Log In Join Free

🌐 Port Encyclopedia

Search any port number. Instant service identification, security risk level, and scanning commands for 2,758 ports.

2,758Ports

52Critical

139High Risk

145Medium

🔍

Enter a port number (1–65535) or service name

TCP port service multiplexer — rarely used, can indicate misconfigured systems

Remote Job Entry — legacy protocol for submitting jobs to remote computers

Echo protocol — reflects data back to sender, used for network testing and diagnostics

Discard protocol — silently drops all data received, used for testing and Wake-on-LAN

Active users protocol — can leak system user information to attackers

Daytime protocol — returns current date and time, potential information disclosure

Quote of the Day — returns a text quote, rarely used in modern networks

Character Generator — can be abused for amplification DDoS attacks

FTP data transfer channel — transmits files in cleartext, credentials can be sniffed

FTP control channel — authentication in cleartext, anonymous login risks, bounce attacks

Secure Shell — encrypted remote access, brute force target, key-based auth recommended

Telnet — unencrypted remote access, all data including passwords sent in cleartext

Simple Mail Transfer Protocol — email relay, open relay abuse, spam vector

RSFTP — alternative SMTP port sometimes used to bypass port 25 filtering

Time protocol — provides machine-readable time, largely replaced by NTP

Windows Internet Name Service — NetBIOS name resolution, legacy Windows networks

WHOIS protocol — domain registration lookup, reconnaissance tool for attackers

TACACS+ — network device authentication, authorization, and accounting

Domain Name System — DNS queries and zone transfers, DNS hijacking, cache poisoning

DHCP server — dynamic IP assignment, rogue DHCP attacks, DHCP starvation

DHCP client — receives IP configuration, DHCP spoofing vulnerability

Trivial FTP — no authentication, used for firmware updates, often misconfigured

Gopher protocol — precursor to HTTP, rarely used but sometimes found in CTFs

Finger protocol — reveals user information, username enumeration, privacy risk

Hypertext Transfer Protocol — unencrypted web traffic, XSS, SQLi, web app attacks

Alternative HTTP — often used for web admin panels and secondary web services

Alternative HTTP — secondary web service port

Alternative HTTP — third alternative web port

Alternative HTTP — used by some web applications

Kerberos authentication — Active Directory, ticket-granting, Kerberoasting attacks

ISO Transport Service Access Point — used by Siemens S7 PLCs and SCADA systems

DICOM — medical imaging protocol, patient data exposure if misconfigured

Post Office Protocol v3 — email retrieval in cleartext, credential theft risk

RPC portmapper — reveals available RPC services, NFS enumeration starting point

Identification protocol — reveals username running a process, information leak

Network News Transfer Protocol — Usenet, can expose internal network information

Network Time Protocol — time synchronization, NTP amplification DDoS attacks

Microsoft RPC — Windows service endpoint mapper, lateral movement, remote execution

NetBIOS Name Service — Windows name resolution, null session enumeration

NetBIOS Datagram Service — Windows datagram distribution, browsing

NetBIOS Session Service — file sharing, printer sharing, EternalBlue (MS17-010)

Internet Message Access Protocol — email access in cleartext, credential interception

Simple Network Management Protocol — network device management, community string guessing

SNMP Trap — receives alerts from network devices, information disclosure

Border Gateway Protocol — internet routing, BGP hijacking, route injection attacks

Internet Relay Chat — botnet command and control, social engineering vector

SNMP Unix Multiplexer — SNMP proxy on Unix systems

AppleTalk routing — legacy Apple networking protocol

Border Gateway Multicast Protocol — multicast routing

Time Stamp Protocol — network time stamping

HP data collection — HP OpenView network management

HP data alarm manager — HP OpenView alerting

Lightweight Directory Access Protocol — Active Directory queries, LDAP injection

Direct Connect Hub — P2P file sharing hub

Direct Connect Client-to-Client — P2P transfers

Service Location Protocol — service discovery, can leak internal services

HTTP over TLS/SSL — encrypted web traffic, SSL/TLS vulnerabilities, certificate issues

Simple Network Paging Protocol — pager notifications

Server Message Block — Windows file sharing, EternalBlue, WannaCry, PrintNightmare

