Any Port in A Datastorm
Any Port in A Datastorm
It seems like every day there is a new Internet service that uses some new set of poorly-
documented, unregistered ports. I created this page to gather together all the information I could
find about the ports used by these new services, for use by firewall administrators and other
network monitors.
"dyn" in the ports field denotes dynamically allocated port(s), usually in the range
>=1024 <=65535
A name in the ports field (e.g. LDAP) indicates that service is also required
A plus sign + in the ports field indicates the service may use a series of ports starting at
the specified one
An asterisk * in the Notes field indicates that the ports are IANA registered
When a specific port is registered it is usually assigned for both TCP and UDP even though only
one or the other may be required. Where possible I have only shown the required ones.
This is not intended to list old, well-documented services such as telnet, FTP etc. You can find
these in the IANA list.
You may contact me by email with any suggestions or corrections, or post a message to the
TCP/IP Ports discussion.
iSCSI
iSCSI is specified in RFC 3720 - Internet Small Computer Systems Interface.
The well-known user TCP port number for iSCSI connections assigned by IANA is 3260 and
this is the default iSCSI port. Implementations needing a system TCP port number may use port
860, the port assigned by IANA as the iSCSI system port; however in order to use port 860, it
MUST be explicitly specified - implementations MUST NOT default to use of port 860, as 3260
is the only allowed default.
Also associated with iSCSI is iSNS, Internet Storage Name Service, on port 3205.
These services essentially open up your storage to the Internet in ways even more deep than
CIFS, NFS and other file-level sharing services. Therefore you should be very careful about
security and may want to block these ports completely, or tightly limit access to them.
Printing
There are several port numbers that may be involved with printing.
Apple MacOS X Rendezvous Printing (PDF) will discover printers that are advertising their
services. They give the example
For example, the Apple LaserWriter 8500 would register the following services,
assuming the default domain is "local."
Napster
After examining Napster, I decided it was such a complex protocol that it deserved its own
section. The first thing to be aware of is that there are two versions of Napster. The "original"
flavor is what most people will be interested in. This is the full music file-sharing service. This
original service provided by Napster.com has now been shut down. Napster.com will be
providing a new service with much more controlled music sharing. However, the original
protocol lives on, and the protocol has been analyzed so that people could write compatible
applications for many different operating systems.
There is information on the protocol (and how to get it through your firewall) from:
Here is a summary of the TCP ports it uses. I have put the notation (primary) after the main port,
if more than one port is listed.
PalTalk
PalTalk is another messy service that uses many ports, more than I want to summarize here. Visit
their support page: PalTalk Networking Support.
Ultima Online
Information from What are the port numbers I need to play UO behind a firewall or proxy
server?
Service Ports Notes
Game 5001-5010
Login 7775-7777
Patch 8888 overlaps with common HTTP port
UO Messenger 8800-8900 includes port 8866 which is also used by Trojan
Patch 9999
For file transfer or voice chat ports and NAT information for MSN Messenger 3 see MS
Support article Q278887.
Microsoft Knowledge Base Article Q324214 - You cannot make phone calls or start
voice or video conversations with Windows Messenger
Windows Messenger 5.0 in Windows XP: Working With Firewalls and Network Address
Translation Devices
Microsoft Support WebCast - Microsoft Windows Messenger for Windows XP: New
Features, Common Issues, and Troubleshooting July 17, 2002
Also note: I don't know how much information for WINDOWS Messenger applies to MSN
Messenger and vice versa. I also don't know how much information for MSN Messenger
Windows version applies to MSN Messenger Mac version. And last but not least, there are
multiple different versions of Messenger, which may differ in various ways.
Email Ports
Email is sent around the Internet mainly from server to server using SMTP. Once delivered,
clients may access it in a variety of ways, including POP3 and IMAP. This section DOES NOT
cover Microsoft Exchange or other proprietary mail protocols.
The major upcoming change to email is the use of TCP port 587 "submission" for email, as
defined in section 3.1 of RFC 2476 - Message Submission. This is planned to replace the
traditional use of TCP port 25, SMTP.
Port 587 is reserved for email message submission as specified in this document. Messages
received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA,
ESMTP], with additional restrictions as specified here.
