0% found this document useful (0 votes)
84 views16 pages

Any Port in A Datastorm

Uploaded by

Lành Ngô Văn
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
84 views16 pages

Any Port in A Datastorm

Uploaded by

Lành Ngô Văn
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Any Port in a Datastorm

It seems like every day there is a new Internet service that uses some new set of poorly-
documented, unregistered ports. I created this page to gather together all the information I could
find about the ports used by these new services, for use by firewall administrators and other
network monitors.

 "dyn" in the ports field denotes dynamically allocated port(s), usually in the range
>=1024 <=65535
 A name in the ports field (e.g. LDAP) indicates that service is also required
 A plus sign + in the ports field indicates the service may use a series of ports starting at
the specified one
 An asterisk * in the Notes field indicates that the ports are IANA registered

When a specific port is registered it is usually assigned for both TCP and UDP even though only
one or the other may be required. Where possible I have only shown the required ones.

This is not intended to list old, well-documented services such as telnet, FTP etc. You can find
these in the IANA list.

You may contact me by email with any suggestions or corrections, or post a message to the
TCP/IP Ports discussion.

Ports for Internet Services


Service TCP UDP Notes
SSH 22 Secure Shell *
HyperText Transfer Protocol * (e.g. for web
HTTP 80 browsing). Currently (2003-07-05) HTTP/1.1 is
officially described in RFC 2616.
* An interesting story. The name attached to this
port in the IANA list, Earl Killian, says he
shouldn't be. He says "I don't know what 81 is,
HOSTS2 Name or whether it is still in use." Since Mr. Killian
81 81
Server doesn't know what HOSTS2 is/was, and with
Postel gone, I wonder if there's anyone left in the
world who knows what 81 was/is for and who
actually requested it.
XFER Utility 82 82 * Another interesting story. The name attached
to this port in the IANA list, Thomas M. Smith
of Lockheed Martin, says Sorry... there is no
publicly available information regarding the
details of the XFER Utility and its use of tcp and
udp port # 82. XFER employs a proprietary
protocol which has not been disclosed.
* registered as "epmap - DCE endpoint
RPC Endpoint
135 135 resolution". Used by Microsoft for RPC locator
Mapper
service. See additional information.
LDAP 389 389 Lightweight Directory Access Protocol *
LDAP or ULP,
dyn >=1024,
dyn
MS NetMeeting 1503, H.323 videoconferencing
>=1024
HostCall, MS
ICCP
407, 1417-
Timbuktu 407 remote control *
1420
Service Location Protocol * Used by MacOS
SLP 427 427
and NetWare.
HTTPs 443 secure HTTP (SSL) *
printing * LPD stands for Line Printer Daemon.
LPD / printer 515 515
Also see printing section.
ULP 522 522 User Location Protocol (Microsoft) *
AppleTalk Filing
548 548 *
Protocol (AFP)
QuickTime 4 RTSP RTP-QT4 streaming audio, video *
Real Time Streaming Protocol *. Currently
RTSP 554
(2003-07-05) described in RFC 2326.
NNTPs 563 secure NNTP news (SSL) *
print remotely to any IPP enabled printer
Internet Printing through the Internet * The Common Unix
631 631
Protocol (IPP) Printing System (CUPS) is based on IPP. Also
see printing section.
LDAPs 636 636 secure LDAP * (LDAP protocol over TLS/SSL)
Doom 666 666 network game *
Remotely Possible
799 remote control. CA ControlIT support.
(ControlIT)
VMware Virtual remote control and viewing of virtual machines.
902
Machine Console vmware-authd.
SOCKS 1080 internet proxy *. Also used by Trojans.
OpenVPN 1194 1194 *
Kazaa 1214 1214 peer-to-peer file sharing *
peer-to-peer. Also see InfoAnarchy WASTE
WASTE 1337 1337 FAQ. This port is officially registered for Men
and Mice DNS (QuickDNS Remote).
Lotus Notes
1352 *
Domino
VocalTec Internet 1490, 6670,
22555 videoconferencing *
Phone 25793
1494, dyn 1604, dyn
Citrix ICA remote application access *
