## Common Ports Table | **Port** | **Abbreviation** | **Service** | **TCP/UDP** | | :---------------: | :--------------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :------------: | | 20<br>21<br>990 | FTP<br>FTPS | **File Transfer Protocol**<br>FTP - 20 - Data Transfer<br>FTP - 21 - Command/Control `1`<br>FTPS - 990 - FTP over SSL/TLS | TCP | | 22 | SSH<br>SFTP | **Secure Shell Protocol** <br>**SSH File Transfer Protocol**<br>22 - Secure Remote Login and C2<br>22 - Secure File Transfer over SSH | TCP | | 23 | Telnet | **Teletype Network**<br>(Remote Login) | TCP | | 25<br>465<br>587 | SMTP<br>SMTPS | **Simple Mail Transfer Protocol**<br>(Email Sending)<br>25 - Legacy (Outdated)<br>465 - SMTPS over SSL/TLS (Mostly Outdated)<br>587 - SMTP over STARTTLS (Modern) | TCP | | 53 | [[DNS]] | **Domain Name System**<br>(Domain Name Resolution) `2`<br>53/UDP - Standard Queries (Default)<br>53/TCP - Fallback, Zone Transfers or UDP Packet too big | UDP/TCP | | 67<br>68 | DHCP | **Dynamic Host Configuration Protocol**<br>(IP Assignment)<br>67 - Server (DHCP server listens) <br>68 - Client (DHCP client listens) | UDP | | 80<br>443 | HTTP<br>HTTPS | **Hypertext Transfer Protocol (Secure)**<br>(Web Browsing)<br>80 - HTTP<br>443 - HTTP over SSL/TLS | TCP | | 88 | [[Kerberos]] | **Kerberos Authentication Protocol**<br>(Ticket-based Authentication in AD)<br>88/UDP - Initial Requests to KDC `3`<br>88/TCP - Authentication Traffic | UDP/TCP<br> | | 110<br>995 | POP3 | **Post Office Protocol**<br>(Email Receiving)<br>110 - POP3 (Outdated)<br>995 - POP3 over SSL/TLS | TCP | | 123 | NTP | **Network Time Protocol**<br>(Time Sync) | UDP | | 137<br>138<br>139 | NetBIOS | **Network Basic Input/Output System**<br>137 - UDP/TCP - `NBName`<br>(Name Resolution Service)<br><br>138 - UDP - `NBDatagram`<br>(Datagram/Communication Service)<br><br>139 - TCP - `NBSession` `4`<br>(Session Management Service) | UDP/TCP | | 139<br>445 | SMB | **Server Message Block**<br>(File and Printer Sharing)<br>139 - Legacy SMB over NetBIOS (`NBSession`)<br>445 - SMB over TCP/IP (Modern) `4` | TCP | | 143<br>993 | IMAP<br>IMAPS | **Internet Message Access Protocol (Secure)**<br>(Manage Emails on Mail Server)<br>143 - IMAP (Outdated)<br>993 - IMAP over SSL/TLS (Modern) | TCP | | 161<br>162 | SNMP | **Simple Network Management Protocol**<br>(Network Monitoring/Management)<br>161 - SNMP Agent listens for queries (GET/SET)<br>162 - SNMP Manager listens for traps/alerts | UDP | | 389<br>636 | LDAP<br>LDAPS | **Lightweight Directory Access Protocol**<br>(Directory Auth and services)<br>389 - Standard LDAP (Unencrypted) <br>636 - LDAPS over SSL/TLS(Modern) `5` | TCP/UDP<br>`6` | | 500<br>4500 | IKE<br>IPsec | **Internet Key Exchange/IPsec VPN**<br>(Secure VPN tunnelling and key exchange)<br>500/UDP - IKE <br>4500/UDP - NAT traversal `7` | UDP | | 1433<br>1434 | MSSQL | **Microsoft SQL Server Database**<br>1433/TCP - SQL DB connections <br>1434/UDP - SQL Browser (instance discovery) | TCP/UDP | | 3389 | RDP | **Remote Desktop Protocol**<br>(Remote Desktop)<br>3389/TCP - Primary Session Control<br>3389/UDP - Optimised Data/Graphics | TCP/UDP | ### Footnotes `1` - "Implicit FTPS" is where encryption is required immediately on port 990, and connection is dropped if TLS isn’t negotiated. "Explicit FTPS" is where a connection can start on port 21 and then upgraded to TLS via the `AUTH TLS` command. Explicit FTPS is often preferred in modern deployments. `2` - DNS uses UDP by the default, and will fall back to using TCP when it is unable to communicate on UDP, normally when the packet size is too big to push through in a single UDP packet. TCP is also used for queries like zone transfers. `3` - For [[Kerberos]], UDP is used by default however, TCP is utilised if the packet is too large and is common for traffic source from a VPN connection. `4` - Supports SMB connections for older devices that don't support SMB over port 445, i.e. port 139 is the legacy port. `5` - Port 636 is LDAPS however, some modern enterprise deployments often prefer standard LDAP on port 389 + STARTTLS over LDAPS on port 636. `6` - In Connectionless Lightweight Directory Access Protocol (CLDAP), UDP is used for AD DC locator requests. `7` - IKE on port 500 is used for the initial handshake and key exchange to establish the VPN tunnel, whereas IPsec on port 4500 encapsulates IPsec traffic inside UDP packets (NAT-T) so the VPN can function properly across NAT devices and firewalls.