// ports
Common TCP/UDP Ports Cheatsheet
The ports network engineers, NOC analysts and security teams actually see in tickets — with operational notes, not just IANA assignments.
Updated
Port reference
| Port | Proto | Service | Notes |
|---|---|---|---|
| 20/21 | TCP | FTP | Data / control. Cleartext — avoid. |
| 22 | TCP | SSH / SFTP | Remote shell, secure file transfer. |
| 23 | TCP | Telnet | Cleartext — disable wherever found. |
| 25 | TCP | SMTP | Server-to-server mail relay. |
| 53 | TCP/UDP | DNS | UDP for queries, TCP for AXFR / large responses. |
| 67/68 | UDP | DHCP | 67 server, 68 client. |
| 69 | UDP | TFTP | Often used for switch/router image transfer. |
| 80 | TCP | HTTP | Plain web — should redirect to 443. |
| 110 | TCP | POP3 | Legacy mail retrieval. |
| 123 | UDP | NTP | Time sync. Critical for auth/logs. |
| 135 | TCP | MS RPC | Windows endpoint mapper. |
| 137-139 | TCP/UDP | NetBIOS | Legacy SMB. Block at perimeter. |
| 143 | TCP | IMAP | Mail retrieval (cleartext). |
| 161/162 | UDP | SNMP | 161 polling, 162 traps. Use v3. |
| 179 | TCP | BGP | Border Gateway Protocol peering. |
| 389 | TCP/UDP | LDAP | Directory services (cleartext). |
| 443 | TCP | HTTPS | TLS web. Most common open port today. |
| 445 | TCP | SMB | Windows file sharing. Patch & restrict. |
| 465 | TCP | SMTPS | SMTP over implicit TLS (legacy). |
| 514 | UDP | Syslog | Log shipping to collector. |
| 587 | TCP | SMTP submission | Authenticated mail submission with STARTTLS. |
| 636 | TCP | LDAPS | LDAP over TLS. |
| 993 | TCP | IMAPS | IMAP over TLS. |
| 995 | TCP | POP3S | POP3 over TLS. |
| 1194 | UDP | OpenVPN | Default OpenVPN port. |
| 1433 | TCP | MSSQL | Microsoft SQL Server. |
| 1521 | TCP | Oracle DB | Oracle TNS listener. |
| 1723 | TCP | PPTP | Legacy VPN. Insecure. |
| 2049 | TCP/UDP | NFS | Network File System. |
| 3306 | TCP | MySQL | MySQL / MariaDB. |
| 3389 | TCP | RDP | Windows remote desktop. Never expose to internet. |
| 4500 | UDP | IPsec NAT-T | IKE traversal through NAT. |
| 5060/5061 | TCP/UDP | SIP / SIPS | VoIP signaling. |
| 5432 | TCP | PostgreSQL | Postgres database. |
| 5900 | TCP | VNC | Remote desktop. Tunnel over SSH. |
| 6379 | TCP | Redis | Default cleartext. Bind to localhost. |
| 8080 | TCP | HTTP-alt | Common dev/proxy port. |
| 8443 | TCP | HTTPS-alt | Common admin UI port. |
| 27017 | TCP | MongoDB | Default cleartext. Authenticate. |
FAQ
- Which ports should never be exposed to the public internet?
- RDP (3389), SMB (445), Telnet (23), database ports (1433, 3306, 5432, 27017, 6379), and SNMP (161). Put them behind a VPN or zero-trust proxy.
- What's the difference between port 25, 465 and 587 for SMTP?
- 25 is server-to-server relay, 465 is legacy implicit-TLS submission, 587 is the modern submission port using STARTTLS with authentication. Use 587 for clients.
- Why does DNS use both TCP and UDP?
- UDP is used for normal queries (small, fast). TCP is used for zone transfers (AXFR/IXFR) and any response larger than 512 bytes (or 4096 with EDNS).