Kerberos-Change

Kerberos password change — Active Directory password operations

SMTP over SSL — encrypted email submission, now deprecated in favor of STARTTLS

Retrospect backup — backup software communication

Internet Key Exchange — IPsec VPN negotiation, IKE aggressive mode attacks

Modbus — industrial control protocol, no authentication, SCADA/ICS attacks

Remote execution — executes commands on remote Unix systems, cleartext auth

Remote login — cleartext remote login, trust relationship exploitation

Syslog — centralized logging, log injection, log forging attacks

Line Printer Daemon — network printing, print spooler vulnerabilities

Routing Information Protocol — dynamic routing, route poisoning attacks

RIP next generation — IPv6 routing protocol

IBM DB2 — database discovery, SQL injection if exposed

NetWare Core Protocol — Novell NetWare file services

Remote Procedure Call — Unix RPC services

Unix-to-Unix Copy — legacy file transfer between Unix systems

Kerberos authenticated login — Kerberized rlogin

Kerberos authenticated shell — Kerberized rsh

Apple Filing Protocol — macOS file sharing, now largely replaced by SMB

Real Time Streaming Protocol — media streaming, IP camera feeds

NNTP over SSL — encrypted Usenet access

SMTP-Submission

Email submission port — authenticated SMTP, STARTTLS encryption

FileMaker — database application protocol

Microsoft DCOM — HTTP tunneling for DCOM/RPC, remote execution

IPMI/BMC — server out-of-band management, cipher zero vulnerability, hash disclosure

Internet Printing Protocol — CUPS printing, printer exploitation

LDAP over SSL — encrypted directory queries, certificate validation issues

Label Distribution Protocol — MPLS label distribution

Doom multiplayer — also used by some backdoors and malware

MS Exchange routing — Microsoft Exchange server communication

Extensible Provisioning Protocol — domain name registration

Kerberos administration — KDC admin interface, password changes

rsync — file synchronization, unauthenticated access if misconfigured

VMware ESXi — virtual machine management, vSphere client connection

IMAP over SSL — encrypted email access, safer than plaintext IMAP

POP3 over SSL — encrypted email retrieval

First non-privileged port — often dynamically assigned

NFS or IIS RPC — can indicate Windows RPC services

SOCKS proxy — traffic tunneling, often used by malware for C2 communication

Java RMI Registry — Java Remote Method Invocation, deserialization attacks

OpenVPN — open-source VPN tunnel, target for credential brute force

Steam Friends — Valve Steam gaming platform communication

Kazaa P2P — legacy peer-to-peer file sharing

Nessus vulnerability scanner — security scanning daemon

Microsoft SCOM — System Center Operations Manager agent

Dell OpenManage — server management console, default credentials risk

WASTE encrypted chat — also commonly used for backdoors (leet speak)

Microsoft SQL Server — database access, SQL injection, xp_cmdshell RCE

MS SQL Server Browser — instance discovery, SQL Slammer worm target

Citrix ICA — virtual desktop protocol, session hijacking risks

Alternative RDP — sometimes used instead of 3389 for security through obscurity

Oracle Database listener — TNS listener, SQL injection, listener poisoning

Point-to-Point Tunneling Protocol — legacy VPN, broken encryption, MS-CHAPv2 weakness

