Common Port Numbers Every Admin Should Know

Web and Proxy Ports

Web traffic uses a handful of well-known ports that every administrator must know:

Port 80 (TCP) — HTTP: unencrypted web traffic. Still used for initial redirects to HTTPS and for health checks behind load balancers.
Port 443 (TCP) — HTTPS: TLS-encrypted web traffic. The most important port on the modern internet. Also used for HTTP/3 over QUIC (UDP 443).
Port 8080 (TCP) — alternative HTTP; commonly used by development servers, proxies, and Tomcat. Often used to avoid needing root privileges to bind port 80.
Port 8443 (TCP) — alternative HTTPS; used for secondary HTTPS services or development.
Port 3128 (TCP) — Squid proxy default port; used in enterprise environments for caching and content filtering.

Use our port checker to verify whether your web server's ports are accessible from the internet, and our HTTP headers tool to inspect the response headers your server returns.

Email Ports

Email protocols use multiple ports depending on the function (sending vs receiving) and whether encryption is used:

Port 25 (TCP) — SMTP: server-to-server email transmission. Residential ISPs typically block outbound port 25 to prevent spam. You should not be sending client mail directly to port 25.
Port 587 (TCP) — SMTP submission: the correct port for email clients to submit outgoing mail to their mail server (with TLS via STARTTLS). Always prefer port 587 over 25 for outgoing mail from clients.
Port 465 (TCP) — SMTPS: SMTP with implicit TLS (deprecated in favor of 587, but still widely used).
Port 110 (TCP) — POP3: downloading email from server to client (deletes from server by default). Mostly superseded by IMAP.
Port 995 (TCP) — POP3S: POP3 over TLS.
Port 143 (TCP) — IMAP: email access that leaves mail on server, enabling multi-device sync.
Port 993 (TCP) — IMAPS: IMAP over TLS. Always use 993 instead of 143 for encrypted connections.

Remote Access and File Transfer Ports

System administrators rely heavily on remote access protocols:

Port 22 (TCP) — SSH: encrypted remote shell access, also used for SFTP and SCP file transfers. The most critical service port to protect — use key-based authentication and consider moving to a non-standard port to reduce brute-force noise.
Port 3389 (TCP/UDP) — RDP (Remote Desktop Protocol): Windows remote desktop. Heavily targeted by automated attacks and ransomware. Never expose RDP directly to the internet without a VPN or IP allowlist.
Port 5900 (TCP) — VNC (Virtual Network Computing): screen sharing. Like RDP, should never be exposed directly to the internet without additional protection.
Port 21 (TCP) — FTP control channel. Unencrypted; use SFTP (over SSH port 22) or FTPS instead.
Port 20 (TCP) — FTP data channel (active mode). Passive mode FTP uses dynamic high ports instead.
Port 445 (TCP) — SMB (Server Message Block): Windows file sharing. Famously exploited by EternalBlue/WannaCry. Never expose to the internet.
Port 139 (TCP) — NetBIOS session service: legacy Windows file sharing. Keep blocked.

Database and Infrastructure Ports

Database ports are common attack targets and should never be directly exposed to the internet:

Port 3306 (TCP) — MySQL / MariaDB. Bind to 127.0.0.1 only unless replication requires remote access, in which case firewall to specific IPs.
Port 5432 (TCP) — PostgreSQL. Same guidance as MySQL — localhost only by default.
Port 1433 (TCP) — Microsoft SQL Server. Frequently targeted by automated scanners; restrict with firewall rules rigorously.
Port 27017 (TCP) — MongoDB. Notoriously left exposed by misconfigured deployments; ensure authentication is enabled and bind to localhost.
Port 6379 (TCP) — Redis. Defaults to no authentication and arbitrary command execution if reachable; bind to 127.0.0.1 always.
Port 9200 (TCP) — Elasticsearch HTTP API. Thousands of instances have been compromised due to internet exposure; never expose publicly.
Port 53 (TCP/UDP) — DNS. UDP for queries, TCP for zone transfers and large responses. Open DNS resolvers (port 53 accessible from anywhere) are abused for amplification DDoS attacks.

Network Services and Security-Related Ports

Essential infrastructure ports used for network operation and monitoring:

Port 67/68 (UDP) — DHCP: server (67) and client (68) for automatic IP assignment. Local network only.
Port 123 (UDP) — NTP (Network Time Protocol): time synchronization. Required for certificate validation and log consistency.
Port 161/162 (UDP) — SNMP: network device monitoring. Port 161 for queries, 162 for traps. Use SNMPv3 with authentication; v1/v2c use community strings which are effectively passwords in cleartext.
Port 514 (UDP) — Syslog: log forwarding. No authentication or encryption; use on isolated management networks only, or TLS syslog on port 6514.
Port 1194 (UDP) — OpenVPN default port.
Port 51820 (UDP) — WireGuard default port.
Port 500/4500 (UDP) — IKEv2/IPsec VPN.
Port 179 (TCP) — BGP (Border Gateway Protocol): internet routing protocol used between AS (Autonomous Systems).

Use our port checker to test any of these ports on your external IP, and run a reverse IP lookup to see what services are associated with your address.

🛡️

Test Any Port in Seconds

Our port checker instantly shows whether any port on your IP is open, closed, or filtered

Hide My IP Now

Frequently Asked Questions

What are the most dangerous ports to leave open?

The highest-risk ports to expose to the internet are: RDP (3389) — targeted constantly by ransomware; SMB (445) — exploited by EternalBlue and similar; Telnet (23) — completely unencrypted; database ports (3306, 5432, 27017, 6379) — often misconfigured with no authentication; and any custom application port running without authentication. Never expose these without IP allowlisting.

How do I see which ports are open on my computer?

Use <code>netstat -an</code> on Windows, Mac, or Linux to list all listening and connected ports. On Linux, <code>ss -tlnp</code> gives more detail including which process owns each port. Use <code>nmap -sS 127.0.0.1</code> (requires root) for a scanner-style view. For external visibility, use our <a href="/port-checker">port checker</a> to see what's reachable from the internet.

Can I run a service on any port number?

Yes, with some restrictions. Ports below 1024 require root/administrator privileges on Unix-like systems. Any user process can bind to ports 1024–65535. Port numbers are just identifiers — the underlying protocol is determined by the software, not the port. However, deviating from standard ports (e.g., running SSH on port 2222) means clients must explicitly specify the port.

What is a privileged port?

On Unix/Linux systems, ports 0–1023 are 'privileged' (also called 'well-known') ports that require root privileges to bind to. This prevents unprivileged users from impersonating standard system services like HTTP (80) or SSH (22). On Windows, this restriction is less strictly enforced. Modern systems often use capabilities or socket activation (systemd) to allow services to bind privileged ports without running as root.

📖 What Are Network Ports? Port Numbers Explained 📖 How to Check Open Ports on Your Network 📖 What Is UPnP? Universal Plug and Play Explained