Membership

Hacking Loops

Table of Contents

Join Our Membership To Start Your Cybersecurity Journey Today!

Learn More

Common Ports Cheat Sheet for Cybersecurity Exams and Hacking

Ultimate guide to network cheat sheet

You’re consuming your third cup of coffee when your manager appeared at your desk. “The file server’s down. Nobody can access anything. Fix it. Yesterday.”

You pulled up the network scanner and stared at the results. Port 445 was closed. Port 139 wasn’t responding. Port 21 looked suspicious. Your palms started to sweat.

Why didn’t I pay more attention during that networking class?

You quickly Googled “common network ports” and found a sea of tables with numbers and acronyms that might as well have been ancient hieroglyphics. SMB? SMTP? SSH? Was that last one a typo?

Twenty frustrating minutes later, after accidentally blocking HTTP traffic company-wide, you finally figured it out. The firewall was blocking SMB traffic on port 445, which prevented file sharing across the network.

As the issue got fixed, you now need to be certain about the EXACT port numbers, to avoid making them a mystery!

Today, we’re going to make sure you don’t have that same 3 AM panic attack moment. Whether you’re studying for your CompTIA Network+ certification, troubleshooting your first network issue, or just trying to understand why your favorite game won’t connect, this is your complete, no-BS guide to network ports.

What the Hell Is a Port Anyway? (The Explanation That Actually Makes Sense)

Let’s start with the basics, because understanding why ports exist makes remembering them way easier.

Port numbers allow network-connected devices to transmit data using transmission protocols. Without port numbers, network traffic would be indecipherable.

Think of your computer’s IP address as a building’s street address. Multiple apartments exist in that building, and each apartment has a specific number. Network ports are those apartment numbers.

When data arrives at your IP address (the building), the port number (apartment number) tells it exactly which service or application should receive that data.

Real-world analogy:

You order food delivery, buy something online, and schedule a package pickup—all to the same address (your IP). How does each delivery person know what to do?

  • The food delivery person knows to go to the kitchen (Port 80 – HTTP for your food ordering app)
  • The online package goes to the front door (Port 443 – HTTPS for secure shopping)
  • The pickup person knows to check the garage (Port 21 – FTP for bulk file transfers)

Same address, different doors, different purposes. That’s ports in a nutshell.

The Three Port Neighborhoods: Where Your Ports Live

The range of port numbers from 0 to 1023 are the well-known ports or system ports. The range of port numbers from 1024 to 49151 are the registered ports. The range 49152–65535 contains dynamic or private ports that cannot be registered with IANA.

Let’s break down these neighborhoods:

The Well-Known/System Ports (0-1023)

These are the rock stars of the port world. They’re reserved for essential system services and require administrator privileges to use. IP protocols use them for TCP, UDP, Telnet, and FTP.

Think of these as the penthouse apartments—only the most important services get to live here, and you need special permission to access them.

Why they matter: These are the ports you’ll see on certification exams, encounter during every troubleshooting session, and need burned into your brain if you want to survive in IT.

The Middle Class: Registered Ports (1024-49151)

These ports are officially registered with IANA (the Internet Assigned Numbers Authority—basically the DMV of the internet) but aren’t as universally essential as the well-known ports.

Applications like MySQL (3306), Microsoft SQL Server (1433), and Remote Desktop (3389) live here. They’re important, but not “system-critical-need-root-access” important.

The Free-for-All: Dynamic/Private Ports (49152-65535)

These are the unassigned apartments that anyone can temporarily use. When your computer makes an outgoing connection, it randomly picks a port from this range for its side of the conversation.

You won’t memorize these. You probably won’t even notice them unless you’re doing deep packet analysis. They’re the background extras in the movie of networking.

The Essential 20: Ports You Absolutely Must Know

Let me save you hours of memorization pain. If you learn nothing else from this article, learn these 20 ports. They appear on every certification exam, come up in every troubleshooting scenario, and form the backbone of modern networking.

The Web Duo: HTTP and HTTPS

Port 80 – HTTP (Hypertext Transfer Protocol)

  • Protocol: TCP
  • What it does: Serves web pages without encryption
  • When you see it: Every time you visit a website starting with “http://” (increasingly rare these days)
  • Why it matters: The foundation of the World Wide Web

Port 443 – HTTPS (HTTP over SSL/TLS)

  • Protocol: TCP, UDP (in HTTP/3)
  • What it does: Serves encrypted web pages
  • When you see it: Every time you visit a website starting with “https://” (pretty much everywhere now)
  • Why it matters: Port 443 is the standard port for all secured HTTP traffic, meaning it’s absolutely essential for most modern web activity

Pro tip: If someone’s website isn’t loading, 99% of the time it’s a port 80 or 443 issue. Start there.

The Remote Access Trinity

Port 22 – SSH/SCP/SFTP (Secure Shell)

  • Protocol: TCP
  • What it does: Encrypted remote access to systems and secure file transfers
  • When you see it: Connecting to Linux servers, transferring files securely, managing network devices
  • Why it matters: The secure way to do remote administration. If you’re in IT and not using SSH, you’re doing it wrong.

Port 23 – Telnet

  • Protocol: TCP
  • What it does: Unencrypted remote access
  • When you see it: On ancient systems that haven’t been updated since 1995
  • Why it matters: Mostly as a “don’t use this” example. Everything sent over Telnet—including passwords—is in plain text. It’s the digital equivalent of shouting your credit card number across a crowded room.

Port 3389 – RDP (Remote Desktop Protocol)

  • Protocol: TCP
  • What it does: Remote graphical access to Windows systems
  • When you see it: Every time an IT person needs to remote into a Windows machine
  • Why it matters: The standard for Windows remote administration. Also a favorite target for hackers, so secure it properly.