CiscoWorks — Cisco network management platform

RADIUS authentication — network access control, shared secret attacks

RADIUS accounting — tracks user session data for billing and auditing

MQTT — IoT messaging protocol, often unauthenticated, smart home device control

Simple Service Discovery Protocol — UPnP discovery, amplification DDoS attacks

Tridium Niagara Fox — building automation systems, ICS/SCADA

Real-Time Messaging Protocol — Adobe Flash streaming, live video

Sentinel license manager — software license server

Cisco Skinny Call Control Protocol — IP phone signaling

Network File System — Unix file sharing, no-root-squash exploitation, data theft

cPanel — web hosting control panel, credential brute force target

cPanel over SSL — encrypted hosting management

Web Host Manager — server management for hosting providers

WHM over SSL — encrypted server management

Oracle XML DB — Oracle database HTTP interface

Apache ZooKeeper — distributed coordination, unauthenticated access common

Alternative SSH — commonly used to hide SSH from default port scanners

Alternative Telnet — IoT devices often use this for management

Docker daemon — unauthenticated container management, full host compromise

Docker daemon TLS — encrypted container management

etcd client — Kubernetes key-value store, cluster secrets exposure

etcd peer — cluster node communication

Oracle database over TLS — encrypted database connections

Oracle database TLS alternative — secondary encrypted Oracle port

Alternative SMTP — used when port 25 is blocked by ISPs

Citrix CGP — session reliability protocol

Zebra routing — Quagga/FRR routing daemon CLI

OSPF daemon — Open Shortest Path First routing

SAP Sybase — database server connections

Microsoft SMS — remote control agent

Universal Plug and Play — device discovery, SSRF, remote code execution

gpsd — GPS daemon, location data sharing

Symantec AntiVirus — endpoint protection management

Grafana/Node.js — dashboard default port, dev servers often exposed

Node.js alternative — development server commonly on this port

Firebird database — SQL database server, injection risks

Squid proxy — web caching proxy, open proxy abuse, SSRF

LDAP Global Catalog — Active Directory forest-wide queries

LDAP Global Catalog SSL — encrypted forest-wide AD queries

Apple Remote Desktop — macOS remote management

MySQL/MariaDB — database access, SQL injection, UDF exploitation, data theft

Alternative MySQL — secondary MySQL instance

DEC Notes — also common for development servers

Remote Desktop Protocol — Windows remote access, BlueKeep, brute force, NLA bypass

STUN — NAT traversal for VoIP and WebRTC

PBS Professional — job scheduler for HPC clusters

PBS Professional scheduler

PBS Professional MoM — node management

Distributed C compiler — remote code execution if exposed

Subversion — version control, source code exposure

Rapid7 Nexpose — vulnerability management console

Bidirectional Forwarding Detection — fast failure detection

Metasploit Framework — penetration testing web interface

Diameter protocol — successor to RADIUS for network authentication

ICQ instant messaging — legacy chat protocol

DNSSEC — DNS Security Extensions debugging

Apache Spark — data processing web UI

ZeroC ICE — Internet Communications Engine

Angular CLI — development server default port

Erlang Port Mapper — Erlang/RabbitMQ node discovery, RCE potential

Alternative HTTPS — secondary secure web services

Metasploit default handler — extremely common for reverse shells and payloads

IPsec NAT traversal — VPN through NAT

SaltStack Master — configuration management, CVE-2020-11651 RCE

SaltStack Master return — results from managed nodes

Sinatra/Tram — Ruby web framework default port

eMule P2P — peer-to-peer file sharing

eMule P2P UDP — peer-to-peer serverless search

Gearman — distributed job processing framework

Cisco Smart Install — remote code execution, device takeover (CVE-2018-0171)