>=1023 >=1023
Virtual Places 1533 conferencing *, also see VP voice
Xing StreamWorks 1558 streaming video *
Novell GroupWise group collaboration * NOTE: Other features of
1677 1677
(Remote Client) GroupWise use many other ports.
H.323 Host Call 1720 1720 H.323 host call *
virtual private network (VPN) * Note PPTP also
uses the GRE protocol. However Microsoft says
in Understanding PPTP: "PPTP can be used with
PPTP 1723
most firewalls and routers by enabling traffic
destined for port 1723 to be routed through the
firewall or router."
MS ICCP 1731 1731 audio call control (Microsoft) *
1755, dyn
MS NetShow 1755 >=1024 streaming video *
<=5000
instant messenging *. NOTE: For detailed info
on ports for file transfers, voice and video, see
MSN Messenger 1863
the Windows and MSN Messenger section
below.
Netopia netOctopus 1917, 1921 1917 network management *
Big Brother 1984 1984 network monitoring *
videoconferencing. NOTE: security risk on TCP
ICU II 2000-2003
port 50000
videoconferencing. Note: support docs are
iSpQ 2000-2003
inconsistent on what ports are required
glimpseserver 2001 search engine
Distributed.Net
2064 distributed computation
RC5/DES
2234,
SoulSeek 2234, 5534 file sharing
5534
Microsoft DirectX networked multiplayer games, * only 47624 is
2300-2400,
gaming (DirectPlay) 2300-2400 registered as "Direct Play Server", if needed also
47624
7 see MSN Gaming Zone
Microsoft DirectX 2302- networked multiplayer games, * only 6073 is
gaming (DirectPlay) 2400, registered as DirectPlay8, if needed also see
8 6073 MSN Gaming Zone
MADCAP -
* defined in RFC 2730 - Multicast Address
Multicast Address
2535 2535 Dynamic Client Allocation Protocol
Dynamic Client
(MADCAP). Also used by Trojans.
Allocation Protocol
Netrek 2592 network game *
ShareDirect 2705 2705 peer-to-peer (P2P) filesharing. Officially
registered for Sun SDS Admin.
* Alex Tronin reports was used for Urbis
URBISNET 2745 2745 geolocation service... now not operational, but
may be revived. Also used by Trojans.
Borland Interbase * gds_db. See CERT Advisory CA-2001-01 for
3050 3050
database potential security risk.
squid 3128 3130 web proxy cache. Also used by Trojans.
* Internet Storage Name Service, see iSCSI
iSNS 3205 3205
section
iSCSI default port 3260 3260 * SCSI over IP, see iSCSI section
* registered as ms-wbt-server. RDP 5.1 is the
Windows Remote
current version. See below for more information.
Desktop Protocol 3389
Remote Desktop Web Connection also uses
(RDP)
HTTP.
NetworkLens SSL
3410 3410 * Also used by Trojans.
Event
Virtual Places Voice 3450, 8000-
voice chat, also see Virtual Places
Chat 9000
Apple iTunes music
3689 3689 Digital Audio Access Protocol *
sharing (DAAP)
World of Warcraft 3724 online game *
Mirabilis ICQ dyn >=1024 4000 locator, chat (note: see newer AOL ICQ)
4000, 6112- 4000, network gaming - support (captured 2001-11-
Blizzard / Battle.net
6119 6112-6119 11), proxy and firewall info
4000-4100, peer-to-peer audio and video streaming. NOTE:
Abacast 4500, 9000- This software will create OUTGOING streams
9100 to other users if it can.
GlobalChat client,
4020 4020 chat rooms, used to be called ichat
server
PGPfone 4747 secure phone
4747, 4748,
PlayLink 6144 online games
10090
radmin 4899 4899 remote control *
Yahoo Messenger -
5000-5001 5000-5010 voice chat
Voice Chat
H.323 5000-
audio and videoconference. 5000-5003 is RTP
GnomeMeeting HostCall, 5003,
and RTCP range for this app.
30000-30010 5010-5013
Yahoo Messenger - messaging. NOTE: It will try ports 5050, 80, any
5050
messages port.
Session Initiation Protocol *. For audio and
SIP 5060 5060 video. Currently (2003-07-05) see RFCs 3261,
3262, 3263, 3264, 3265
Apple iChat AV SIP, RTP- audio and video conferencing. May also need
iChatAV iChat local port.
Yahoo Messenger -
5100 video
Webcams
AOL Instant America OnLine * Also used by Apple iChat (in
5190 5190
Messenger (AIM) AIM compatibility mode).
1024-5000 video chat. It is unclear from their FAQ whether
