Ports for Internet Services
Quoting one of the websites
****************
| Service | TCP | UDP | Notes |
|---|---|---|---|
| SSH | 22 | Secure Shell * | |
| HTTP | 80 | HyperText Transfer Protocol * (e.g. for web browsing). Currently (2003-07-05) HTTP/1.1 is officially described in RFC 2616. | |
| HOSTS2 Name Server | 81 | 81 | * An interesting story. The name attached to this port in the IANA list, Earl Killian, says he shouldn't be. He says "I don't know what 81 is, or whether it is still in use." Since Mr. Killian doesn't know what HOSTS2 is/was, and with Postel gone, I wonder if there's anyone left in the world who knows what 81 was/is for and who actually requested it. |
| XFER Utility | 82 | 82 | * Another interesting story. The name attached to this port in the IANA list, Thomas M. Smith
of Lockheed Martin,
says
Sorry... there is no publicly available information regarding the details of the XFER Utility and its use of tcp and udp port # 82. XFER employs a proprietary protocol which has not been disclosed. |
| RPC Endpoint Mapper | 135 | 135 | * registered as "epmap - DCE endpoint resolution". Used by Microsoft for RPC locator service. See additional information. |
| LDAP | 389 | 389 | Lightweight Directory Access Protocol * |
| MS NetMeeting | LDAP or ULP, dyn >=1024, 1503, H.323 HostCall, MS ICCP | dyn >=1024 | videoconferencing |
| Timbuktu | 407, 1417-1420 | 407 | remote control * |
| SLP | 427 | 427 | Service Location Protocol * Used by MacOS and NetWare. |
| HTTPs | 443 | secure HTTP (SSL) * | |
| LPD / printer | 515 | 515 | printing * LPD stands for Line Printer Daemon. Also see printing section. |
| ULP | 522 | 522 | User Location Protocol (Microsoft) * |
| AppleTalk Filing Protocol (AFP) | 548 | 548 | * |
| QuickTime 4 | RTSP | RTP-QT4 | streaming audio, video * |
| RTSP | 554 | Real Time Streaming Protocol *. Currently (2003-07-05) described in RFC 2326. | |
| NNTPs | 563 | secure NNTP news (SSL) * | |
| Internet Printing Protocol (IPP) | 631 | 631 | print remotely to any IPP enabled printer through the Internet * The Common Unix Printing System (CUPS) is based on IPP. Also see printing section. |
| LDAPs | 636 | 636 | secure LDAP * (LDAP protocol over TLS/SSL) |
| Doom | 666 | 666 | network game * |
| Remotely Possible (ControlIT) | 799 | remote control. CA ControlIT support. | |
| VMware Virtual Machine Console | 902 | remote control and viewing of virtual machines. vmware-authd. | |
| SOCKS | 1080 | internet proxy *. Also used by Trojans. | |
| OpenVPN | 1194 | 1194 | * |
| Kazaa | 1214 | 1214 | peer-to-peer file sharing * |
| WASTE | 1337 | 1337 | peer-to-peer. Also see InfoAnarchy WASTE FAQ. This port is officially registered for Men and Mice DNS (QuickDNS Remote). |
| Lotus Notes Domino | 1352 | * | |
| VocalTec Internet Phone | 1490, 6670, 25793 | 22555 | videoconferencing * |
| Citrix ICA | 1494, dyn >=1023 | 1604, dyn >=1023 | remote application access * |
| Virtual Places | 1533 | conferencing *, also see VP voice | |
| Xing StreamWorks | 1558 | streaming video * | |
| Novell GroupWise (Remote Client) | 1677 | 1677 | group collaboration * NOTE: Other features of GroupWise use many other ports. |
| H.323 Host Call | 1720 | 1720 | H.323 host call * |
| PPTP | 1723 | virtual private network (VPN) * Note PPTP also uses the GRE protocol. However Microsoft says in Understanding PPTP: "PPTP can be used with most firewalls and routers by enabling traffic destined for port 1723 to be routed through the firewall or router." | |
| MS ICCP | 1731 | 1731 | audio call control (Microsoft) * |
| MS NetShow | 1755 | 1755, dyn >=1024 <=5000 | streaming video * |
| MSN Messenger | 1863 | instant messenging *. NOTE: For detailed info on ports for file transfers, voice and video, see the Windows and MSN Messenger section below. | |
| Netopia netOctopus | 1917, 1921 | 1917 | network management * |
| Big Brother | 1984 | 1984 | network monitoring * |
| ICU II | 2000-2003 | videoconferencing. NOTE: security risk on TCP port 50000 | |
| iSpQ | 2000-2003 | videoconferencing. Note: support docs are inconsistent on what ports are required | |
| glimpseserver | 2001 | search engine | |
| Distributed.Net RC5/DES | 2064 | distributed computation | |
| SoulSeek | 2234, 5534 | 2234, 5534 | file sharing |
| Microsoft DirectX gaming (DirectPlay) 7 | 2300-2400, 47624 | 2300-2400 | networked multiplayer games, * only 47624 is registered as "Direct Play Server", if needed also see MSN Gaming Zone |
| Microsoft DirectX gaming (DirectPlay) 8 | 2302-2400, 6073 | networked multiplayer games, * only 6073 is registered as DirectPlay8, if needed also see MSN Gaming Zone | |
| MADCAP - Multicast Address Dynamic Client Allocation Protocol | 2535 | 2535 | * defined in RFC 2730 - Multicast Address Dynamic Client Allocation Protocol (MADCAP). Also used by Trojans. |
| Netrek | 2592 | network game * | |
| ShareDirect | 2705 | 2705 | peer-to-peer (P2P) filesharing. Officially registered for Sun SDS Admin. |
| URBISNET | 2745 | 2745 | * Alex Tronin reports was used for Urbis geolocation service... now not operational, but may be revived.Also used by Trojans. |
| Borland Interbase database | 3050 | 3050 | * gds_db. See CERT Advisory CA-2001-01 for potential security risk. |
| squid | 3128 | 3130 | web proxy cache. Also used by Trojans. |
| iSNS | 3205 | 3205 | * Internet Storage Name Service, see iSCSI section |
| iSCSI default port | 3260 | 3260 | * SCSI over IP, see iSCSI section |
| Windows Remote Desktop Protocol (RDP) | 3389 | * registered as ms-wbt-server. RDP 5.1 is the current version. See below for more information. Remote Desktop Web Connection also uses HTTP. | |
| NetworkLens SSL Event | 3410 | 3410 | * Also used by Trojans. |
| Virtual Places Voice Chat | 3450, 8000-9000 | voice chat, also see Virtual Places | |
| Apple iTunes music sharing (DAAP) | 3689 | 3689 | Digital Audio Access Protocol * |
| World of Warcraft | 3724 | online game * | |
| Mirabilis ICQ | dyn >=1024 | 4000 | locator, chat (note: see newer AOL ICQ) |
| Blizzard / Battle.net | 4000, 6112-6119 | 4000, 6112-6119 | network gaming - support (captured 2001-11-11), proxy and firewall info |
| Abacast | 4000-4100, 4500, 9000-9100 | peer-to-peer audio and video streaming. NOTE: This software will create OUTGOING streams to other users if it can. | |
| GlobalChat client, server | 4020 | 4020 | chat rooms, used to be called ichat |
| PGPfone | 4747 | secure phone | |
| PlayLink | 4747, 4748, 10090 | 6144 | online games |
| radmin | 4899 | 4899 | remote control * |
| Yahoo Messenger - Voice Chat | 5000-5001 | 5000-5010 | voice chat |
| GnomeMeeting | H.323 HostCall, 30000-30010 | 5000-5003, 5010-5013 | audio and videoconference. 5000-5003 is RTP and RTCP range for this app. |
| Yahoo Messenger - messages | 5050 | messaging. NOTE: It will try ports 5050, 80, any port. | |
| SIP | 5060 | 5060 | Session Initiation Protocol *. For audio and video. Currently (2003-07-05) see RFCs 3261, 3262, 3263, 3264, 3265 |
| Apple iChat AV | SIP, RTP-iChatAV | audio and video conferencing. May also need iChat local port. | |
| Yahoo Messenger - Webcams | 5100 | video | |
| AOL Instant Messenger (AIM) | 5190 | 5190 | America OnLine * Also used by Apple iChat (in AIM compatibility mode). |
| AIM Video IM | 1024-5000 ? | 1024-5000 ? | video chat. It is unclear from their FAQ whether you need to open both TCP and UDP ports. |
| AOL ICQ | 5190, dyn >=1024 | messaging | |
| AOL | 5190-5193 | 5190-5193 | America OnLine * |
| XMPP / Jabber | 5222, 5269 | 5222, 5269 | * Extensible Messaging and Presence Protocol. Also see Using Jabber behind firewalls. Defined by XMPP specs (RFCs now issued), specs created by IETF group. |
| Qnext | 5235-5237 | 5235-5237 | audio / video conference, fileshare, everything. Port 5236 is officially assigned to "padl2sim". |
| iChat local traffic | 5298 | 5298 | Some Rendezvous thing. |
| Multicast DNS | 5353 | 5353 | * Mac OS X 10.2: About Multicast DNS. Related to Zeroconf which Apple has implemented as Rendezvous. (Note: the regular Domain Name Service port is 53.) |
| Dialpad.com | 5354, 7175, 8680-8890, 9000, 9450-9460 | dyn >=1024 | telephony |
| HotLine | 5500-5503 | peer-to-peer filesharing. | |
| SGI ESP HTTP | 5554 | 5554 | * SGI Embedded Support Partner (ESP) web server. Also used by Trojans, see SGI Security Advisory 20040501-01-I. |
| InfoSeek Personal Agent | 5555 | 5555 | * I don't know if InfoSeek Personal Agent exists anymore. This port is commonly used by HP OpenView Storage Data Protector (formerly HP OmniBack). |
| pcAnywhere | 5631 | 5632 | remote control * |
| eShare Chat Server | 5760 | ||
| eShare Web Tour | 5761 | ||
| eShare Admin Server | 5764 | ||
| VNC | 5800+, 5900+ | remote control | |
| Blizzard Battle.net | 6112 | 6112 | online gaming |
| GNUtella | 6346, 6347 | 6346, 6347 | peer-to-peer file sharing * |
| Netscape Conference | H.323 HostCall, 6498, 6502 | 2327 | audioconferencing |
| Danware NetOp Remote Control | 6502 | 6502 | remote control |
| common IRC | 6665-6669 | Internet Relay Chat * | |
| Net2Phone CommCenter | selected | 6801, selected | telephony, admin should select one TCP and UDP port in the range 1-3000. Same ports are used by Yahoo Messenger - PC-to-Phone. |
| BitTorrent | 6881-6889, 6969 | distributed data download, newer versions TCP 6881-6999. Alternate FAQ link. | |
| Blizzard Downloader | World of Warcraft, Battle.net and BitTorrent | downloads patches for World of Warcraft | |
| RTP-QT4 | 6970-6999 | Realtime Transport Protocol. (These ports are specifically for the Apple QT4 version.) | |
| VDOLive | 7000 | user-specified | streaming video |
| Real Audio & Video | RTSP, 7070 | 6970-7170 | streaming audio and video |
| CU-SeeMe, Enhanced CUSM | 7648, 7649, LDAP | 7648-7652, 24032 | videoconferencing |
| common HTTP | 8000, 8001, 8080 | ||
| Apache JServ Protocol v12 (ajp12) | 8007 | 8007 | (default port) See Workers HowTo for config info. |
| Apache JServ Protocol v13 (ajp13) | 8009 | 8009 | (default port) e.g. Apache mod_jk Tomcat connector using ajp13. See Workers HowTo for config info. |
| Grouper | 8038 | 8038 | peer-to-peer (P2P) filesharing |
| PDL datastream | 9100 | 9100 | printing * PDL is Page Description Language. Used commonly by HP printers and by Apple. Also see printing section. |
| MonkeyCom | 9898 | 9898 | * video-chat, also used by Trojans |
| iVisit | 9943, 9945, 56768 | videoconferencing | |
| The Palace | 9992-9997 | 9992-9997 | chat environment * |
| common Palace | 9998 | chat environment | |
| NDMP | 10000 | 10000 | Network Data Management Protocol *. Used for storage backup. Also used by Trojans. |
| Amanda | 10080 | 10080 | backup software *. Also used by Trojans. |
| Yahoo Games | 11999 | network games | |
| Italk | 12345 | 12345 | network chat supporting multiple access methods * Appears mostly used in Japan. There are many other applications calling themselves "italk". TrendMicro OfficeScan antivirus also uses this port. Commonly used by Trojans. |
| RTP-iChatAV | 16384-16403 | Used by Apple iChat AV. | |
| RTP | 16384-32767 | Realtime Transport Protocol. RTP in general is described in RFC 3550. This range is not registered (it never could be, being so broad) but it seems to be somewhat common. See Are there specific ports assigned to RTP? | |
| Palm Computing Network Hotsync | 14237 | 14238 | data synchronization |
| Liquid Audio | 18888 | streaming audio | |
| FreeTel | 21300-21303 | audioconferencing | |
| VocalTec Internet Conference | 22555 | 22555 | audio & document conferencing * |
| Quake | 26000 | 26000 | network game * |
| MSN Gaming Zone | 28800-29100 | 28800-29100 | network gaming (zone.com, zone.msn.com), also see DirectPlay 7 and DirectPlay 8 |
| Sygate Manager | 39213 |
| Service | Ports | Notes |
|---|---|---|
| Game | 5001-5010 | |
| Login | 7775-7777 | |
| Patch | 8888 | overlaps with common HTTP port |
| UO Messenger | 8800-8900 | includes port 8866 which is also used by Trojan |
| Patch | 9999 |
| Service | TCP | UDP | Notes |
|---|---|---|---|
| Windows Messenger - voice (computer to phone) | 2001-2120, 6801, 6901 | from Q324214. NOTE: 6801 is Net2Phone. | |
| MSN Messenger - file transfers | 6891-6900 | from Q278887. Allows up to 10 simultaneous transfers. | |
| MSN Messenger - voice communications (computer to computer) | 6901 | 6901 | from Q278887 |
| Service | TCP Port | Notes |
|---|---|---|
| SMTP - Simple Mail Transfer Protocol | 25 | * As part of the anti-spam best practices, you should block this outgoing for any machine that doesn't need to send email directly. |
| SMTPs - secure SMTP | 465 | Port 465 shows up Appendix A of the 1996 non-standard standard The SSL Protocol Version 3.0 as "Simple Mail Transfer Protocol with SSL". Unfortunately, it's not registered for SMTPs, it's registered for URD - "URL Rendesvous Directory for SSM" by Cisco. The recommended approach, at least for authentication, is to use START TLS encryption on submission port 587. |
| (SMTP email) submission | 587 | * See RFC 2476 - Message Submission. |
| POP2 - Post Office Protocol 2 | 109 | * obsolete |
| POP3 - Post Office Protocol 3 | 110 | * |
| POP3s - secure POP3 | 995 | * Full description is "pop3 protocol over TLS/SSL (was spop3)". |
| IMAP3 - Interactive Mail Access Protocol v3 | 220 | * obsolete |
| IMAP4 - Internet Message Access Protocol 4 | 143 | * Also referred to by version as IMAP4. |
| IMAPs - secure IMAP | 993 | * Full description is "imap4 protocol over TLS/SSL". Use 993 instead of TCP port 585 "imap4-ssl", which is deprecated. |
| Service | TCP | UDP | Notes |
|---|---|---|---|
| QuickTime Conferencing (MovieTalk) | 458 | 458, dyn >= 7000 | videoconferencing * |
| Apple VideoPhone | MovieTalk | MovieTalk | videoconferencing * |
| Connectix VideoPhone | MovieTalk | MovieTalk, dyn >=1024, 4242 | videoconferencing |
| Netscape CoolTalk | 6499, 6500 | 13000 | videoconferencing |
