induwara.lk
induwara.lkDeveloper · Networking

Port Number Lookup & Range Classifier

Type a TCP/UDP port number or a service name to get its assigned service, transport protocol, IANA range (well-known, registered, or dynamic), the governing RFC, and a security note where the classic protocol is insecure. The range classifier bands any number from 0 to 65535. Runs in your browser — nothing is uploaded.

By Induwara AshinsanaUpdated Jul 4, 2026
Port lookup106 curated ports
IANA + RFC 6335

Type a number for an exact port match, or a name/keyword for a text search. Leave empty to browse the full table.

Common ports
Protocol
Range (RFC 6335)

106 ports

  • 7
    Echo Protocolecho
    TCP/UDPWell-KnownOK

    Echoes back any data sent — a legacy connectivity test.

  • 9
    Discard Protocoldiscard
    TCP/UDPWell-KnownOK

    Silently discards anything received; used for testing (a.k.a. /dev/null service).

  • 13
    Daytime Protocoldaytime
    TCP/UDPWell-KnownOK

    Returns the current date and time as a human-readable string.

  • 17
    Quote of the Dayqotd
    TCP/UDPWell-KnownOK

    Returns a short quotation on connect. Rarely used today.

  • 19
    Character Generatorchargen
    TCP/UDPWell-KnownInsecure

    Streams a repeating pattern of characters. Disable it — the UDP form is abused for DDoS amplification.

    Legacy service; leave disabled.
  • 20
    FTP Data Transferftp-data
    TCPWell-KnownInsecure

    The data channel for classic FTP transfers. Cleartext.

    Prefer port 22Use SFTP (over SSH, port 22) or FTPS (990).
  • 21
    FTP Controlftp
    TCPWell-KnownInsecure

    File Transfer Protocol control channel. Credentials travel in cleartext.

    Prefer port 22Use SFTP (over SSH, port 22) or FTPS (990).
  • 22
    Secure Shellssh
    TCPWell-KnownOK

    Encrypted remote login, SCP and SFTP. The secure replacement for Telnet and FTP.

  • 23
    Telnettelnet
    TCPWell-KnownInsecure

    Remote terminal access in plaintext — passwords are visible on the wire.

    Prefer port 22Use SSH (port 22) instead.
  • 25
    SMTPsmtp
    TCPWell-KnownOK

    Server-to-server mail relay. Often blocked by ISPs for outbound client mail.

  • 37
    Time Protocoltime
    TCP/UDPWell-KnownOK

    Returns the time as a 32-bit integer of seconds. Superseded by NTP.

  • 43
    WHOISwhois
    TCPWell-KnownOK

    Queries domain and IP registration records.

  • 49
    TACACS+tacacs
    TCPWell-KnownOK

    Cisco authentication, authorization and accounting for network devices.

  • 53
    DNSdomain
    TCP/UDPWell-KnownOK

    Domain Name System — resolves hostnames to IP addresses. UDP for queries, TCP for zone transfers and large responses.

  • 67
    DHCP Serverbootps
    UDPWell-KnownOK

    DHCP/BOOTP server — hands out IP addresses to clients.

  • 68
    DHCP Clientbootpc
    UDPWell-KnownOK

    DHCP/BOOTP client — receives IP configuration from the server.

  • 69
    TFTPtftp
    UDPWell-KnownInsecure

    Trivial FTP — no authentication, used for network boot and device firmware. Cleartext.

    Prefer port 22Use SFTP where confidentiality matters.
  • 79
    Fingerfinger
    TCPWell-KnownInsecure

    Legacy user-information lookup. Disabled on most systems for privacy.

    Legacy; leave disabled.
  • 80
    HTTPhttp
    TCPWell-KnownInsecure

    Unencrypted web traffic. Use HTTPS (443) for anything non-public.

    Prefer port 443Use HTTPS (port 443) with TLS.
  • 88
    Kerberoskerberos
    TCP/UDPWell-KnownOK

    Kerberos network authentication (Active Directory logins).

  • 110
    POP3pop3
    TCPWell-KnownInsecure

    Retrieve mail from a server, deleting it after download. Cleartext.

    Prefer port 995Use POP3S (port 995) over TLS.
  • 111
    ONC RPC / rpcbindsunrpc
    TCP/UDPWell-KnownOK

    Portmapper for Sun RPC services such as NFS. Should not be internet-facing.