AIM Video IM 1024-5000 ?
? you need to open both TCP and UDP ports.
5190, dyn
AOL ICQ messaging
>=1024
AOL 5190-5193 5190-5193 America OnLine *
* Extensible Messaging and Presence Protocol.
5222, Also see Using Jabber behind firewalls. Defined
XMPP / Jabber 5222, 5269
5269 by XMPP specs (RFCs now issued), specs
created by IETF group.
audio / video conference, fileshare, everything.
Qnext 5235-5237 5235-5237
Port 5236 is officially assigned to "padl2sim".
iChat local traffic 5298 5298 Some Rendezvous thing.
* Mac OS X 10.2: About Multicast DNS.
Related to Zeroconf which Apple has
Multicast DNS 5353 5353
implemented as Rendezvous. (Note: the regular
Domain Name Service port is 53.)
5354, 7175,
8680-8890, dyn
Dialpad.com telephony
9000, 9450- >=1024
9460
HotLine 5500-5503 peer-to-peer filesharing.
* SGI Embedded Support Partner (ESP) web
SGI ESP HTTP 5554 5554 server. Also used by Trojans, see SGI Security
Advisory 20040501-01-I.
* I don't know if InfoSeek Personal Agent exists
InfoSeek Personal anymore. This port is commonly used by HP
5555 5555
Agent OpenView Storage Data Protector (formerly HP
OmniBack).
pcAnywhere 5631 5632 remote control *
eShare Chat Server 5760
eShare Web Tour 5761
eShare Admin
5764
Server
VNC 5800+, 5900+ remote control
Blizzard Battle.net 6112 6112 online gaming
6346,
GNUtella 6346, 6347 peer-to-peer file sharing *
6347
Netscape H.323 2327 audioconferencing
Conference HostCall,
6498, 6502
Danware NetOp
6502 6502 remote control
Remote Control
common IRC 6665-6669 Internet Relay Chat *
telephony, admin should select one TCP and
Net2Phone 6801,
selected UDP port in the range 1-3000. Same ports are
CommCenter selected
used by Yahoo Messenger - PC-to-Phone.
6881-6889, distributed data download, newer versions TCP
BitTorrent
6969 6881-6999. Alternate FAQ link.
World of
Blizzard Warcraft,
downloads patches for World of Warcraft
Downloader Battle.net and
BitTorrent
Realtime Transport Protocol. (These ports are
RTP-QT4 6970-6999
specifically for the Apple QT4 version.)
user-
VDOLive 7000 streaming video
specified
Real Audio & Video RTSP, 7070 6970-7170 streaming audio and video
7648-
CU-SeeMe, 7648, 7649,
7652, videoconferencing
Enhanced CUSM LDAP
24032
8000, 8001,
common HTTP
8080
Apache JServ (default port) See Workers HowTo for config
8007 8007
Protocol v12 (ajp12) info.
(default port) e.g. Apache mod_jk Tomcat
Apache JServ
8009 8009 connector using ajp13. See Workers HowTo for
Protocol v13 (ajp13)
config info.
Grouper 8038 8038 peer-to-peer (P2P) filesharing
printing * PDL is Page Description Language.
PDL datastream 9100 9100 Used commonly by HP printers and by Apple.
Also see printing section.
MonkeyCom 9898 9898 * video-chat, also used by Trojans
9943,
iVisit 9945, videoconferencing
56768
The Palace 9992-9997 9992-9997 chat environment *
common Palace 9998 chat environment
Network Data Management Protocol *. Used for
NDMP 10000 10000
storage backup. Also used by Trojans.
Amanda 10080 10080 backup software *. Also used by Trojans.
Yahoo Games 11999 network games
Italk 12345 12345 network chat supporting multiple access
methods * Appears mostly used in Japan. There
are many other applications calling themselves
"italk". TrendMicro OfficeScan antivirus also
uses this port. Commonly used by Trojans.
16384-
RTP-iChatAV Used by Apple iChat AV.
16403
Realtime Transport Protocol. RTP in general is
described in RFC 3550. This range is not
16384-
RTP registered (it never could be, being so broad) but
32767
it seems to be somewhat common. See Are there
specific ports assigned to RTP?
Palm Computing
14237 14238 data synchronization
Network Hotsync
Liquid Audio 18888 streaming audio
21300-
FreeTel audioconferencing
21303
VocalTec Internet
22555 22555 audio & document conferencing *
Conference
Quake 26000 26000 network game *
28800- network gaming (zone.com, zone.msn.com),
MSN Gaming Zone 28800-29100
29100 also see DirectPlay 7 and DirectPlay 8
Sygate Manager 39213

