses a different port for its plaintext and encrypted variants (e.g. 80/HTTP vs 443/HTTPS, 21/FTP vs 990/FTPS) — don't mix them up.
  • The port numbers in this reference apply directly to security group rules in cloud environments like AWS, GCP, and Azure.

Frequently Asked Questions

An IP address identifies the "building" (the computer) you're communicating with, while a port number identifies the specific "room" (application or service) inside that building. On the same server, port 80 might route to a web server and port 22 to an SSH server — the port number determines which service receives the traffic.

TCP is a reliability-focused protocol that confirms delivery and retransmits lost data, used for things like loading web pages and transferring files. UDP is a lightweight protocol that skips acknowledgments, used where speed matters more than guaranteed delivery, such as DNS lookups, online gaming, and video streaming.

First confirm the service (process) is actually running and listening on that port. If it is, check whether a firewall (iptables, ufw, a cloud security group, etc.) is blocking traffic to that port.

New sites should generally run exclusively on port 443 (HTTPS). Keeping port 80 (HTTP) around only to redirect to 443 is considered current best practice.

It's common to pick a number in the 1024–49151 "registered ports" range, ideally one that doesn't collide with other common services (e.g. 8080 or a number in the 3000s). Avoid the 0–1023 "well-known ports," which are reserved for established standard services.
ツールくん

Side Note — Why do port numbers only go up to 65535?

Port numbers are limited to the 0–65535 range because the port number field in the TCP/UDP header is defined as 16 bits (2 bytes). Two to the power of 16 is 65536, so excluding port 0, the usable range is 1 through 65535. This design was fixed when TCP/IP was standardized in the early 1980s and has never changed since.

IANA (the Internet Assigned Numbers Authority) divides all ports into three ranges. Ports 0–1023, the "well-known ports," are reserved for widely used services like HTTP and SSH. Ports 1024–49151, the "registered ports," can be requested and registered by companies or projects. Ports 49152–65535 are "dynamic/private ports," freely used by clients as temporary source ports.

Even famous ports like 80 (HTTP) and 443 (HTTPS) weren't assigned their current purpose from the start. Port 443 was allocated for HTTPS in 1994, when Netscape requested it from IANA while developing SSL (Secure Sockets Layer).

To reduce the risk of port-scanning attacks, some production servers change the default SSH port (22) away from its standard value, a technique sometimes called "port knocking." This is security through obscurity, though, and is never a substitute for fundamentals like strong authentication and keeping software patched.

→ Browse all trivia