TCP UDP Port Reference

TCP UDP Port Reference: essential concepts

This guide covers what really matters in tCP UDP Port Reference: concepts, context, limits and interpretations that often cause confusion.

Search port or service

ProtocolIANA rangeCategorySecurity

83 ports

20TCPCleartext
FTP-DATA — File Transfer Protocol — Data
FTP data channel (active mode). Cleartext — prefer SFTP (22) or FTPS (990).
File transferRFC 959Secure variant: 990
21TCPCleartext
FTP — File Transfer Protocol — Control
FTP control channel. Cleartext. Prefer SFTP (22) or FTPS (990).
File transferRFC 959Secure variant: 990
22TCPEncryptedEncrypted
SSH — Secure Shell / SFTP
SSH remote shell and SFTP file transfer with end-to-end encryption.
Remote accessFile transferRFC 4251
23TCPCleartext
TELNET — Telnet
Legacy cleartext remote shell. Replaced by SSH (22).
Remote accessRFC 854Secure variant: 22
25TCPVaries
SMTP — Simple Mail Transfer Protocol
Mail relay between servers. Supports STARTTLS. Often blocked by ISPs for end-users.
EmailRFC 5321Secure variant: 587
53TCP/UDPVaries
DNS — Domain Name System
Name resolution. UDP for normal queries, TCP for zone transfers and large answers. DoT (853) and DoH (443) encrypt.
NetworkRFC 1035Secure variant: 853
67UDPVaries
DHCP-SERVER — Dynamic Host Configuration Protocol (server)
DHCP server listens for client requests on this port.
NetworkRFC 2131
68UDPVaries
DHCP-CLIENT — Dynamic Host Configuration Protocol (client)
DHCP client receives server replies on this port.
NetworkRFC 2131
69UDPCleartext
TFTP — Trivial File Transfer Protocol
Simple unauthenticated transfer. Common in PXE boot and network appliances.
File transferRFC 1350
80TCPCleartext
HTTP — HyperText Transfer Protocol
Cleartext HTTP. In production always use HTTPS (443).
WebRFC 9110Secure variant: 443
88TCP/UDPEncryptedEncrypted
KERBEROS — Kerberos authentication
Kerberos authentication (KDC). Active Directory foundation.
SecuritySystemRFC 4120
110TCPCleartext
POP3 — Post Office Protocol v3
Mail retrieval (legacy). Cleartext. Use POP3S (995).
EmailRFC 1939Secure variant: 995
119TCPCleartext
NNTP — Network News Transfer Protocol
Usenet / newsgroups. Rarely used today. Secure variant: NNTPS (563).
MessagingRFC 3977Secure variant: 563
123UDPVaries
NTP — Network Time Protocol
Time synchronization. Often abused in amplification attacks.
NetworkSystemRFC 5905
135TCP/UDPCleartext
MS-RPC — Microsoft RPC Endpoint Mapper
Microsoft DCE/RPC endpoint mapper. Never expose to the internet.
SystemNetwork
137UDPCleartext
NETBIOS-NS — NetBIOS Name Service
NetBIOS name resolution. Historical worm vector (Sasser/Conficker).
NetworkSystemRFC 1002
139TCPCleartext
NETBIOS-SSN — NetBIOS Session Service
SMB over NetBIOS. Replaced by direct SMB on 445.
File transferSystemRFC 1002Secure variant: 445
143TCPCleartext
IMAP — Internet Message Access Protocol
Mailbox access. Cleartext. Use IMAPS (993).
EmailRFC 9051Secure variant: 993
161UDPCleartext
SNMP — Simple Network Management Protocol
Network device management. v1/v2c cleartext. SNMPv3 encrypts.
NetworkRFC 1157
162UDPCleartext
SNMPTRAP — SNMP Trap
Receives SNMP traps/alerts.
NetworkRFC 1157
179TCPVaries
BGP — Border Gateway Protocol
Public-internet routing protocol. TCP sessions between ASes.
NetworkRFC 4271
194TCPCleartext
IRC — Internet Relay Chat
Traditional IRC. TLS variant: 6697.
MessagingRFC 1459Secure variant: 6697
389TCP/UDPVaries
LDAP — Lightweight Directory Access Protocol
Directory service (Active Directory, OpenLDAP). Use LDAPS (636) or StartTLS.
NetworkSecurityRFC 4511Secure variant: 636
443TCPEncryptedEncrypted
HTTPS — HTTP over TLS
Encrypted web (TLS 1.2/1.3). Also used by HTTP/3 over QUIC (UDP 443).
WebRFC 9110RFC 8446
445TCPVaries
SMB — Server Message Block (SMB / CIFS)
Direct SMB file sharing over TCP. WannaCry vector — block at the perimeter.
File transferSystem
465TCPEncryptedEncrypted
SMTPS — SMTP over TLS (implicit)
Mail submission with implicit TLS. Modern alternative to 587 with STARTTLS.
EmailRFC 8314
514UDPCleartext
SYSLOG — BSD Syslog
Centralized logging. Unencrypted; use TLS syslog (6514) for sensitive traffic.
SystemNetworkRFC 5424Secure variant: 6514
587TCPEncryptedEncrypted
SUBMISSION — Mail submission (STARTTLS)
Authenticated mail submission from clients. STARTTLS required by modern providers.
EmailRFC 6409
631TCP/UDPVaries
IPP — Internet Printing Protocol / CUPS
Printing (CUPS). Frequently exposed unnecessarily.
SystemRFC 8011
636TCPEncryptedEncrypted
LDAPS — LDAP over TLS
LDAP encrypted with implicit TLS.
SecurityNetwork
853TCP/UDPEncryptedEncrypted
DoT — DNS over TLS
DNS queries encrypted with TLS.
NetworkSecurityRFC 7858
873TCPCleartext
RSYNC — Rsync daemon
Cleartext rsync sync. Prefer rsync over SSH.
File transferSecure variant: 22
989TCPEncryptedEncrypted
FTPS-DATA — FTPS over TLS — Data
FTPS implicit-TLS data channel.
File transfer
990TCPEncryptedEncrypted
FTPS — FTPS over TLS — Control
FTPS with implicit TLS. SFTP (22) is usually simpler to operate.
File transfer
993TCPEncryptedEncrypted
IMAPS — IMAP over TLS
Encrypted IMAP access.
Email
995TCPEncryptedEncrypted
POP3S — POP3 over TLS
Encrypted POP3.
Email
1080TCPVaries
SOCKS — SOCKS proxy
SOCKS4/5 proxy. Used by Tor and generic proxy clients.
NetworkRFC 1928
1194UDPEncryptedEncrypted
OPENVPN — OpenVPN
OpenVPN, usually UDP. Can run on TCP in restrictive networks.
SecurityNetwork
1433TCPVaries
MSSQL — Microsoft SQL Server
SQL Server. Do not expose to the public internet.
Database
1521TCPVaries
ORACLE — Oracle Database (TNS Listener)
Oracle listener. Keep behind a firewall.
Database
1723TCPCleartext
PPTP — Point-to-Point Tunneling Protocol
PPTP VPN, considered insecure. Use OpenVPN, IKEv2 or WireGuard.
SecurityNetworkRFC 2637
1812UDPVaries
RADIUS-AUTH — RADIUS authentication
AAA authentication. Use RADSEC for encrypted transport.
SecurityNetworkRFC 2865
1813UDPVaries
RADIUS-ACCT — RADIUS accounting
RADIUS accounting.
SecurityNetworkRFC 2866
1883TCPCleartext
MQTT — MQTT (cleartext)
MQTT broker without TLS. Use MQTTS (8883) in production.
MessagingDevelopmentSecure variant: 8883
2049TCP/UDPVaries
NFS — Network File System
Unix file sharing. NFSv4 supports Kerberos authentication.
File transferSystemRFC 7530
2375TCPCleartext
DOCKER-API — Docker Engine API (cleartext)
Docker API without TLS — equivalent to remote root access. NEVER expose to the internet.
DevelopmentSystemSecure variant: 2376
2376TCPEncryptedEncrypted
DOCKER-API-TLS — Docker Engine API (TLS)
Docker API with mandatory mutual TLS.
DevelopmentSystem
3000TCPVaries
DEV-NODE — Node.js / Next.js dev server
Informal default for Node dev servers (Next.js, Express).
Development
3306TCPVaries
MYSQL — MySQL / MariaDB
MySQL/MariaDB database. TLS optional; keep private.
Database
3389TCP/UDPVaries
RDP — Remote Desktop Protocol
Windows remote desktop. Always behind a VPN or gateway.
Remote access
3478TCP/UDPVaries
STUN/TURN — STUN / TURN (WebRTC NAT traversal)
NAT traversal for WebRTC and VoIP.
VoIPStreamingRFC 5389RFC 8656
4000TCPVaries
DEV-PHOENIX — Phoenix / Elixir dev server
Default Phoenix Framework dev port.
Development
4040TCPVaries
NGROK-WEB — ngrok web inspector
ngrok local tunnel inspector UI.
Development
5000TCPVaries
DEV-FLASK — Flask / Python dev server
Default Flask dev server. Conflicts with AirPlay on macOS.
Development
5060TCP/UDPCleartext
SIP — Session Initiation Protocol
Cleartext VoIP signaling. SIP-TLS on 5061.
VoIPRFC 3261Secure variant: 5061
5061TCPEncryptedEncrypted
SIP-TLS — SIP over TLS
VoIP signaling with TLS.
VoIPRFC 3261
5173TCPVaries
DEV-VITE — Vite dev server
Default Vite dev port (React/Vue/Svelte).
Development
5222TCPVaries
XMPP-CLIENT — XMPP client connection
XMPP messaging. Supports StartTLS.
MessagingRFC 6120
5269TCPVaries
XMPP-SERVER — XMPP server-to-server
Server-to-server XMPP federation.
MessagingRFC 6120
5353UDPVaries
mDNS — Multicast DNS / Bonjour
Zero-config service discovery (.local).
NetworkRFC 6762
5432TCPVaries
POSTGRES — PostgreSQL
PostgreSQL database. TLS configurable; keep private.
Database
5672TCPVaries
AMQP — Advanced Message Queuing Protocol
AMQP brokers (RabbitMQ). TLS on 5671.
MessagingSecure variant: 5671
5800TCPCleartext
VNC-HTTP — VNC web client
VNC web-based client.
Remote access
5900TCPVaries
VNC — Virtual Network Computing
VNC remote display. Tunnel via SSH on untrusted networks.
Remote access
5985TCPCleartext
WINRM-HTTP — Windows Remote Management (HTTP)
WinRM over HTTP. Use HTTPS (5986).
Remote accessSystemSecure variant: 5986
5986TCPEncryptedEncrypted
WINRM-HTTPS — Windows Remote Management (HTTPS)
WinRM with TLS.
Remote accessSystem
6379TCPVaries
REDIS — Redis
Redis cache/KV store. NEVER expose without auth — common cryptominer target.
Database
6443TCPEncryptedEncrypted
KUBERNETES-API — Kubernetes API server
Kubernetes API server with mandatory mTLS.
DevelopmentSystem
6660TCPCleartext
IRC-ALT — IRC (alternative)
Alternative IRC port range.
Messaging
6697TCPEncryptedEncrypted
IRCS — IRC over TLS
IRC with TLS.
Messaging
8000TCPVaries
DEV-HTTP — HTTP dev / Django
HTTP dev servers (Django, http.server).
DevelopmentWeb
8080TCPCleartext
HTTP-ALT — HTTP alternative
Alternative HTTP. Common for proxies, dashboards and Tomcat.
Web
8443TCPEncryptedEncrypted
HTTPS-ALT — HTTPS alternative
Alternative HTTPS, common on admin dashboards.
Web
8883TCPEncryptedEncrypted
MQTTS — MQTT over TLS
MQTT with TLS.
MessagingDevelopment
9000TCPVaries
DEV-PHP — PHP-FPM / dev
PHP-FPM and assorted dev tooling.
Development
9090TCPVaries
PROMETHEUS — Prometheus metrics
Prometheus metrics endpoint.
Development
9092TCPVaries
KAFKA — Apache Kafka broker
Kafka broker. TLS/SASL configurable.
Messaging
9200TCPVaries
ELASTICSEARCH — Elasticsearch / OpenSearch
Elasticsearch/OpenSearch HTTP API. Keep private.
DatabaseDevelopment
11211TCP/UDPCleartext
MEMCACHED — Memcached
In-memory cache. UDP is an amplification vector — use TCP and firewall.
Database
25565TCPVaries
MINECRAFT — Minecraft (Java edition)
Minecraft Java server.
Gaming
27015TCP/UDPVaries
STEAM-SOURCE — Steam / Source engine
Source-engine based servers (CS:GO, TF2, etc).
Gaming
27017TCPVaries
MONGODB — MongoDB
MongoDB database. Do not expose without auth.
Database
51820UDPEncryptedEncrypted
WIREGUARD — WireGuard VPN
WireGuard VPN. Default port from the official docs.
SecurityNetwork