While most email clients and servers can be configured to use port 587 instead of 25, there are
cases where this is not possible or convenient. A site MAY choose to use port 25 for message
submission, by designating some hosts to be MSAs and others to be MTAs.
This initiative is being promoted by, amongst others, the Anti-Spam Technical Alliance. See
Anti-Spam Technical Alliance Technology and Policy Proposal, Version 1.0, 22 June 2004
(PDF)
In addition to SMTP, the other main email protocols are POP3 and IMAP, these are protocols for
email clients to access their mailboxes. There are many other topics that are outside the scope of
this page. For example, email addresses are described in RFC 2822 (obsoletes RFC 822), and
SMTP authentication is covered in RFC 2554 - SMTP Service Extension for Authentication.
Transport Layer Security (TLS) is covered in RFC 2246 - The TLS Protocol Version 1.0. SMTP
over TLS is covered in RFC 3207 - SMTP Service Extension for Secure SMTP over Transport
Layer Security.
The Network Sorcery RFC Sourcebook entry for SMTP also links to many relevant RFCs that
cover the details of the protocol itself.
TCP
Service Notes
Port
SMTP - Simple
* As part of the anti-spam best practices, you should block this outgoing
Mail Transfer 25
for any machine that doesn't need to send email directly.
Protocol
SMTPs - secure 465 Port 465 shows up Appendix A of the 1996 non-standard standard The
SMTP SSL Protocol Version 3.0 as "Simple Mail Transfer Protocol with SSL".
Unfortunately, it's not registered for SMTPs, it's registered for URD -
"URL Rendesvous Directory for SSM" by Cisco. The recommended
approach, at least for authentication, is to use START TLS encryption
on submission port 587.
(SMTP email)
587 * See RFC 2476 - Message Submission.
submission
POP2 - Post
109 * obsolete
Office Protocol 2
POP3 - Post
110 *
Office Protocol 3
POP3s - secure
995 * Full description is "pop3 protocol over TLS/SSL (was spop3)".
POP3
IMAP3 -
Interactive Mail
220 * obsolete
Access Protocol
v3
IMAP4 - Internet
Message Access 143 * Also referred to by version as IMAP4.
Protocol 4
IMAPs - secure * Full description is "imap4 protocol over TLS/SSL". Use 993 instead of
993
IMAP TCP port 585 "imap4-ssl", which is deprecated.
Obsolete Services
Apple released QuickTime 4 some time ago. I am unsure of the status of their older QuickTime
Conferencing (MovieTalk) protocol. All of the applications that supported it (Connectix
VideoPhone, Apple VideoPhone, Netscape CoolTalk, QuickTime TV) are no longer supported
and the QuickTime Conferencing website is gone.
Network Sorcery lists the IANA TCP/UDP Ports with links to pages describing some protocols
in detail, as part of its incredibly useful RFC Sourcebook.
Andrew Daviel's Network Service Query is a very nice port metasearch engine
Tantalo.net Ports database
Neohapsis Ports List
PC Flank Ports Database
portsdb.org Ports Database
Snort Ports Database
SecurityStats.Com TCP/UDP Port Search
Dave's Port Lookup lists registered services along with known trojans
WeetHet in English or in Dutch lists both registered and trojan ports
UpOneLevel Network Port listing
Techeez Port Search
Understanding TCP/IP
The IBM RedBooks are an amazing resource for many technical topics. They have a TCP/IP
Tutorial and Technical Overview available as HTML or 7.7 MB PDF.
Cisco also provides excellent information online. Internet Protocols is just one section of their
Internetworking Technology Handbook.
There is information on IP (the protocol on which TCP and UDP are built) in Internet Core
Protocols: The Definitive Guide Sample Chapter 2: The Internet Protocol [IP].
Microsoft has announced a new Windows Firewall in Windows XP Service Pack 2, it replaces
the Internet Connection Firewall (ICF) in previous versions of Windows.
MS KB 842242 - Some programs seem to stop working after you install Windows XP
Service Pack 2 has a section "Identifying and opening ports" and also a fairly extensive
list of ports in "Programs that may require you to open ports manually", although for all
of the games it says "see the documentation" in the Ports column which is not exactly
helpful information.