  • 113
    Identident
    TCPWell-KnownOK

    Identification Protocol — reports the user of a TCP connection. Mostly historical.

  • 119
    NNTPnntp
    TCPWell-KnownOK

    Network News Transfer Protocol for Usenet newsgroups.

  • 123
    NTPntp
    UDPWell-KnownOK

    Network Time Protocol — synchronises system clocks over the internet.

  • 135
    MS RPC Endpoint Mapperepmap
    TCP/UDPWell-KnownOK

    Microsoft RPC locator (DCOM). A common worm target — block at the perimeter.

  • 137
    NetBIOS Name Servicenetbios-ns
    UDPWell-KnownOK

    Legacy Windows name resolution over NetBIOS.

  • 138
    NetBIOS Datagram Servicenetbios-dgm
    UDPWell-KnownOK

    Legacy Windows connectionless NetBIOS messaging.

  • 139
    NetBIOS Session Servicenetbios-ssn
    TCPWell-KnownOK

    Legacy Windows file/printer sharing over NetBIOS. Superseded by 445.

  • 143
    IMAPimap
    TCPWell-KnownInsecure

    Read mail on the server, keeping it in sync across devices. Cleartext.

    Prefer port 993Use IMAPS (port 993) over TLS.
  • 161
    SNMPsnmp
    UDPWell-KnownInsecure

    Network device monitoring. SNMP v1/v2c community strings are cleartext.

    Use SNMPv3 with authentication and encryption.
  • 162
    SNMP Trapsnmptrap
    UDPWell-KnownOK

    Asynchronous SNMP notifications (traps) sent to a manager.

  • 179
    BGPbgp
    TCPWell-KnownOK

    Border Gateway Protocol — the routing protocol between internet autonomous systems.

  • 194
    IRCirc
    TCPWell-KnownOK

    Internet Relay Chat. Modern networks prefer TLS on 6697.

  • 389
    LDAPldap
    TCP/UDPWell-KnownInsecure

    Directory access (users, groups). Cleartext unless STARTTLS is used.

    Prefer port 636Use LDAPS (port 636) or STARTTLS.
  • 443
    HTTPShttps
    TCP/UDPWell-KnownOK

    Encrypted web traffic over TLS (and HTTP/3 over QUIC/UDP). The default for the modern web.

  • 445
    SMB / Microsoft-DSmicrosoft-ds
    TCPWell-KnownOK

    Windows file and printer sharing (SMB). Never expose to the internet — WannaCry spread here.

  • 465
    SMTPS (Submission)smtps
    TCPWell-KnownOK

    Mail submission wrapped in TLS from the first byte (implicit TLS).

  • 500
    IKE / ISAKMPisakmp
    UDPWell-KnownOK

    IPsec VPN key exchange (IKEv1/IKEv2).

  • 514
    Syslogsyslog
    UDPWell-KnownInsecure

    System log messages sent to a central collector. Cleartext over UDP.

    Prefer port 6514Use syslog over TLS (port 6514) for confidentiality.
  • 515
    LPD / LPRprinter
    TCPWell-KnownOK

    Line Printer Daemon — classic Unix network printing.

  • 520
    RIPrip
    UDPWell-KnownOK

    Routing Information Protocol — a distance-vector routing protocol for small networks.

  • 546
    DHCPv6 Clientdhcpv6-client
    UDPWell-KnownOK

    IPv6 stateful address configuration — client side.

  • 547
    DHCPv6 Serverdhcpv6-server
    UDPWell-KnownOK

    IPv6 stateful address configuration — server side.

  • 554
    RTSPrtsp
    TCP/UDPWell-KnownOK

    Real Time Streaming Protocol — controls media servers and IP cameras.

  • 587
    SMTP Submissionsubmission
    TCPWell-KnownOK

    The correct port for email clients to submit outgoing mail (with STARTTLS + auth).

  • 631
    IPP / CUPSipp
    TCP/UDPWell-KnownOK

    Internet Printing Protocol — used by CUPS on Linux and macOS.

  • 636
    LDAPSldaps
    TCPWell-KnownOK

    LDAP wrapped in TLS from the first byte (implicit TLS).

  • 993
    IMAPSimaps
    TCPWell-KnownOK

    IMAP over implicit TLS. The secure way for mail clients to read mail.

