Common Ports

Must-Know Ports Table

Port(s)	Protocol / Service	Transport	Purpose / Notes	Secure Alternative
20/21	FTP (File Transfer Protocol)	TCP	File transfers (20 = data, 21 = control) – plaintext, insecure	SFTP or FTPS
22	SSH (Secure Shell) / SFTP	TCP	Secure remote access, encrypted command-line, secure file transfer (SCP/SFTP)	— (already secure)
23	Telnet	TCP	Insecure remote terminal access – clear text passwords	SSH (22)
25	SMTP (Simple Mail Transfer Protocol)	TCP	Email sending between servers – traditionally insecure	SMTPS / Submission (587)
53	DNS (Domain Name System)	UDP (main), TCP	Domain name to IP resolution; TCP for zone transfers/large responses	DNSSEC (same port)
67/68	DHCP (Dynamic Host Configuration Protocol)	UDP	Automatic IP address assignment (67 = server, 68 = client)	—
69	TFTP (Trivial File Transfer Protocol)	UDP	Simple file transfer – no authentication, often used for network booting	SFTP / SSH (22)
80	HTTP (Hypertext Transfer Protocol)	TCP	Unencrypted web traffic	HTTPS (443)
110	POP3 (Post Office Protocol v3)	TCP	Retrieve email from server – insecure by default	POP3S (995)
123	NTP (Network Time Protocol)	UDP	Synchronize clocks across network devices	—
143	IMAP (Internet Message Access Protocol)	TCP	Retrieve and manage email on server – insecure by default	IMAPS (993)
161/162	SNMP (Simple Network Management Protocol)	UDP	Monitor and manage network devices (161 = get/set, 162 = traps)	SNMPv3 (same ports)
389	LDAP (Lightweight Directory Access Protocol)	TCP/UDP	Directory services, authentication, user/group queries	LDAPS (636)
443	HTTPS (HTTP Secure)	TCP	Encrypted web traffic (TLS/SSL)	— (already secure)
445	SMB (Server Message Block)	TCP	Windows file and printer sharing	SMB 3.0+ with encryption
514	Syslog	UDP (traditional)	Standard logging protocol	Syslog over TLS (6514)
587	SMTP Submission / SMTPS	TCP	Secure email submission (STARTTLS required)	— (already secure)
636	LDAPS (LDAP Secure)	TCP	Encrypted directory services	— (already secure)
993	IMAPS (IMAP Secure)	TCP	Secure email retrieval	— (already secure)
995	POP3S (POP3 Secure)	TCP	Secure email retrieval	— (already secure)
1433	Microsoft SQL Server	TCP	Default port for MS SQL database connections	—
3389	RDP (Remote Desktop Protocol)	TCP	Windows graphical remote desktop	RDP with TLS/NLA
5060/5061	SIP (Session Initiation Protocol)	UDP/TCP	VoIP signaling (5060 = clear, 5061 = TLS)	SIP TLS (5061)

Quick Memorization Groups

File Transfer

• 20/21 → FTP (insecure)
• 22 → SSH / SFTP (secure replacement)
• 69 → TFTP (trivial / UDP / no login)

Remote Access

• 23 → Telnet (never use in production)
• 22 → SSH (the secure standard)
• 3389 → RDP (Windows GUI remote)

Web & Encrypted Web

• 80 → HTTP (plain)
• 443 → HTTPS (encrypted – most important secure port)

Email

• 25 → SMTP (send – often clear)
• 587 → Secure SMTP submission
• 110 → POP3 (retrieve – insecure)
• 143 → IMAP (retrieve/manage – insecure)
• 993 → IMAPS
• 995 → POP3S

Infrastructure & Management

• 53 → DNS
• 67/68 → DHCP
• 123 → NTP
• 161/162 → SNMP
• 389/636 → LDAP / LDAPS
• 514 → Syslog
• 445 → SMB

VoIP & Database

• 5060/5061 → SIP (VoIP signaling)
• 1433 → SQL Server

Exam Hot Spots & Tricks

• Secure vs. Insecure pairs (very common):

  • 80 → 443 (HTTP → HTTPS)
  • 23 → 22 (Telnet → SSH)
  • 21 → 22 (FTP → SFTP)
  • 389 → 636 (LDAP → LDAPS)
  • 25 → 587 (SMTP → secure submission)

• UDP ports (fast, connectionless – good to remember):

  • 53 (DNS queries), 67/68 (DHCP), 69 (TFTP), 123 (NTP), 161/162 (SNMP), 5060 (SIP)

• Common PBQ scenarios:

  • "Which port to block to prevent Telnet?" → 23
  • "Allow secure web traffic only" → allow 443, block 80
  • "Configure firewall to permit DHCP" → allow UDP 67 & 68
  • "Secure LDAP is required" → use 636 instead of 389

Study Strategy

1. Make flashcards: Front = port number → Back = protocol + purpose + secure alt
2. Quiz daily using Anki or Quizlet
3. Group study: recite one category at a time
4. Practice questions: look for "what service uses port X?" or "block port Y to stop Z"