iSCSI
iSCSI is specified in RFC 3720 - Internet Small Computer Systems Interface.

The well-known user TCP port number for iSCSI connections assigned by IANA is 3260 and
this is the default iSCSI port. Implementations needing a system TCP port number may use port
860, the port assigned by IANA as the iSCSI system port; however in order to use port 860, it
MUST be explicitly specified - implementations MUST NOT default to use of port 860, as 3260
is the only allowed default.

Also associated with iSCSI is iSNS, Internet Storage Name Service, on port 3205.

These services essentially open up your storage to the Internet in ways even more deep than
CIFS, NFS and other file-level sharing services. Therefore you should be very careful about
security and may want to block these ports completely, or tightly limit access to them.

Printing
There are several port numbers that may be involved with printing.

Print Server Port Numbers is a useful guide.


The three main ones are LPD ("printer") on port 515, IPP on 631, and PDL-datastream on 9100.

Apple MacOS X Rendezvous Printing (PDF) will discover printers that are advertising their
services. They give the example

For example, the Apple LaserWriter 8500 would register the following services,
assuming the default domain is "local."

Apple LaserWriter 8500._printer._tcp.local. Port 515


Apple LaserWriter 8500._ipp._tcp.local. Port 631
Apple LaserWriter 8500._pdl-datastream._tcp.local. Port 9100

Napster
After examining Napster, I decided it was such a complex protocol that it deserved its own
section. The first thing to be aware of is that there are two versions of Napster. The "original"
flavor is what most people will be interested in. This is the full music file-sharing service. This
original service provided by Napster.com has now been shut down. Napster.com will be
providing a new service with much more controlled music sharing. However, the original
protocol lives on, and the protocol has been analyzed so that people could write compatible
applications for many different operating systems.

There is information on the protocol (and how to get it through your firewall) from:

 Microsoft Support Q275236


 opennap.sourceforge.net
 david.weekly.org

Here is a summary of the TCP ports it uses. I have put the notation (primary) after the main port,
if more than one port is listed.

 metaserver / redirector: 8875


 directory servers: 4444, 5555, 6666, 7777, 8888 (primary)
 client: 6600 to 6699 (primary)

PalTalk
PalTalk is another messy service that uses many ports, more than I want to summarize here. Visit
their support page: PalTalk Networking Support.

Ultima Online
Information from What are the port numbers I need to play UO behind a firewall or proxy
server?
Service Ports Notes
Game 5001-5010
Login 7775-7777
Patch 8888 overlaps with common HTTP port
UO Messenger 8800-8900 includes port 8866 which is also used by Trojan
Patch 9999

Windows and MSN Messenger Application


A related note: the Messenger Service that runs at the Windows SERVICE level is different from
the Windows Messenger or MSN Messenger application. For information about the Messenger
APPLICATION see

 For file transfer or voice chat ports and NAT information for MSN Messenger 3 see MS
Support article Q278887.
 Microsoft Knowledge Base Article Q324214 - You cannot make phone calls or start
voice or video conversations with Windows Messenger
 Windows Messenger 5.0 in Windows XP: Working With Firewalls and Network Address
Translation Devices
 Microsoft Support WebCast - Microsoft Windows Messenger for Windows XP: New
Features, Common Issues, and Troubleshooting July 17, 2002

Service TCP UDP Notes


Windows Messenger - voice (computer 2001-2120, from Q324214. NOTE: 6801 is
to phone) 6801, 6901 Net2Phone.
6891- from Q278887. Allows up to 10
MSN Messenger - file transfers
6900 simultaneous transfers.
MSN Messenger - voice
communications (computer to 6901 6901 from Q278887
computer)

For Windows Messenger in a non-UPnP environment, unfortunately Microsoft requires dynamic


UDP ports across a very wide range. This is a tremendous security risk. Try to establish a UPnP
environment if possible. Nevertheless, here is what they say To support [audio and video] in both
directions through the firewall, all UDP ports between 5004 and 65535 must be opened to allow
signaling (SIP) and media streams (RTP) to traverse the firewall.

