Powered by

20 COMMON PORTS
Every Cyber Enthusiasts must know!

Prepared by
 Powered by

This guide covers 20 commonly used network ports

and their associated protocols, grouped by function.

Each entry lists the port number and transport

protocol (TCP/UDP), the protocol name, and a brief
description of its purpose in computer networks.

This reference is aimed at students and enthusiasts

learning about computer networking and
cybersecurity.

Let’s get started!

 Powered by

REMOTE ACCESS AND

ADMINISTRATION PROTOCOLS
TCP 22 (SSH)

Secure Shell: Used for secure remote login and command

execution on networked devices. SSH provides an encrypted
channel for administering servers, network equipment, and other
systems remotely, preventing eavesdropping on credentials and
data.

SSH Sessions TCP

Port
Control/Data Channel

Totally Encrypted

STFP Client STFP Server

TCP 22 Diagram

TCP 23 (Telnet)

Telnet Protocol: Used for remote command-line login to devices

without encryption. Telnet allows you to control another machine
over the network as if you were on a local terminal, but it sends
data (including passwords) in plain text, so it’s largely obsolete in
favor of SSH for security.
 Powered by

TCP 3389 (RDP)

Remote Desktop Protocol: Used for graphical remote access to

Windows machines. RDP allows users to connect to a Windows
computer’s desktop interface over the network, enabling full
remote control of the computer with encryption of the session.

FIREWALL
X 3389

CLIENT RD GATEWAY RD SESSION HOST

TCP 3389 Diagram

 Powered by

FILE TRANSFER AND

SHARING PROTOCOLS
TCP 21 (FTP)

File Transfer Protocol: A standard protocol for transferring files

between a client and server on a network. FTP allows users to
upload and download files, often used for moving web page files to
a server or exchanging data. It operates in plain text (unencrypted),
meaning credentials and data can be intercepted unless secured
by extensions or replaced by secure alternatives.

TCP 139 (NetBIOS)

NetBIOS Session Service: An older network service used on

Windows networks for file and printer sharing over TCP/IP. Port
139 is used by NetBIOS over TCP to support network basic
input/output system services (like sharing files or network
browsing) on legacy systems. In modern networks, it has mostly
been superseded by direct SMB communication on port 445.
 Powered by

TCP 445 (SMB)

Server Message Block: The port for direct SMB/CIFS network file
sharing used mainly by Windows. SMB protocol enables shared
access to files, printers, and serial ports among nodes on a
network. Modern Windows systems use SMB on TCP 445 (without
the older NetBIOS layer) for file sharing and also for features like
Active Directory domain authentication.

SMB REQUESTS

SMB RESPONSES

CLIENT SERVER

TCP 445 Diagram

 Powered by

WEB PROTOCOLS
TCP 80 (HTTP)

Hypertext Transfer Protocol: The foundation of the World Wide

Web, used for unencrypted web traffic. HTTP defines how web
clients (browsers) request resources from web servers and how
servers respond, transferring web pages, images, and other
content in plain text. It operates in the clear, so data can be
observed if not on a secure network.

User Normal HTTP (80)

Insecure
Connection

User Secure HHTPS (443)

Encrypted SSL
Connection

http vs https

TCP 443 (HTTPS)

HTTP Secure (HTTP over SSL/TLS): The secure version of HTTP

used for encrypted web traffic. HTTPS uses TLS/SSL encryption to
protect data exchanged between a web browser and server,
ensuring privacy and integrity (important for login pages, online
banking, etc.). It runs on port 443 by default and appears as
https:// in URLs.
 Powered by

EMAIL PROTOCOLS

TCP 25 (SMTP)

Simple Mail Transfer Protocol: The standard protocol for sending

email across networks. SMTP is used by mail servers to route
messages to the correct destination server and by email clients to
send outgoing mail to a server. It operates in plain text by default
(with optional upgrades to TLS for security on other ports) and is
the backbone for transferring email between servers.

