| Port(s) | Protocol/Service | Description |
|---|---|---|
| 20, 21 | FTP | File Transfer Protocol (20=data, 21=control) |
| 22 | SSH | Secure Shell for remote access |
| 23 | Telnet | Unencrypted remote access (deprecated) |
| 25 | SMTP | Simple Mail Transfer Protocol (email transmission) |
| 53 | DNS | Domain Name System for resolving domain names |
| 67, 68 | DHCP | Dynamic Host Configuration Protocol (server/client) |
| 69 | TFTP | Trivial File Transfer Protocol (lightweight, unencrypted) |
| 80 | HTTP | HyperText Transfer Protocol for web browsing |
| 110 | POP3 | Post Office Protocol for email retrieval (unencrypted) |
| 123 | NTP | Network Time Protocol for time synchronization |
| 143 | IMAP | Internet Message Access Protocol for email retrieval |
| 161, 162 | SNMP | Simple Network Management Protocol for monitoring |
| 389 | LDAP | Lightweight Directory Access Protocol |
| 443 | HTTPS | Secure HTTP for encrypted web browsing |
| 445 | SMB | Server Message Block for file sharing (Windows) |
| 514 | Syslog | System logging protocol (typically UDP) |
| 636 | LDAPS | Secure LDAP for encrypted directory access |
| 989, 990 | FTPS | FTP Secure – encrypted file transfers |
| 1433 | MSSQL | Microsoft SQL Server database service |
| 1521 | Oracle DB | Oracle Database protocol |
| 3306 | MySQL | MySQL Database protocol |
| 3389 | RDP | Remote Desktop Protocol for GUI-based remote sessions |
| 8080 | HTTP Alternate/Proxy | Alternate HTTP port, often used by proxies |
| Port(s) | Protocol/Service | Description |
|---|---|---|
| 137–139 | NetBIOS | Windows file/printer sharing (name resolution and data sharing) |
| 514 | Syslog / RSH | Syslog for logging (UDP) and RSH for remote shell (TCP; less common) |
| 1812, 1813 | RADIUS | Authentication and accounting protocol for network access |
| 500 | IKE/IPSec | Internet Key Exchange for setting up VPNs |
| 5060, 5061 | SIP | Session Initiation Protocol used in VoIP communications |
| 5900 | VNC | Virtual Network Computing for remote desktop control |
| 1194 | OpenVPN | VPN protocol for secure remote connectivity |
| Port | Service/Usage | Description |
|---|---|---|
| 4444 | Metasploit (default) | Commonly used as a reverse shell port in penetration testing scenarios |
| 135 | DCOM | Often targeted by worms (e.g., MSBlast) for Distributed Component Object Model vulnerabilities |
| 1434 | SQL Slammer | Known for exploitation attempts against Microsoft SQL Server |
| 445 | EternalBlue Exploit | SMB vulnerability exploited by malware (e.g., WannaCry) |
| 69 | TFTP (Insecure) | Due to its lack of security, sometimes used for unauthorized file transfers |
| Port(s) | Protocol/Service | Description |
|---|---|---|
| 389 | LDAP | Standard LDAP for directory queries |
| 636 | LDAPS | Secure LDAP for encrypted directory access |
| 88 | Kerberos | Authentication service critical for AD environments |
| 445 | SMB | Used for AD replication and file sharing in Windows networks |
| 3268, 3269 | Global Catalog | LDAP queries across domains in AD environments (unencrypted/secure) |
| Port(s) | Protocol/Service | Description |
|---|---|---|
| 25 | SMTP | Standard email transmission |
| 465 | SMTPS | Secure SMTP for encrypted email sending |
| 587 | SMTP Submission | SMTP Submission port used with TLS encryption |
| 110 | POP3 | Email retrieval (unencrypted) |
| 995 | POP3S | Secure POP3 for encrypted email retrieval |
| 143 | IMAP | Email retrieval from server (unencrypted) |
| 993 | IMAPS | Secure IMAP for encrypted email retrieval |
| Port(s) | Protocol/Service | Description |
|---|---|---|
| 8080 | HTTP Proxy | Alternate port for HTTP services; often used by web proxies |
| 8443 | HTTPS Proxy | Secure proxy connections on an alternate HTTPS port |
| 1433 | MSSQL / SQL over TCP | Microsoft SQL Server communication (often used in cloud-hosted databases) |
| 27017 | MongoDB | Default port for MongoDB NoSQL database services |