GlassFish admin — Java application server management

Radmin — remote desktop software, brute force target

UPnP/Docker/Flask — varies: Docker Registry, Flask dev, Synology DSM

Synology NAS — NAS management interface

Real-time Transport Protocol — audio/video streaming

RTP alternative — media streaming

WSAS — Workstation Solutions Agent Service

WSAS alternative port

Synaptics — touchpad driver communication

Apple Airport — wireless router administration

Telepath — legacy communication

DCutil — display controller utility

Yahoo Messenger — legacy instant messaging

Session Initiation Protocol — VoIP signaling, toll fraud, eavesdropping

SIP over TLS — encrypted VoIP signaling

Socalia — service port

AOL Instant Messenger — legacy chat protocol

XMPP client — Jabber instant messaging, ejabberd, Prosody

XMPP over SSL — encrypted instant messaging

XMPP server-to-server — federated messaging between domains

Multicast DNS — Bonjour/Avahi local service discovery, reconnaissance

Web Services for Devices — Windows network discovery, information leak

PostgreSQL — relational database, SQL injection, privilege escalation

VNC HTTP — web-based VNC access

Android Debug Bridge — full device control, malware installation, data theft

Kibana — Elasticsearch dashboard, CVE-2019-7609 prototype pollution RCE

pcAnywhere — Symantec remote access, known vulnerabilities

pcAnywhere-Data

pcAnywhere data channel

AMQP — RabbitMQ advanced message queuing, unauthenticated access risk

Constrained Application Protocol — IoT device communication, no auth common

VNC Java web client — browser-based remote desktop access

VNC Remote Desktop — screen sharing, weak auth, no encryption by default

VNC display 1 — additional VNC virtual display

TeamViewer — remote support, scam target, credential reuse attacks

CouchDB — NoSQL database HTTP API, unauthenticated admin access

WinRM HTTP — Windows remote management, PowerShell remoting, lateral movement

WinRM HTTPS — encrypted Windows remote management

X Window System — Unix GUI forwarding, screen capture, keystroke logging

X11 display 1 — additional X Window display

X11 proxy — X Window forwarding proxy

Redis — in-memory data store, unauthenticated by default, RCE via SLAVEOF

Kubernetes API server — cluster management, RBAC bypass, secret access

Syslog over TLS — encrypted centralized logging

Alternative IRC — IRC on non-standard port

IRC — Internet Relay Chat server

IRC — additional IRC port

IRC — additional IRC port

IRC — additional IRC port

IRC — additional IRC port

IRC — common IRC port, also used by some backdoors

IRC — default IRC port, botnet C2 communication

IRC — additional IRC port

IRC — additional IRC port

IRC over TLS — encrypted IRC communication

BitTorrent — peer-to-peer file sharing

BitTorrent-Tracker

BitTorrent tracker — torrent peer coordination

Apache Cassandra — inter-node communication, NoSQL cluster

Oracle WebLogic — Java app server admin, deserialization RCE (CVE-2017-10271)

WebLogic SSL — encrypted admin interface

RealServer — RTSP alternate for streaming media

Zimbra admin — email suite administration panel

Zimbra LMTP — local mail delivery

Oracle Application Server — HTTPS administration

Neo4j Browser — graph database web interface

CPE WAN Management Protocol (TR-069) — ISP device management, mass router exploitation

TR-069 over TLS — encrypted ISP device management

cBrowser/iChat — development server or game server

Interwise — web conferencing platform

Alternative HTTP — Django dev server, various web apps

Alternative HTTP — secondary development web server

Alternative HTTP — often used for web proxies or APIs

Apache JServ Protocol — Tomcat AJP connector, GhostCat (CVE-2020-1938)

Alternative HTTP — web application port

Hadoop YARN NodeManager — big data cluster web UI

Roku External Control — smart TV control API

Odoo ERP — business application web interface

HTTP proxy/alternative — Tomcat, Jenkins, Burp Suite, web app default

Alternative HTTP — secondary web service, management panels

Alternative HTTP — another web service port

Alternative HTTP — web application port

Radan HTTP — also used by Hadoop YARN ResourceManager

Atlassian Confluence — wiki/knowledge base, OGNL injection targets

Couchbase Web Console — NoSQL database administration

Jellyfin — open-source media server

JetBrains TeamCity — CI/CD server, authentication bypass CVEs

Deluge Web UI — BitTorrent client web interface

Home Assistant — smart home automation dashboard

Puppet agent — configuration management, command execution

Puppet master — configuration management server

Apache ActiveMQ Web Console — message broker admin, deserialization RCE

Alternative Tomcat — secondary Apache Tomcat instance

HashiCorp Vault — secrets management, token theft = full compromise

VMware VCSA — vCenter Server Appliance management

MikroTik Winbox — router management, Winbox exploitation (CVE-2018-14847)