How to Open Ports in the Windows XP Internet Connection Firewall has a list of ports
followed by instructions
Port Requirements for the Microsoft Windows Server System (KB 832017)
TCP and UDP Port Assignments (Windows 2000 Server - Resource Kits - TCP/IP Core
Networking Guide - Appendix C)
NetBIOS Over TCP/IP [original page removed; using archive.org version]
Firewall Information - Windows Media Technologies
Microsoft has provided a good list of Windows NT, Terminal Server, and Microsoft
Exchange Services Use TCP/IP Ports
TCP/UDP Ports Used By Exchange 2000 Server
Active Directory Replication over Firewalls
TCP, UDP, and RPC Ports Used by MSMQ (Microsoft Message Queue Server)
A List of the Windows 2000 Domain Controller Default Ports
As indicated in the RDP section above, this protocol uses a registered TCP port. It is used for XP
Pro Remote Desktop and XP Remote Assistance (read Administering Remote Assistance for a
very good overview of firewall, NAT and blocking issues). Also used for WinNT4 Terminal
Server, Win2000 Terminal Services, and Win .NET Server 2003 Terminal Server.
In some cases, Microsoft uses port 135 as an RPC Endpoint Mapper. Runs as RPCSS on (some
versions of?) Windows. This is a sort of "RPC directory" service which can be used to lookup
what ports other services are running on. For some additional information, see Windows 2000
Network Architecture: Remote Procedure Call and NT Gatekeeper: RPC and Firewall
Configuration.
MS-RPC on port 135 is required for some Exchange Server and Active Directory
communications. See e.g. TCP Ports and Microsoft Exchange: In-depth Discussion and
Restricting Active Directory Replication Traffic to a Specific Port.
However this port also poses a security risk, as indicated in the NET SEND section of my
broadband security page.
UPDATE 2003-08-13: Also see the Blaster Worm section for information about this additional
security risk.
Additional information:
Mac
OpenDoor (makers of DoorStop) have a nice list of MacOS-related ports, with hyperlinks to
relevant information.
Apple support has provided a list of "Well Known" TCP and UDP Ports Used By Apple
Software Products.
Although it doesn't give any port numbers, you may find Rendezvous service types being used
by Mac OS X useful.
Novell (NetWare)
Novell Documentation: NetWare 6 - Port Number Assignments
Matrix of Ports used in NetWare 6 - TID 10065719
TCP/IP Port Numbers used by Novell Products - TID 10014320 (NetWare 5.0 and
earlier)
IBM (WebSphere)
Firewall Port Assignments in WebSphere Application Server V5
Ed Bott's article Block those ports! contains some useful information, and also a kind review of
this web page.
You can check out Internet Firewalls: Frequently Asked Questions. As of this writing it was last
updated 2000/12/01 but it still has lots of good information.
Tim Williams' list of Ports Used by Computer Games has lots of good info.
More and more good resources are becoming available, particularly for people with home
networks. If you haven't found what you were looking for here, you can try:
PracticallyNetworked:
o Handling Special Applications
o Special Applications - Opening Ports
o Special Applications - Port List
HomeNetHelp:
o Explaining DMZs and Port Forwarding
o Port list for running a server through a router
o Port list for running a game server through a router or firewall
Network Protocols
Note that certain services such as IPSec and Microsoft's PPTP use non-TCP/UDP protocols so
they may be more complicated to use. In particular, PPTP uses GRE (protocol 47) and IPSec
uses ESP (protocol 50) and AH (protocol 51). Protocol numbers are not the same as port
numbers. IANA maintains the Assigned Internet Protocol Numbers.
Books
TCP/IP books from Amazon (USA)
Related Information: Trojan TCP/IP Ports,
Free Firewall Book
Those of you concerned with Internet security may wish to also check out my companion page,
Trojan TCP/IP Ports for a list of ports used by trojan horse and backdoor programs. Also I have a
link to firewall books there (including a free book).
Questions
If you have questions, comments or suggestions specifically about this page or TCP/IP ports
then you can email me or use my QuickTopic: Discuss TCP/IP Ports.
If your question is Microsoft-specific, you may want to try the USENET microsoft.public
groups, in particular:
Copyright © 1996-2007 Richard Akerman. All rights reserved. No mirroring without prior
written consent.
If you wish to mirror this page, contact me by email. The requirements are: