TCP/UDP Port Number Reference — Common Network Service Ports

This comprehensive TCP/UDP port reference covers all well-known port numbers used by common network services, protocols and applications. Use this guide when configuring firewalls, writing ACLs, troubleshooting connectivity issues, or studying for CompTIA Security+, CCNA, or CEH certifications.

How TCP and UDP Ports Work

A port number is a 16-bit number (0–65535) that identifies a specific process or service on a networked device. Combined with an IP address, it forms a socket — the complete endpoint for a network connection. Port numbers are divided into three ranges:

• Well-Known Ports (0–1023) — assigned by IANA to standard protocols (HTTP=80, HTTPS=443, SSH=22)
• Registered Ports (1024–49151) — registered for specific applications (MySQL=3306, RDP=3389)
• Dynamic/Ephemeral Ports (49152–65535) — used temporarily by clients for outbound connections

Essential Ports for Firewall Configuration

When configuring firewalls and security groups, always follow the principle of least privilege — only open ports that are genuinely required. Common mistakes include leaving port 3389 (RDP) open to the internet (a primary vector for ransomware attacks), exposing port 22 (SSH) without key-based authentication, and leaving database ports (3306, 5432, 27017) accessible outside the application tier.

Security Risks of Common Open Ports

• Port 22 (SSH) — Brute-force attacks. Use key authentication, change default port, restrict source IPs.
• Port 23 (Telnet) — Unencrypted. Never use on production systems. Replace with SSH.
• Port 3389 (RDP) — Top ransomware vector. Never expose to public internet without VPN or MFA.
• Port 445 (SMB) — EternalBlue exploit vector (WannaCry). Block at internet perimeter.
• Port 3306 (MySQL) — Should only be accessible from application servers, never the internet.