Kernel of Truth

Well-Known TCP & UDP Ports (0–1023)

Contents

1 🌐 Well-Known TCP & UDP Ports (0–1023)
- 1.1 📌 What Are Well-Known Ports?
2 🔐 Common TCP Ports (Connection-Oriented)
3 📡 Common UDP Ports (Connectionless)
4 🧠 Security Context: Why Port Knowledge Matters
- 4.1 🛡️ Tips
5 ✅ Summary Table (Quick Reference)

🌐 Well-Known TCP & UDP Ports (0–1023)

Ports are essential for networking—they define how data is routed to specific services. In cybersecurity, knowing port numbers helps with firewall rules, network forensics, and attack detection.

📌 What Are Well-Known Ports?

Ranges from 0–1023
Assigned by IANA for standardised services
Used by operating systems and common applications
Most are TCP, UDP, or both

🔐 Common TCP Ports (Connection-Oriented)

Port	Protocol	Service	Description / Use Case
20	TCP	FTP (Data)	File Transfer Protocol (data channel)
21	TCP	FTP (Control)	Commands and login credentials for FTP
22	TCP	SSH	Secure remote login / file transfer (SCP, SFTP)
23	TCP	Telnet	Insecure remote shell—legacy system access
25	TCP	SMTP	Email sending (can be abused for spam relays)
53	TCP/UDP	DNS	Resolves hostnames to IP addresses
80	TCP	HTTP	Unencrypted web traffic
110	TCP	POP3	Legacy email retrieval
143	TCP	IMAP	Email retrieval (more flexible than POP3)
443	TCP	HTTPS	Secure web traffic using SSL/TLS
465	TCP	SMTPS	Secure SMTP (legacy)
993	TCP	IMAPS	Secure IMAP
995	TCP	POP3S	Secure POP3
3306	TCP	MySQL	Default MySQL database port
3389	TCP	RDP	Remote Desktop Protocol (Windows)
8080	TCP	HTTP-alt	Often used for proxy servers or development servers

📡 Common UDP Ports (Connectionless)

Port	Protocol	Service	Description / Use Case
53	UDP	DNS	Faster hostname resolution using UDP (TCP for large responses)
67	UDP	DHCP (Server)	Dynamic Host Configuration Protocol – server replies
68	UDP	DHCP (Client)	Client sends DHCP request
69	UDP	TFTP	Trivial File Transfer Protocol (insecure)
123	UDP	NTP	Network Time Protocol – used to sync clocks
161	UDP	SNMP	Simple Network Management Protocol – device queries
162	UDP	SNMP Trap	Receives alerts from SNMP-enabled devices
500	UDP	IKE (IPSec VPN)	Internet Key Exchange for VPNs
514	UDP	Syslog	Logging messages (often sent to SIEM)
520	UDP	RIP	Routing Information Protocol
33434	UDP	Traceroute	Used by traceroute tool to map network hops

🧠 Security Context: Why Port Knowledge Matters

Scenario	Why It Matters
Firewall configuration	Block/allow traffic based on service ports
Threat hunting	Detect unusual port usage (e.g. SSH on port 443)
Penetration testing	Port scanning helps identify vulnerable services
Incident response	Know what data moved where and how
Compliance (PCI, ISO)	Ensure only necessary ports are exposed

🛡️ Tips

🚫 Close unused ports to reduce attack surface
🔍 Scan regularly using tools like Nmap
✅ Use secure alternatives (e.g., SSH over Telnet, HTTPS over HTTP)
📦 Log and monitor port activity for anomalies

✅ Summary Table (Quick Reference)

Port	Protocol	Service	Secure Version
20	TCP	FTP (data)	FTPS / SFTP
21	TCP	FTP (control)	FTPS / SFTP
22	TCP	SSH	✅
23	TCP	Telnet	❌
25	TCP	SMTP	465 / 587
53	TCP/UDP	DNS	DNSSEC
80	TCP	HTTP	443 (HTTPS)
110	TCP	POP3	995
143	TCP	IMAP	993
443	TCP	HTTPS	✅
3389	TCP	RDP	Use VPN / MFA