Also note: I don't know how much information for WINDOWS Messenger applies to MSN
Messenger and vice versa. I also don't know how much information for MSN Messenger
Windows version applies to MSN Messenger Mac version. And last but not least, there are
multiple different versions of Messenger, which may differ in various ways.

Email Ports
Email is sent around the Internet mainly from server to server using SMTP. Once delivered,
clients may access it in a variety of ways, including POP3 and IMAP. This section DOES NOT
cover Microsoft Exchange or other proprietary mail protocols.

The major upcoming change to email is the use of TCP port 587 "submission" for email, as
defined in section 3.1 of RFC 2476 - Message Submission. This is planned to replace the
traditional use of TCP port 25, SMTP.

3.1. Submission Identification

Port 587 is reserved for email message submission as specified in this document. Messages
received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA,
ESMTP], with additional restrictions as specified here.

While most email clients and servers can be configured to use port 587 instead of 25, there are
cases where this is not possible or convenient. A site MAY choose to use port 25 for message
submission, by designating some hosts to be MSAs and others to be MTAs.

This initiative is being promoted by, amongst others, the Anti-Spam Technical Alliance. See
Anti-Spam Technical Alliance Technology and Policy Proposal, Version 1.0, 22 June 2004
(PDF)

We further recommend that SMTP authentication be implemented on the standard Mail


Submission Port, port 587, and that ISPs encourage their customers to switch their mail client
software (for example, MS Outlook, Eudora, and so on) to this port. Using this port will provide
seamless connectivity that does not depend on if a network allows port 25 traffic.

In addition to SMTP, the other main email protocols are POP3 and IMAP, these are protocols for
email clients to access their mailboxes. There are many other topics that are outside the scope of
this page. For example, email addresses are described in RFC 2822 (obsoletes RFC 822), and
SMTP authentication is covered in RFC 2554 - SMTP Service Extension for Authentication.
Transport Layer Security (TLS) is covered in RFC 2246 - The TLS Protocol Version 1.0. SMTP
over TLS is covered in RFC 3207 - SMTP Service Extension for Secure SMTP over Transport
Layer Security.

The Network Sorcery RFC Sourcebook entry for SMTP also links to many relevant RFCs that
cover the details of the protocol itself.

TCP
Service Notes
Port
SMTP - Simple
* As part of the anti-spam best practices, you should block this outgoing
Mail Transfer 25
for any machine that doesn't need to send email directly.
Protocol
SMTPs - secure 465 Port 465 shows up Appendix A of the 1996 non-standard standard The
SMTP SSL Protocol Version 3.0 as "Simple Mail Transfer Protocol with SSL".
Unfortunately, it's not registered for SMTPs, it's registered for URD -
"URL Rendesvous Directory for SSM" by Cisco. The recommended
approach, at least for authentication, is to use START TLS encryption
on submission port 587.
(SMTP email)
587 * See RFC 2476 - Message Submission.
submission
POP2 - Post
109 * obsolete
Office Protocol 2
POP3 - Post
110 *
Office Protocol 3
POP3s - secure
995 * Full description is "pop3 protocol over TLS/SSL (was spop3)".
POP3
IMAP3 -
Interactive Mail
220 * obsolete
Access Protocol
v3
IMAP4 - Internet
Message Access 143 * Also referred to by version as IMAP4.
Protocol 4
IMAPs - secure * Full description is "imap4 protocol over TLS/SSL". Use 993 instead of
993
IMAP TCP port 585 "imap4-ssl", which is deprecated.

Oracle Database TCP/IP Ports


I have a separate page for Oracle ports.

Obsolete Services
Apple released QuickTime 4 some time ago. I am unsure of the status of their older QuickTime
Conferencing (MovieTalk) protocol. All of the applications that supported it (Connectix
VideoPhone, Apple VideoPhone, Netscape CoolTalk, QuickTime TV) are no longer supported
and the QuickTime Conferencing website is gone.

