Curated. ~150 ports. Filterable. Security notes included.

Common TCP & UDP Port Reference

Quick searchable reference for the ~150 TCP and UDP ports working IT pros actually encounter — with the service name, what it’s used for, and a security note for each. Better than memorization, faster than IANA. Built by Datastrive, a Chicago managed IT and cybersecurity provider.

  • Search by port or service
  • Filter by category
  • Security notes from real-world use
Port Protocol Service Security

How port numbers actually work

Ports are 16-bit numbers (0–65535) that let a computer route incoming and outgoing network traffic to the right application. The IANA divides them into three ranges with different rules.

  1. Well-known ports (0–1023) Reserved for system services. On Linux/macOS, only the root user can bind to these ports. HTTP (80), HTTPS (443), SSH (22), DNS (53), and SMTP (25) all live here. If a service is going to be public-facing on a standard port, it’s almost always in this range.
  2. Registered ports (1024–49151) Vendor-claimed but available to user-space processes. Most application services run here: PostgreSQL (5432), MySQL (3306), Microsoft SQL (1433), Redis (6379). IANA maintains a registry, but enforcement is honor-based — nothing stops you from running anything on any registered port.
  3. Dynamic / ephemeral ports (49152–65535) Assigned automatically by the OS for outgoing connections. When your browser connects to example.com:443, your end of the connection uses an ephemeral port. Different OSes use slightly different ranges — Linux defaults to 32768–60999, Windows uses 49152–65535.
  4. TCP vs UDP — same number, different protocol Port 53 TCP and port 53 UDP are different sockets. DNS uses both: UDP for normal queries (small, fast), TCP when responses are too large or for zone transfers. Some services use only one protocol; some use both. The table above marks each accordingly.
  5. Standard ports are conventions, not requirements You can run SSH on port 2222 or HTTPS on 8443 if you want — the protocol doesn’t care about the port number. Moving services to non-standard ports doesn’t add real security against targeted attacks (port scanners find them in seconds), but it does cut down on noise from automated brute-force attempts. The right call depends on who you’re defending against.
  6. If a port shows up in nmap that you don’t recognize, look it up Reference pages like this one are the first stop. If the port isn’t well-known, search the IANA registry. If it’s a high-numbered port with no obvious owner, check what process is listening (netstat -tulpn on Linux, Get-NetTCPConnection on Windows). Unidentified open ports on a server are how breaches start.

Frequently asked questions

How do I see what ports are open on my computer?

Linux / macOS: sudo netstat -tulpn shows all listening TCP/UDP ports plus the process name. Modern systems prefer ss -tulpn (same output, faster).

Windows: netstat -anob in an elevated Command Prompt or PowerShell. Or Get-NetTCPConnection for a friendlier PowerShell output.

From outside the machine: nmap -sT -p- <hostname> for TCP, nmap -sU -p- <hostname> for UDP. UDP scans are slow because UDP is connectionless — nmap has to wait for timeouts to determine if a port is closed.

What’s the difference between a port being open, closed, and filtered?

Open: a service is actively listening and responds to connection attempts. This is the only state where you can actually talk to a service.

Closed: nothing is listening, but the OS responds to say so. Closed ports are still reachable — the network path works, there’s just no service. Useful for confirming a host is alive.

Filtered: a firewall is dropping the packets without response. The scanner can’t tell whether the port is open or closed. Most security-conscious public servers should have most ports filtered, with only the intended services responding as open.

Should I change SSH from port 22 to a non-standard port?

It’s a small win, not a real defense. Moving SSH off port 22 cuts down on the constant brute-force noise from botnets that only scan well-known ports. It does nothing against a targeted attacker — nmap finds your custom port in seconds.

The actual SSH security wins are: disable password auth (key-only login), disable root login, use fail2ban or similar to block IPs that fail auth, restrict SSH to specific source IPs at the firewall level, and keep OpenSSH up to date. Port obscurity is the smallest of these.

Why is port 25 (SMTP) blocked on most residential ISPs?

Spam mitigation. Compromised home computers were historically a major source of spam, sending email directly via port 25. Most residential ISPs now block outbound traffic to port 25 entirely — if you want to send email from a home connection, you have to relay through your ISP’s SMTP server or use port 587 (submission) with authentication.

This is also why running your own mail server from a home IP is impractical: even if your ISP allows outbound 25, most receiving mail servers will block residential IP ranges due to spam reputation.

What ports should be open on my company firewall?

For most office networks, outbound is fairly permissive: 80, 443 (web), 53 (DNS), 587 / 465 (SMTP submission), 993 / 995 (IMAPS / POP3S), maybe 22 (SSH for remote work) and 5060 / 5061 (SIP for VoIP). Block obviously high-risk outbound: 23 (Telnet), 25 (SMTP — usually only allowed to your mail server), 1433 (SQL Server, never to internet), 3389 (RDP, never to internet), 5900 (VNC).

For inbound from the internet, almost nothing should be open by default. If you’re hosting services, expose only those. Anything else — especially RDP, SMB, database ports, and management interfaces — should be locked behind a VPN. Public RDP and public SMB are how ransomware gets in.

Is this list complete?

No, intentionally. The IANA registry has 49,000+ port entries; most are useless trivia. This list covers the ~150 ports that working IT, security, and devops people actually encounter on real networks — web, email, file sharing, remote access, directory services, databases, VoIP, VPNs, network management, common games, IoT/industrial protocols, and legacy services.

If you need an exhaustive lookup, use the IANA registry directly. If you want to know what’s running on a specific port on a host, use nmap.

Need help locking down what’s open?

Datastrive helps Chicago-area businesses audit firewalls, harden network exposure, and respond to vulnerability scan findings. If “what should be open?” is a question that matters this quarter, that’s our job.

Talk to Datastrive →