Services Hosting & Servers Tools Blog Search Company TürkçeTR
Get a Quote
Port Protocol Service Description
20 TCP FTP (data) FTP data transfer
21 TCP FTP (control) FTP control channel
22 TCP SSH Secure shell access and SFTP
23 TCP Telnet Unencrypted remote terminal (legacy, insecure)
25 TCP SMTP Mail transfer between servers
53 TCP/UDP DNS Domain name resolution
67/68 UDP DHCP Automatic IP assignment
80 TCP HTTP Unencrypted web traffic
110 TCP POP3 Mail retrieval (legacy)
123 UDP NTP Time synchronization
143 TCP IMAP Mail access (kept on server)
161/162 UDP SNMP Network device monitoring
389 TCP LDAP Directory service queries
443 TCP HTTPS Encrypted web traffic (TLS)
465 TCP SMTPS Encrypted SMTP (implicit TLS)
587 TCP SMTP (submission) Client-to-server mail submission
993 TCP IMAPS Encrypted IMAP
995 TCP POP3S Encrypted POP3
1194 UDP OpenVPN VPN tunnel (default)
1433 TCP Microsoft SQL Server MSSQL database
1521 TCP Oracle DB Oracle database
2049 TCP/UDP NFS Network file system
2222 TCP SSH (alt port) Alternative SSH port, default on some providers
3306 TCP MySQL / MariaDB Relational database
3389 TCP RDP Windows Remote Desktop
5432 TCP PostgreSQL Relational database
5672 TCP AMQP (RabbitMQ) Message queue
5900 TCP VNC Remote desktop sharing
500/4500 UDP IKEv2/IPsec VPN key exchange and NAT-T
6379 TCP Redis In-memory data store
8080 TCP HTTP (alt) Alternative/proxy HTTP port
8443 TCP HTTPS (alt) Alternative HTTPS port
9200 TCP Elasticsearch Search/analytics engine API
27017 TCP MongoDB Document database
51820 UDP WireGuard VPN tunnel

Well-known, registered, and dynamic ports

IANA divides the 16-bit port number space (0-65535) into three ranges. Well-known ports (0-1023) are reserved for foundational services like HTTP, SSH and DNS, and on Unix/Linux systems, historically, binding a socket in this range requires root/administrator privileges — a security restriction designed to stop an ordinary user process from impersonating a critical service (e.g. port 80).

Registered ports (1024-49151) are assigned by IANA to specific applications (e.g. 3306 for MySQL, 5432 for PostgreSQL), but binding a socket in this range does not require elevated privileges — an ordinary user process can listen on these ports too. Most application servers and databases live in this range.

Dynamic/ephemeral ports (49152-65535) are never permanently assigned to a service; the operating system automatically hands them out as temporary source ports for outbound connections (e.g. the local port your browser uses when connecting to a website). You almost never need to open this range manually.

This distinction also shapes how firewall rules (UFW, iptables, firewalld) should be written: the correct approach is to open inbound access one by one for the specific service ports a server actually uses (e.g. 22, 80, 443) and deny everything else by default — opening broad ranges wholesale (e.g. "allow everything from 1000-9000") unnecessarily widens the attack surface by exposing services that shouldn't be reachable (a database left running by mistake, a debug interface, etc.). There's usually no need to separately open the dynamic port range for outbound traffic, since most stateful firewall rules already allow return traffic for connections that were initiated locally.

When should you use Port Number Reference?

The KEYDAL Port Number Reference tool is a browser-based utility that developers, system administrators, SEO specialists and enterprise technology teams use in their daily operations. It requires no installation, is free, and produces results instantly. It is designed so local teams can run audits without connecting to server environments and run analyses without touching production.

Typical scenarios include: post-migration verification, comparing domain or hosting providers, diagnosing customer issues, security auditing (pre-pentest reconnaissance), root-cause analysis of email deliverability problems, validating CDN or proxy configuration, surfacing technical audit data for SEO teams, and rapid information gathering during incident response. You can copy results as text and share them or paste them into internal documentation.

The KEYDAL infrastructure team provides web hosting, VPS, dedicated server management, server hardening, DNS configuration and SSL/TLS deployment services from Türkiye. Beyond these tools, we deliver server setup and operations support across Hetzner, OVHcloud, Contabo, DigitalOcean and Turkish providers.

Your queries are never stored on our servers

KEYDAL tools run stateless: domain names, IPs, URLs or other inputs are not persisted to any database. Logs are kept only for security purposes (rate limiting, abuse detection) and deleted within 30 days. For tools that handle sensitive data (tokens, API keys, JWTs), processing happens entirely in your browser — nothing is sent over the network. See our Privacy Policy for details.

All tools run over HTTPS with TLS 1.3 support. KEYDAL is a Türkiye-based technology company and complies fully with local data-protection regulations (KVKK) and GDPR principles.

You may also be looking for

The KEYDAL free tools collection includes DNS lookup, WHOIS lookup, SSL certificate checker, HTTP headers analyzer, IP geolocation, uptime checker, JSON formatter, JWT decoder, Base64 encode/decode, QR code generator, meta tag analyzer and robots.txt tester. All browser-based, free, no installation.

If you are comparing server prices, see our web hosting, VPS, VDS, cloud hosting, dedicated server and storage pages. See all tools →

WhatsApp