  • 995
    POP3Spop3s
    TCPWell-KnownOK

    POP3 over implicit TLS. The secure way to download mail.

  • 989
    FTPS Dataftps-data
    TCPWell-KnownOK

    FTP data channel secured with implicit TLS.

  • 990
    FTPS Controlftps
    TCPWell-KnownOK

    FTP control channel secured with implicit TLS.

  • 1080
    SOCKS Proxysocks
    TCPRegisteredOK

    SOCKS proxy protocol — tunnels arbitrary TCP/UDP through a proxy.

  • 1194
    OpenVPNopenvpn
    TCP/UDPRegisteredOK

    OpenVPN's default port. UDP by default; TCP as a fallback.

  • 1433
    Microsoft SQL Serverms-sql-s
    TCPRegisteredOK

    Default listener for Microsoft SQL Server.

  • 1434
    SQL Server Browserms-sql-m
    UDPRegisteredInsecure

    SQL Server instance discovery. Abused for DDoS amplification — firewall it.

    Block from the internet; amplification vector.
  • 1521
    Oracle DB (TNS)oracle
    TCPRegisteredOK

    Oracle Database default listener (TNS).

  • 1701
    L2TPl2tp
    UDPRegisteredOK

    Layer 2 Tunneling Protocol, usually paired with IPsec for VPNs.

  • 1723
    PPTPpptp
    TCPRegisteredInsecure

    Point-to-Point Tunneling Protocol VPN. Cryptographically broken — avoid.

    Use OpenVPN, WireGuard, or IKEv2/IPsec.
  • 1812
    RADIUS Authenticationradius
    UDPRegisteredOK

    Remote authentication for Wi-Fi, VPN and network access (802.1X).

  • 1813
    RADIUS Accountingradius-acct
    UDPRegisteredOK

    RADIUS accounting records (session start/stop, usage).

  • 1883
    MQTTmqtt
    TCPRegisteredInsecure

    Lightweight publish/subscribe messaging for IoT. Unencrypted.

    Prefer port 8883Use MQTT over TLS (port 8883).
  • 1900
    SSDP / UPnPssdp
    UDPRegisteredInsecure

    Simple Service Discovery Protocol for UPnP. A known DDoS amplification vector.

    Disable UPnP on internet-facing routers.
  • 2049
    NFSnfs
    TCP/UDPRegisteredOK

    Network File System — Unix network file sharing.

  • 2082
    cPanelcpanel
    TCPRegisteredInsecure

    cPanel web hosting control panel (unencrypted).

    Prefer port 2083Use the TLS port 2083.
  • 2083
    cPanel (SSL)cpanel-ssl
    TCPRegisteredOK

    cPanel control panel over TLS.

  • 2181
    Apache ZooKeeperzookeeper
    TCPRegisteredOK

    Client port for ZooKeeper coordination service (Kafka, Hadoop).

  • 2375
    Docker API (plain)docker
    TCPRegisteredInsecure

    Docker Engine remote API without TLS. Exposing this hands over root — never open it.

    Prefer port 2376Use the TLS-protected Docker API (port 2376).
  • 2376
    Docker API (TLS)docker-s
    TCPRegisteredOK

    Docker Engine remote API secured with TLS client certificates.

  • 2379
    etcd Clientetcd-client
    TCPRegisteredOK

    etcd key-value store client API (used by Kubernetes).

  • 2380
    etcd Peeretcd-peer
    TCPRegisteredOK

    etcd server-to-server peer communication.

  • 3128
    Squid Proxysquid
    TCPRegisteredOK

    Default port for the Squid caching HTTP proxy.

  • 3260
    iSCSIiscsi
    TCPRegisteredOK

    SCSI storage commands over IP — network block storage.

  • 3306
    MySQL / MariaDBmysql
    TCPRegisteredOK

    Default listener for MySQL and MariaDB databases. Don't expose it publicly without TLS.

  • 3389
    RDPms-wbt-server
    TCP/UDPRegisteredInsecure

    Remote Desktop Protocol for Windows. A top brute-force and ransomware target.

    Put behind a VPN or RD Gateway; never expose directly.
  • 3690
    Subversionsvn
    TCPRegisteredOK

    The svn:// protocol for Apache Subversion version control.

  • 5000
    HTTP (dev) / UPnPcommplex-main
    TCPRegisteredOK

    IANA assigns this to commplex-main, but it's widely used by dev servers (Flask, .NET, Portainer) and Apple AirPlay.

  • 5060
    SIPsip
    TCP/UDPRegisteredInsecure

    Session Initiation Protocol — sets up VoIP calls. Cleartext signalling.

    Prefer port 5061Use SIPS/TLS (port 5061).
  • 5061
    SIP-TLSsips
    TCPRegisteredOK

    SIP signalling secured with TLS.

  • 5222
    XMPP Clientxmpp-client
    TCPRegisteredOK

    XMPP (Jabber) client-to-server connections.

  • 5269
    XMPP Serverxmpp-server
    TCPRegisteredOK

    XMPP (Jabber) server-to-server federation.

  • 5353
    mDNSmdns
    UDPRegisteredOK

    Multicast DNS — local-network service discovery (Bonjour, Avahi).

  • 5432
    PostgreSQLpostgresql
    TCPRegisteredOK

    Default listener for PostgreSQL. Keep it off the public internet; require TLS.

  • 5672
    AMQP / RabbitMQamqp
    TCPRegisteredOK

    Advanced Message Queuing Protocol — RabbitMQ's default port.

  • 5900
    VNCvnc
    TCPRegisteredInsecure

    Virtual Network Computing remote desktop. Weak native crypto — tunnel it.

    Tunnel VNC over SSH or a VPN.
  • 5984
    Apache CouchDBcouchdb
    TCPRegisteredOK

    CouchDB HTTP/JSON document database API.

  • 6379
    Redisredis
    TCPRegisteredInsecure

    In-memory data store. Historically no auth by default — never expose it publicly.

    Enable AUTH + TLS; bind to localhost.
  • 6443
    Kubernetes API Serverkube-apiserver
    TCPRegisteredOK

    The Kubernetes control-plane API (kubectl talks here over TLS).

  • 6514
    Syslog over TLSsyslog-tls
    TCPRegisteredOK

    Encrypted syslog transport — the secure replacement for UDP 514.

  • 6697
    IRC over TLSircs
    TCPRegisteredOK

    The de facto port for IRC secured with TLS.

  • 8000
    HTTP (dev/alt)http-alt
    TCPRegisteredOK

    Common alternate HTTP port for development servers (Django, Python http.server, Uvicorn).

  • 8080
    HTTP Proxy / Althttp-proxy
    TCPRegisteredOK

    Alternate HTTP port for proxies, Tomcat, and app servers behind a reverse proxy.

  • 8443
    HTTPS (alt)https-alt
    TCPRegisteredOK

    Alternate HTTPS port used by app servers and admin consoles.

  • 8883
    MQTT over TLSsecure-mqtt
    TCPRegisteredOK

    The secure, encrypted port for MQTT IoT messaging.

  • 9000
    Dev / SonarQube / PHP-FPMcslistener
    TCPRegisteredOK

    IANA lists cslistener, but 9000 is widely used by PHP-FPM, SonarQube, Portainer, and MinIO.

  • 9042
    Apache Cassandracassandra
    TCPRegisteredOK

    Cassandra native (CQL) client protocol.

  • 9090
    Prometheusprometheus
    TCPRegisteredOK

    Default web/API port for the Prometheus monitoring server.

  • 9092
    Apache Kafkakafka
    TCPRegisteredOK

    Default broker port for the Kafka event-streaming platform.

  • 9200
    Elasticsearch HTTPelasticsearch
    TCPRegisteredOK

    Elasticsearch REST/JSON API.

  • 9300
    Elasticsearch Transportelasticsearch-transport
    TCPRegisteredOK

    Node-to-node transport within an Elasticsearch cluster.

  • 11211
    Memcachedmemcached
    TCP/UDPRegisteredInsecure

    In-memory cache. The UDP interface is a severe DDoS amplification vector — disable it.

    Bind to localhost; disable UDP.
  • 15672
    RabbitMQ Managementrabbitmq-mgmt
    TCPRegisteredOK

    RabbitMQ web management UI and HTTP API.

  • 25565
    Minecraft Serverminecraft
    TCPRegisteredOK

    Default port for the Java Edition Minecraft server.

  • 27017
    MongoDBmongodb
    TCPRegisteredInsecure

    Default listener for MongoDB. Enable auth and bind to localhost — open instances get ransomed.

    Enable auth + TLS; never expose without a firewall.
  • 3478
    STUN / TURNstun
    TCP/UDPRegisteredOK

    NAT traversal for WebRTC and VoIP (STUN/TURN).

  • 51820
    WireGuardwireguard
    UDPDynamicOK

    Default port for the WireGuard VPN — modern, fast, and encrypted.

Range classifier

User / Registered Ports1,02449,151

Assigned by IANA on request to applications and vendors. Any user can bind these without elevated privileges.

Both classifiers agree

Sources cited:IANA Port RegistryRFC 6335 §6Everything runs in your browser — no data leaves this page.

How it works

This is a reference tool, so the “calculation” is classification and matching rather than arithmetic. Every curated entry is transcribed from the IANA Service Name and Transport Protocol Port Number Registry — the single authority for which service owns which port — and the range bands come straight from RFC 6335 §6.

A port is a 16-bit unsigned integer, so the valid space is 0 to 2¹⁶ − 1 = 65535. RFC 6335 splits that space into three contiguous bands:

  • 0 – 1023 — System / Well-Known (IANA-assigned; needs root to bind on Unix)
  • 1024 – 49151 — User / Registered (IANA-assigned on request)
  • 49152 – 65535 — Dynamic / Private / Ephemeral (never IANA-assigned)

When you type a whole number, the tool classifies it by walking that table and rejects anything that isn't an integer in 0–65535 (a decimal, a negative, or a value above 65535 — the classic off-by-one traps are the 1023/1024 and 49151/49152 boundaries, which are handled with inclusive bounds). To keep the classifier honest, a second, independent function re-derives the band using plain threshold comparisons; the calculator shows “both classifiers agree” only when the two methods return the same result, the same cross-check idea used on our tax calculator.

When you type text instead, the tool does a case-insensitive substring match against each entry's service name, human name, and a list of keyword aliases (so “mail” surfaces SMTP, IMAP, and POP3). Protocol and range filters then narrow the list. Entries whose classic protocol transmits credentials or data in cleartext — Telnet, FTP, HTTP, POP3, IMAP, SNMP v1/v2c and others — carry a security flag and point to the encrypted equivalent, each justified by its RFC. All of this happens client-side; the page never contacts a server, so it can't and doesn't scan your network.

Worked examples

Numeric lookup — port 3306

  1. Query “3306” parses to an integer.
  2. 3306 is a whole number in 0–65535 → valid.
  3. 1024 ≤ 3306 ≤ 49151 → User / Registered range.
  4. IANA-assignable; no root needed to bind on Unix.
  5. Exact match → MySQL / MariaDB over TCP.
  6. Verified against IANA: 3306 = mysql.

Name lookup — “mail”

  1. Query “mail” is non-numeric → substring search on names + keywords.
  2. Matches SMTP 25, Submission 587, SMTPS 465, POP3 110, IMAP 143, IMAPS 993, POP3S 995.
  3. POP3 (110) and IMAP (143) are flagged insecure.
  4. POP3 110 → suggests POP3S 995; IMAP 143 → suggests IMAPS 993.
  5. All sit in the well-known band (0–1023).
  6. Each port reconciled against IANA assignments.

Boundary + invalid — 49152 and 65536

  1. 49151 → still User / Registered (upper edge of that band).
  2. 49152 → Dynamic / Private / Ephemeral (lower edge — off-by-one guard).
  3. 50000 → Dynamic; IANA never assigns this range; typical OS-chosen source port.
  4. 65535 → Dynamic; the maximum 16-bit value.
  5. 65536 → rejected: “A port is a 16-bit value, so the highest is 65535.”
  6. −1 or 80.5 → rejected with a specific reason (no negatives, no decimals).

Frequently asked questions

Sources & references

The curated port list and range bands were last cross-checked against the IANA registry and RFC 6335 on 2026-07-04. Per-service RFCs (SSH 4253, SMTP 5321, DNS 1035, and others) are linked on each result card. The list covers the highest-search-volume ports; use the IANA registry for the full long tail.

Related tools

Rate this tool
Be the first to rate

Comments & feedback

Spotted a bug or want an improvement? Tell us — our team reviews every comment, and good ideas get built. Comments are public and anonymous.

Found a wrong assignment, a missing port, or an edge case?

Email me at [email protected] — most fixes ship within 24 hours.