Service TCP UDP Notes


QuickTime Conferencing
458 458, dyn >= 7000 videoconferencing *
(MovieTalk)
Apple VideoPhone MovieTalk MovieTalk videoconferencing *
MovieTalk, dyn >=1024,
Connectix VideoPhone MovieTalk videoconferencing
4242
Netscape CoolTalk 6499, 6500 13000 videoconferencing

Official TCP/IP Port Assignments


 IANA - TCP/IP Port Assignments (585K)
Also note, although you will sometimes see mention of RFC 1700 "Assigned Numbers" (dated
October 1994) it was long ago obsoleted by the official IANA list. Do not use RFC 1700 as a
reference. This fact is now officially documented by RFC 3232 "Assigned Numbers: RFC 1700
is Replaced by an On-line Database".

Network Sorcery lists the IANA TCP/UDP Ports with links to pages describing some protocols
in detail, as part of its incredibly useful RFC Sourcebook.

Searchable Port Lists


These cover registered, unregistered, and trojan ports - note that many ports have legitimate,
required uses, even though people have also used them as trojan ports.

 Andrew Daviel's Network Service Query is a very nice port metasearch engine
 Tantalo.net Ports database
 Neohapsis Ports List
 PC Flank Ports Database
 portsdb.org Ports Database
 Snort Ports Database
 SecurityStats.Com TCP/UDP Port Search
 Dave's Port Lookup lists registered services along with known trojans
 WeetHet in English or in Dutch lists both registered and trojan ports
 UpOneLevel Network Port listing
 Techeez Port Search

Understanding TCP/IP
The IBM RedBooks are an amazing resource for many technical topics. They have a TCP/IP
Tutorial and Technical Overview available as HTML or 7.7 MB PDF.

Cisco also provides excellent information online. Internet Protocols is just one section of their
Internetworking Technology Handbook.

There is information on IP (the protocol on which TCP and UDP are built) in Internet Core
Protocols: The Definitive Guide Sample Chapter 2: The Internet Protocol [IP].

Articles and Related Resources


Windows
This section discusses specific port information related to Microsoft or provided by them. If you
are looking for information about Windows firewalls, including XP Service Pack 2, see the
Windows Security Software and Built-in Windows Firewalls sections of my Trojan TCP/IP Ports
page.

Microsoft has announced a new Windows Firewall in Windows XP Service Pack 2, it replaces
the Internet Connection Firewall (ICF) in previous versions of Windows.

 MS KB 842242 - Some programs seem to stop working after you install Windows XP
Service Pack 2 has a section "Identifying and opening ports" and also a fairly extensive
list of ports in "Programs that may require you to open ports manually", although for all
of the games it says "see the documentation" in the Ports column which is not exactly
helpful information.
 How to Open Ports in the Windows XP Internet Connection Firewall has a list of ports
followed by instructions
 Port Requirements for the Microsoft Windows Server System (KB 832017)
 TCP and UDP Port Assignments (Windows 2000 Server - Resource Kits - TCP/IP Core
Networking Guide - Appendix C)
 NetBIOS Over TCP/IP [original page removed; using archive.org version]
 Firewall Information - Windows Media Technologies
 Microsoft has provided a good list of Windows NT, Terminal Server, and Microsoft
Exchange Services Use TCP/IP Ports
 TCP/UDP Ports Used By Exchange 2000 Server
 Active Directory Replication over Firewalls
 TCP, UDP, and RPC Ports Used by MSMQ (Microsoft Message Queue Server)
 A List of the Windows 2000 Domain Controller Default Ports

More information about Windows Remote Desktop Protocol (RDP)

As indicated in the RDP section above, this protocol uses a registered TCP port. It is used for XP
Pro Remote Desktop and XP Remote Assistance (read Administering Remote Assistance for a
very good overview of firewall, NAT and blocking issues). Also used for WinNT4 Terminal
Server, Win2000 Terminal Services, and Win .NET Server 2003 Terminal Server.

Windows Remote Procedure Call (RPC) and Distributed COM (DCOM)

In some cases, Microsoft uses port 135 as an RPC Endpoint Mapper. Runs as RPCSS on (some
versions of?) Windows. This is a sort of "RPC directory" service which can be used to lookup
what ports other services are running on. For some additional information, see Windows 2000
Network Architecture: Remote Procedure Call and NT Gatekeeper: RPC and Firewall
Configuration.

MS-RPC on port 135 is required for some Exchange Server and Active Directory
communications. See e.g. TCP Ports and Microsoft Exchange: In-depth Discussion and
Restricting Active Directory Replication Traffic to a Specific Port.
However this port also poses a security risk, as indicated in the NET SEND section of my
broadband security page.
UPDATE 2003-08-13: Also see the Blaster Worm section for information about this additional
security risk.