TCP 110 (POP3)

Post Office Protocol v3: A protocol for retrieving email from a mail
server to a client. POP3 typically downloads emails from the server
to the user’s local device and (usually) deletes them from the
server. This is useful for simple mail clients or when you want to
store mail offline, but it means the email is tied to that device
unless configured to leave copies on the server.
 Powered by

TCP 143 (IMAP)

Internet Message Access Protocol: Another protocol for retrieving

email, which allows for more flexible email management on the
server. IMAP lets clients view and manipulate emails directly on the
mail server—emails can be read, organized into folders, or deleted
without needing to download everything. This enables
synchronization across multiple devices (e.g., reading an email on
your phone marks it as read on your laptop as well).

TCP/IP

port 143

IMAP Client IMAP Server

What Is IMAP and How Does It Work?

 Powered by

NETWORK INFRASTRUCTURE SERVICES

TCP/UDP 53 (DNS)

Domain Name System: The service that translates human-readable

domain names (like example.com) into IP addresses (and vice
versa). DNS primarily uses UDP on port 53 for quick
query/response lookups of names to IPs, enabling web browsing
and other services to find servers by name. It can also use TCP 53
for tasks like zone transfers between DNS servers or when
responses are too large for UDP.

UDP 67 (DHCP Server)

Dynamic Host Configuration Protocol (Server Port): Used by DHCP

servers to listen for requests from clients. When a new device
connects to a network, it sends a DHCP discovery request. The
DHCP server, listening on UDP 67, responds with an IP address
offer and network configuration (subnet mask, gateway, DNS
servers, etc.), automating the IP assignment process.
 Powered by

UDP 68 (DHCP Client)

Dynamic Host Configuration Protocol (Client Port): Used by DHCP

clients (network devices) to receive responses from the DHCP
server. The client sends its request from port 68 and listens on this
port for the DHCP server’s reply containing the assigned IP address
and other network settings. This two-port system (67/68) is what
allows devices to quickly obtain network configuration without
manual setup.

192.
168.
0.22

192.168.0.13
IP Address Database
. 0.77
.168 DHCP Server
192

Understanding DHCP Port

UDP 123 (NTP)

Network Time Protocol: A protocol for time synchronization across

computers in a network. NTP clients use UDP port 123 to
communicate with NTP servers, obtaining the current time and
date. This ensures that system clocks are accurate and in sync,
which is crucial for security protocols, logging, scheduling tasks,
and consistent time-stamping across distributed systems.
 Powered by

DIRECTORY AND NETWORK

MANAGEMENT PROTOCOLS
TCP/UDP 389 (LDAP)

Lightweight Directory Access Protocol: Used for accessing and

maintaining distributed directory information services. LDAP is
commonly used in corporate and campus networks for centralized
authentication and directory services (like Active Directory). Clients
and applications connect to directory servers on port 389 to query
or modify entries (e.g. looking up user account details or verifying
credentials). While TCP 389 is typical for LDAP queries, UDP 389
may be used for simple read-only queries or discovery (CLDAP).

UDP 161 (SNMP)

Simple Network Management Protocol: Used for monitoring and

managing network devices. SNMP agents (running on routers,
switches, servers, etc.) listen on UDP port 161 for queries from an
SNMP manager. Using SNMP, administrators can retrieve metrics
(like bandwidth usage, uptime, device status) and even configure
certain parameters on network hardware. It’s a lightweight protocol
designed to manage network elements remotely, often used in
network monitoring systems.
 Powered by

DATABASE SERVICE PORTS

TCP 1521 (Oracle DB)

Oracle Database Default Port: The primary port for Oracle database servers,
used by Oracle’s listener service (Oracle Net Listener). Client applications
connect over TCP 1521 to communicate with the Oracle database using
Oracle’s SQL*Net (Net8) protocol. This allows remote execution of SQL
queries and transactions on the Oracle DB server.

TCP 3306 (MySQL)

MySQL Database Port: The default port for MySQL database server
communications. Clients (or applications like web backends) connect via
TCP 3306 to send SQL queries and retrieve data from the MySQL database.
This port facilitates client-server communication for managing databases,
performing queries, and updating records in MySQL or MariaDB instances.

TCP 5432 (PostgreSQL)

PostgreSQL Database Port: The standard port for PostgreSQL database

server. Similar to MySQL’s port, TCP 5432 is where PostgreSQL listens for
client connections. Applications and tools use this port to connect to the
Postgres database, execute SQL commands, and manage data. It enables
networked database access for Postgres, a popular open-source relational
database system.
 Powered by

FOLLOW
CYBERMATERIAL