Everything runs locally in your browser from an embedded catalog. This tool does not connect to IPs or ports — it is not a scanner.

Continue in the tool

Open full tool

More pages for this tool

What to understand about TCP UDP Port Reference

In networking, almost every result needs operational context: DNS, ASN, registrar, protocol, route or topology.
In tCP UDP Port Reference, the best results come from interpreting definitions, context and practical limits before repeating an isolated rule.
When an important decision is involved, use this as a basis for understanding and confirm the source or policy that applies to your case.

Quick editorial scenarios

Typical context

Input: topic → definition → context
Expected output: interpretation → limits → next step

The central topic is tCP UDP Port Reference — the value is in understanding the correct interpretation, not only repeating a result.

Common pitfall

Input: isolated result
Expected output: source → convention → decision

Interpreting an IP, domain, port or vendor without checking scope and source. The fix usually starts by cross-check the result with the source, update window and infrastructure layer..

Full tool FAQ

Why can't I scan a host?

Deliberate decision: unauthorized port scanning is an abuse vector and has legal implications in several countries. We prefer a clear, safe reference.

Where does the data come from?

How do I know if a port is secure?

What does "IANA range" mean?

Can I embed this catalog?

Frequently asked questions

What matters most in tCP UDP Port Reference?

The main point is understanding tCP UDP Port Reference in the right context instead of treating one isolated value as a complete answer.

What is the most common mistake in this topic?

A typical limitation is assuming that one identifier alone explains the entire environment.

How should this topic be interpreted more carefully?

Cross-check tCP UDP Port Reference with source, conventions, freshness and practical goals before taking action.

FTP-DATA — File Transfer Protocol — Data

FTP — File Transfer Protocol — Control

SSH — Secure Shell / SFTP

TELNET — Telnet

SMTP — Simple Mail Transfer Protocol

DNS — Domain Name System

DHCP-SERVER — Dynamic Host Configuration Protocol (server)

DHCP-CLIENT — Dynamic Host Configuration Protocol (client)

TFTP — Trivial File Transfer Protocol

HTTP — HyperText Transfer Protocol

KERBEROS — Kerberos authentication

POP3 — Post Office Protocol v3

NNTP — Network News Transfer Protocol

NTP — Network Time Protocol

MS-RPC — Microsoft RPC Endpoint Mapper

NETBIOS-NS — NetBIOS Name Service

NETBIOS-SSN — NetBIOS Session Service

IMAP — Internet Message Access Protocol

SNMP — Simple Network Management Protocol

SNMPTRAP — SNMP Trap

BGP — Border Gateway Protocol

IRC — Internet Relay Chat

LDAP — Lightweight Directory Access Protocol

HTTPS — HTTP over TLS

SMB — Server Message Block (SMB / CIFS)

SMTPS — SMTP over TLS (implicit)

SYSLOG — BSD Syslog

SUBMISSION — Mail submission (STARTTLS)

IPP — Internet Printing Protocol / CUPS

LDAPS — LDAP over TLS

DoT — DNS over TLS

RSYNC — Rsync daemon

FTPS-DATA — FTPS over TLS — Data

FTPS — FTPS over TLS — Control

IMAPS — IMAP over TLS

POP3S — POP3 over TLS

SOCKS — SOCKS proxy

OPENVPN — OpenVPN

MSSQL — Microsoft SQL Server

ORACLE — Oracle Database (TNS Listener)

PPTP — Point-to-Point Tunneling Protocol

RADIUS-AUTH — RADIUS authentication

RADIUS-ACCT — RADIUS accounting

MQTT — MQTT (cleartext)

NFS — Network File System

DOCKER-API — Docker Engine API (cleartext)

DOCKER-API-TLS — Docker Engine API (TLS)

DEV-NODE — Node.js / Next.js dev server

MYSQL — MySQL / MariaDB

RDP — Remote Desktop Protocol

STUN/TURN — STUN / TURN (WebRTC NAT traversal)

DEV-PHOENIX — Phoenix / Elixir dev server

NGROK-WEB — ngrok web inspector

DEV-FLASK — Flask / Python dev server

SIP — Session Initiation Protocol

SIP-TLS — SIP over TLS

DEV-VITE — Vite dev server

XMPP-CLIENT — XMPP client connection

XMPP-SERVER — XMPP server-to-server

mDNS — Multicast DNS / Bonjour

POSTGRES — PostgreSQL

AMQP — Advanced Message Queuing Protocol

VNC-HTTP — VNC web client

VNC — Virtual Network Computing

WINRM-HTTP — Windows Remote Management (HTTP)

WINRM-HTTPS — Windows Remote Management (HTTPS)

REDIS — Redis

KUBERNETES-API — Kubernetes API server

IRC-ALT — IRC (alternative)

IRCS — IRC over TLS

DEV-HTTP — HTTP dev / Django

HTTP-ALT — HTTP alternative

HTTPS-ALT — HTTPS alternative

MQTTS — MQTT over TLS

DEV-PHP — PHP-FPM / dev

PROMETHEUS — Prometheus metrics

KAFKA — Apache Kafka broker

ELASTICSEARCH — Elasticsearch / OpenSearch

MEMCACHED — Memcached

MINECRAFT — Minecraft (Java edition)