Network Ports You Need to Know
The ports I reference constantly when configuring firewalls, troubleshooting connectivity, and reviewing security.
I look up port numbers constantly. Firewall rules, security group configs, troubleshooting connectivity - you need to know what services use which ports. Here's my reference list.
Web Traffic
| Port | Service | Notes |
|---|---|---|
| 80 | HTTP | Unencrypted web. Mostly just for redirects now. |
| 443 | HTTPS | Encrypted web. This should be your default. |
| 8080 | HTTP-Alt | Common for proxies, dev servers |
| 8443 | HTTPS-Alt | Alternative HTTPS |
Remote Access
| Port | Service | Notes |
|---|---|---|
| 22 | SSH | Encrypted remote access. Disable password auth, use keys. |
| 3389 | RDP | Windows Remote Desktop. Never expose directly to internet. |
| 23 | Telnet | Plaintext. Should be disabled everywhere. Legacy only. |
RDP exposed to the internet is a common attack vector. I've seen compromised servers where RDP was the entry point. Always put it behind a VPN or jump host.
File Transfer
| Port | Service | Notes |
|---|---|---|
| 21 | FTP (control) | Plaintext credentials. Replace with SFTP. |
| 20 | FTP (data) | Active mode data channel |
| 22 | SFTP | SSH-based file transfer. Use this instead of FTP. |
| Port | Service | Notes |
|---|---|---|
| 25 | SMTP | Server-to-server mail. Often blocked by ISPs. |
| 587 | SMTP Submission | For mail clients sending mail. Use this. |
| 465 | SMTPS | SMTP over TLS |
| 993 | IMAPS | Encrypted IMAP |
| 995 | POP3S | Encrypted POP3 |
| 143 | IMAP | Unencrypted. Don't use. |
| 110 | POP3 | Unencrypted. Don't use. |
DNS and Network Services
| Port | Service | Notes |
|---|---|---|
| 53 | DNS | UDP for queries, TCP for zone transfers |
| 67/68 | DHCP | Server listens on 67, client on 68 |
| 123 | NTP | Time sync. Important for auth protocols. |
| 514 | Syslog | Centralized logging |
Databases
| Port | Service | Notes |
|---|---|---|
| 3306 | MySQL/MariaDB | Never expose to internet |
| 5432 | PostgreSQL | Never expose to internet |
| 1433 | SQL Server | Never expose to internet |
| 27017 | MongoDB | Definitely never expose to internet |
| 6379 | Redis | In-memory store. Often misconfigured. |
Database ports should only be accessible from application servers. I've seen data breaches from exposed MongoDB instances - attackers scan for these constantly.
Directory Services
| Port | Service | Notes |
|---|---|---|
| 389 | LDAP | Unencrypted directory access |
| 636 | LDAPS | LDAP over TLS. Use this. |
| 88 | Kerberos | Active Directory authentication |
Monitoring
| Port | Service | Notes |
|---|---|---|
| 161 | SNMP | Network monitoring |
| 162 | SNMP Traps | Alerts from devices |
Security Rules I Follow
Default deny. Block everything, then explicitly allow what's needed.
Encrypted alternatives only. HTTPS not HTTP. SSH not Telnet. SFTP not FTP.
Never expose management ports. SSH, RDP, database ports should only be accessible from known IPs or through VPN.
Audit regularly. Unused open ports are attack surface waiting to be exploited.
Quick Reference
Most common ports I deal with daily:
- 22 - SSH
- 80/443 - Web traffic
- 53 - DNS
- 3306/5432 - Databases
- 6379 - Redis
When troubleshooting, I check these first.
Key Takeaways
- Know your web ports (80, 443), remote access (22, 3389), and databases (3306, 5432)
- Always use encrypted protocols when available
- Database and management ports should never face the public internet
- Default deny in firewall rules - only open what's explicitly needed
Written by Bar Tsveker
Senior CloudOps Engineer specializing in AWS, Terraform, and infrastructure automation.
Thanks for reading! Have questions or feedback?