Bitcoin — cryptocurrency node peer communication

Bitcoin JSON-RPC — alternative Bitcoin API

Alternative HTTP — web application port

Alternative HTTPS — common for admin panels, APIs, VMware

Alternative HTTPS — secondary encrypted web service

HashiCorp Consul — service discovery, key-value store

Ethereum JSON-RPC — blockchain node API, wallet theft if exposed

Consul DNS interface — service discovery via DNS

Java Management Extensions — remote Java monitoring, deserialization attacks

Ultrasurf — proxy/VPN tool for censorship circumvention

Nessus Web UI — Tenable vulnerability scanner interface

Alternate HTTP — Websphere, alternative web services

Alternative HTTP — Jupyter Notebook, various dev tools

Apache Solr — search platform, SSRF, RCE via Velocity template injection

Portainer/SonarQube/PHP-FPM — container management or code quality

Tor control — Tor anonymity network management

Alternative PHP-FPM — FastCGI Process Manager

Cassandra CQL — native query protocol for Apache Cassandra

IBM WebSphere admin — application server management

WebSphere admin console — alternative admin port

WebSphere HTTP — application server web transport

Prometheus/Cockpit/WebSM — monitoring or web system manager

Transmission Web UI — BitTorrent client web interface

HP JetDirect — network printing, PRET exploitation, PJL injection

Cassandra-Thrift

Cassandra Thrift — legacy Cassandra protocol

Elasticsearch — search engine REST API, data exposure, RCE

Elasticsearch-Alt

Elasticsearch alternative — secondary REST endpoint

Elasticsearch-TCP

Elasticsearch transport — inter-node cluster communication

Git protocol — unencrypted Git repository access

Alternative HTTPS — various web administration panels

ISPmanager — web hosting control panel

IBM HTTP Server admin — web server management

PingFederate — SSO and identity federation

Logstash — log processing pipeline API

Session border controller — VoIP security gateway

Crypto miner — often used by unauthorized cryptocurrency miners

Jenkins HTTPS — CI/CD server encrypted access

Jenkins alternative — secondary Jenkins port

Distinct — various web services

Urchin/Telnet — analytics or alternative admin port

Webmin — Unix system administration panel, RCE vulnerabilities

SCP config — Ubiquiti device discovery

Zabbix agent — monitoring agent, command execution if misconfigured

Zabbix server — monitoring server, SQL injection history

Kubelet API — Kubernetes node agent, unauthenticated command execution

Kubelet read-only — pod information disclosure

Alternative HTTPS — various management interfaces

Memcached — in-memory cache, amplification DDoS, data exposure

Memcached alternative — secondary cache port

Memcached alternative — tertiary cache port

Alternative HTTPS — web management interface

NetBus trojan — classic backdoor port, also used by some apps

Asterisk — open source PBX/VoIP

Alternative MySQL — non-standard MySQL instance

Custom backdoor — commonly used by pentesters and malware

FileZilla Server admin — FTP server management

RabbitMQ management — message broker web UI, default credentials

HBase Master — Hadoop database web UI

Intel AMT — Active Management Technology, CVE-2017-5689 auth bypass

Intel AMT over TLS — encrypted out-of-band management

Cassandra — alternative port for NoSQL database

Bitvise SSH Server — Windows SSH implementation

Alternative HTTP — various web applications

GKrellM — system monitoring daemon

Distributed Network Protocol — SCADA/ICS, power grid, water systems

ProFTPD — FTP server alternative port

Starbound — multiplayer game server

Alternative SSH — non-standard SSH port for obscurity

Alternative Telnet — IoT management interface

Minecraft server — game server, Log4Shell target (CVE-2021-44228)

Minecraft RCON — remote console, server administration

Steam game server — Source engine multiplayer

MongoDB — NoSQL database, unauthenticated access epidemic, data ransom

MongoDB shard server — sharded cluster communication

MongoDB config server — cluster metadata

RethinkDB — real-time database, web admin interface

MongoDB HTTP interface — web-based database status (deprecated)

Gerrit code review — SSH-based Git repository management

Lantronix — serial device server, firmware extraction

Back Orifice — classic remote access trojan, elite (31337/ELEET) port

Plex Media Server — personal media streaming

Router-Backdoor

Router backdoor — Linksys/Netgear/Cisco backdoor found in firmware

MySQL X Protocol — document store and CRUD operations

Alternative RDP — non-standard Remote Desktop port

Jenkins JNLP agent — Java Web Start slave connections

Alternative SMB — non-standard SMB port

Dahua DVR/NVR — surveillance camera management, default credentials

SafeNet Sentinel — hardware security module

Crestron — AV control systems, building automation

RuneScape — online game server

EtherNet/IP — industrial automation protocol, PLC communication

WinRM alternative — Windows remote management on non-standard port

BACnet — building automation and control, HVAC systems

First dynamic/private port — ephemeral port range start

No ports match your search.

📚 Learn Network Security — Free Course