| Port | Protocol | Service | Description |
|---|---|---|---|
20 |
TCP | FTP (data) | FTP data transfer |
21 |
TCP | FTP (control) | FTP control channel |
22 |
TCP | SSH | Secure shell access and SFTP |
23 |
TCP | Telnet | Unencrypted remote terminal (legacy, insecure) |
25 |
TCP | SMTP | Mail transfer between servers |
53 |
TCP/UDP | DNS | Domain name resolution |
67/68 |
UDP | DHCP | Automatic IP assignment |
80 |
TCP | HTTP | Unencrypted web traffic |
110 |
TCP | POP3 | Mail retrieval (legacy) |
123 |
UDP | NTP | Time synchronization |
143 |
TCP | IMAP | Mail access (kept on server) |
161/162 |
UDP | SNMP | Network device monitoring |
389 |
TCP | LDAP | Directory service queries |
443 |
TCP | HTTPS | Encrypted web traffic (TLS) |
465 |
TCP | SMTPS | Encrypted SMTP (implicit TLS) |
587 |
TCP | SMTP (submission) | Client-to-server mail submission |
993 |
TCP | IMAPS | Encrypted IMAP |
995 |
TCP | POP3S | Encrypted POP3 |
1194 |
UDP | OpenVPN | VPN tunnel (default) |
1433 |
TCP | Microsoft SQL Server | MSSQL database |
1521 |
TCP | Oracle DB | Oracle database |
2049 |
TCP/UDP | NFS | Network file system |
2222 |
TCP | SSH (alt port) | Alternative SSH port, default on some providers |
3306 |
TCP | MySQL / MariaDB | Relational database |
3389 |
TCP | RDP | Windows Remote Desktop |
5432 |
TCP | PostgreSQL | Relational database |
5672 |
TCP | AMQP (RabbitMQ) | Message queue |
5900 |
TCP | VNC | Remote desktop sharing |
500/4500 |
UDP | IKEv2/IPsec | VPN key exchange and NAT-T |
6379 |
TCP | Redis | In-memory data store |
8080 |
TCP | HTTP (alt) | Alternative/proxy HTTP port |
8443 |
TCP | HTTPS (alt) | Alternative HTTPS port |
9200 |
TCP | Elasticsearch | Search/analytics engine API |
27017 |
TCP | MongoDB | Document database |
51820 |
UDP | WireGuard | VPN tunnel |
Well-known, registered, and dynamic ports
IANA divides the 16-bit port number space (0-65535) into three ranges. Well-known ports (0-1023) are reserved for foundational services like HTTP, SSH and DNS, and on Unix/Linux systems, historically, binding a socket in this range requires root/administrator privileges — a security restriction designed to stop an ordinary user process from impersonating a critical service (e.g. port 80).
Registered ports (1024-49151) are assigned by IANA to specific applications (e.g. 3306 for MySQL, 5432 for PostgreSQL), but binding a socket in this range does not require elevated privileges — an ordinary user process can listen on these ports too. Most application servers and databases live in this range.
Dynamic/ephemeral ports (49152-65535) are never permanently assigned to a service; the operating system automatically hands them out as temporary source ports for outbound connections (e.g. the local port your browser uses when connecting to a website). You almost never need to open this range manually.
This distinction also shapes how firewall rules (UFW, iptables, firewalld) should be written: the correct approach is to open inbound access one by one for the specific service ports a server actually uses (e.g. 22, 80, 443) and deny everything else by default — opening broad ranges wholesale (e.g. "allow everything from 1000-9000") unnecessarily widens the attack surface by exposing services that shouldn't be reachable (a database left running by mistake, a debug interface, etc.). There's usually no need to separately open the dynamic port range for outbound traffic, since most stateful firewall rules already allow return traffic for connections that were initiated locally.
When should you use Port Number Reference?
The KEYDAL Port Number Reference tool is a browser-based utility that developers, system administrators, SEO specialists and enterprise technology teams use in their daily operations. It requires no installation, is free, and produces results instantly. It is designed so local teams can run audits without connecting to server environments and run analyses without touching production.
Typical scenarios include: post-migration verification, comparing domain or hosting providers, diagnosing customer issues, security auditing (pre-pentest reconnaissance), root-cause analysis of email deliverability problems, validating CDN or proxy configuration, surfacing technical audit data for SEO teams, and rapid information gathering during incident response. You can copy results as text and share them or paste them into internal documentation.
The KEYDAL infrastructure team provides web hosting, VPS, dedicated server management, server hardening, DNS configuration and SSL/TLS deployment services from Türkiye. Beyond these tools, we deliver server setup and operations support across Hetzner, OVHcloud, Contabo, DigitalOcean and Turkish providers.
Your queries are never stored on our servers
KEYDAL tools run stateless: domain names, IPs, URLs or other inputs are not persisted to any database. Logs are kept only for security purposes (rate limiting, abuse detection) and deleted within 30 days. For tools that handle sensitive data (tokens, API keys, JWTs), processing happens entirely in your browser — nothing is sent over the network. See our Privacy Policy for details.
All tools run over HTTPS with TLS 1.3 support. KEYDAL is a Türkiye-based technology company and complies fully with local data-protection regulations (KVKK) and GDPR principles.
You may also be looking for
The KEYDAL free tools collection includes DNS lookup, WHOIS lookup, SSL certificate checker, HTTP headers analyzer, IP geolocation, uptime checker, JSON formatter, JWT decoder, Base64 encode/decode, QR code generator, meta tag analyzer and robots.txt tester. All browser-based, free, no installation.
If you are comparing server prices, see our web hosting, VPS, VDS, cloud hosting, dedicated server and storage pages. See all tools →