Additional information:

 Using Distributed COM with Firewalls


 RPC and Firewall Configuration
Sidebar: RPC Dynamic Port Allocation

Mac
OpenDoor (makers of DoorStop) have a nice list of MacOS-related ports, with hyperlinks to
relevant information.

Apple support has provided a list of "Well Known" TCP and UDP Ports Used By Apple
Software Products.

Although it doesn't give any port numbers, you may find Rendezvous service types being used
by Mac OS X useful.

Novell (NetWare)
 Novell Documentation: NetWare 6 - Port Number Assignments
 Matrix of Ports used in NetWare 6 - TID 10065719
 TCP/IP Port Numbers used by Novell Products - TID 10014320 (NetWare 5.0 and
earlier)

IBM (WebSphere)
 Firewall Port Assignments in WebSphere Application Server V5

IP Telephony / Voice over IP (VoIP) / H.323 / SIP / RTP


Some applications that use H.323 include: ohphone, ohphoneX, ...

Getting H.323 audio/video conferencing through firewalls is particularly problematic. I have


used Google cache to rescue an Intel document The Problems and Pitfalls of Getting H.323
Safely Through Firewalls. Note in particular that RTCP (Real Time Control Protocol) has no
fixed port, an RTCP session is paired with an RTP session, if you have an RTP stream on even
numbered UDP port x, RTCP is on x + 1.

 IP Ports and Protocols used by H.323 Devices


 Cisco: IP Telephony / VoIP Traversal of NAT and Firewall
General
The white paper Cisco PIX Firewall and Stateful Firewall Security contains some useful
information about the ports and connection protocols for VDOnet, CU-SeeMe, and RealAudio.

Ed Bott's article Block those ports! contains some useful information, and also a kind review of
this web page.

You can check out Internet Firewalls: Frequently Asked Questions. As of this writing it was last
updated 2000/12/01 but it still has lots of good information.

NetGear's Applications Port List lists a lot of games.

Tim Williams' list of Ports Used by Computer Games has lots of good info.

By popular request: a page on Blocking Chat Programs.

More and more good resources are becoming available, particularly for people with home
networks. If you haven't found what you were looking for here, you can try:

 PracticallyNetworked:
o Handling Special Applications
o Special Applications - Opening Ports
o Special Applications - Port List
 HomeNetHelp:
o Explaining DMZs and Port Forwarding
o Port list for running a server through a router
o Port list for running a game server through a router or firewall

Network Protocols
Note that certain services such as IPSec and Microsoft's PPTP use non-TCP/UDP protocols so
they may be more complicated to use. In particular, PPTP uses GRE (protocol 47) and IPSec
uses ESP (protocol 50) and AH (protocol 51). Protocol numbers are not the same as port
numbers. IANA maintains the Assigned Internet Protocol Numbers.

Books
 TCP/IP books from Amazon (USA)
Related Information: Trojan TCP/IP Ports,
Free Firewall Book
Those of you concerned with Internet security may wish to also check out my companion page,
Trojan TCP/IP Ports for a list of ports used by trojan horse and backdoor programs. Also I have a
link to firewall books there (including a free book).

Questions
If you have questions, comments or suggestions specifically about this page or TCP/IP ports
then you can email me or use my QuickTopic: Discuss TCP/IP Ports.

For firewall questions I suggest the USENET group comp.security.firewalls via


groups.google.com or your newsreader.

If your question is Microsoft-specific, you may want to try the USENET microsoft.public
groups, in particular:

 microsoft.public.msn.messenger: Google Groups or newsreader


 microsoft.public.windowsxp.messenger: Google Groups or newsreader
 microsoft.public.internet.mschat: Google Groups or newsreader
 microsoft.public.internet.netmeeting: Google Groups or newsreader

Copyright © 1996-2007 Richard Akerman. All rights reserved. No mirroring without prior
written consent.

If you wish to mirror this page, contact me by email. The requirements are:

 The page content including my copyright notice remains intact


 The official permanent link to this page is http://www.akerman.ca/port-table.html
 The date of the mirror and the frequency of updates must be indicated
 Use metatags or robots.txt to prevent your mirror from being indexed by search engines
 There can be no other copyright notices or advertising/promotion of any kind on the
mirror page

You might also like