The Email Empire

Port 25 – SMTP (Simple Mail Transfer Protocol)

  • Protocol: TCP
  • What it does: Sends email between mail servers
  • When you see it: Every time an email travels from one server to another
  • Why it matters: The postal service of the internet. Without it, email doesn’t work.

Port 110 – POP3 (Post Office Protocol 3)

  • Protocol: TCP
  • What it does: Downloads email from server to client
  • When you see it: Old-school email clients downloading messages
  • Why it matters: Legacy email retrieval. Being replaced by IMAP, but still widely used.

Port 143 – IMAP (Internet Message Access Protocol)

  • Protocol: TCP
  • What it does: Manages email on the server while allowing multiple devices to access it
  • When you see it: Modern email clients (Gmail, Outlook, Apple Mail)
  • Why it matters: The reason your email syncs across all your devices

Port 587 – SMTP (Email Submission)

  • Protocol: TCP
  • What it does: Submits outgoing email for delivery
  • When you see it: When your email client sends messages
  • Why it matters: The proper, secure way to send email in 2025

Port 993 – IMAPS (IMAP over SSL)

  • Protocol: TCP
  • What it does: Encrypted email access
  • When you see it: Secure email clients
  • Why it matters: IMAP without encryption is like mailing postcards—anyone can read them

Port 995 – POP3S (POP3 over SSL)

  • Protocol: TCP
  • What it does: Encrypted email downloading
  • When you see it: Secure POP3 email clients
  • Why it matters: The secure version of an increasingly obsolete protocol

The File Transfer Family

Port 20 & 21 – FTP (File Transfer Protocol)

  • Protocol: TCP
  • What it does: Transfers files between systems
  • When you see it: Legacy file transfers, some web hosting
  • Why it matters: Port 21 is for commands (control), port 20 is for actual data transfer. Like having a supervisor (21) telling workers (20) what to move.

Port 22 – SFTP (SSH File Transfer Protocol)

  • Protocol: TCP
  • What it does: Secure file transfers over SSH
  • When you see it: Modern, secure file transfers
  • Why it matters: FTP’s secure replacement. Same port as SSH because it runs over SSH.

Port 69 – TFTP (Trivial File Transfer Protocol)

  • Protocol: UDP
  • What it does: Simple, fast file transfers without authentication
  • When you see it: Network device firmware updates, diskless workstations booting
  • Why it matters: Fast and simple, but with zero security. Only use on trusted networks.

The Networking Essentials

Port 53 – DNS (Domain Name System)

  • Protocol: TCP, UDP
  • What it does: Translates domain names (google.com) into IP addresses (142.250.80.46)
  • When you see it: Every single time you access any website or service by name
  • Why it matters: The internet’s phone book. Without DNS, you’d need to memorize IP addresses for every website. Good luck with that.

Port 67 & 68 – DHCP (Dynamic Host Configuration Protocol)

  • Protocol: UDP
  • What it does: Automatically assigns IP addresses to devices on a network
  • When you see it: Every time you connect to a network and automatically get an IP address
  • Why it matters: Port 67 is the server, port 68 is the client. Without DHCP, you’d manually configure network settings on every device. Nightmare fuel for IT admins.

Port 161 & 162 – SNMP (Simple Network Management Protocol)

  • Protocol: UDP
  • What it does: Monitors and manages network devices
  • When you see it: Network monitoring systems, device management tools
  • Why it matters: Port 161 is for queries (asking devices about their status), port 162 is for traps (devices alerting about problems)

Port 445 – SMB (Server Message Block)

  • Protocol: TCP
  • What it does: File and printer sharing, especially on Windows networks
  • When you see it: Accessing shared folders on your network
  • Why it matters: This is why Marcus’s file server went down at the beginning of our story. It’s critical for Windows file sharing.

The Database Duo

Port 3306 – MySQL

  • Protocol: TCP
  • What it does: MySQL database connections
  • When you see it: Web applications, WordPress sites, countless other applications
  • Why it matters: One of the most popular databases in the world

Port 1433 – Microsoft SQL Server

  • Protocol: TCP
  • What it does: MSSQL database connections
  • When you see it: Enterprise applications, Windows-based database systems
  • Why it matters: The standard for Microsoft’s database platform

The Security Pair

Port 389 – LDAP (Lightweight Directory Access Protocol)

  • Protocol: TCP, UDP
  • What it does: Directory services, user authentication
  • When you see it: Active Directory, enterprise authentication systems
  • Why it matters: How large organizations manage user accounts and permissions

Port 636 – LDAPS (LDAP over SSL)

  • Protocol: TCP
  • What it does: Encrypted directory services
  • When you see it: Secure Active Directory communications
  • Why it matters: LDAP without encryption is asking for credentials to be intercepted

The Complete Port Reference: Your Exam Survival Guide

Here’s the comprehensive list you can reference when studying or troubleshooting. We’ve organized it by port range for easy navigation:

Well-Known Ports (0-1023) – The VIPs

The Absolute Essentials:

Port Service Protocol Remember It Like This
20-21 FTP TCP 20 for data, 21 for commands – like “20 workers, 1 boss”
22 SSH/SFTP TCP “22 rifles” – secure and precise
23 Telnet TCP One number after SSH, but way less secure
25 SMTP TCP “2-5 days for mail delivery”
53 DNS TCP/UDP “5-3 seconds” to look up a name
67-68 DHCP UDP “67-68 degrees” – comfortable temperature, comfortable networking
69 TFTP UDP “69… nice and simple”
80 HTTP TCP “80 miles per hour” – fast web browsing
110 POP3 TCP “Call 110” for your messages (like calling the operator)
143 IMAP TCP “1-4-3” sounds like “I love you” – and you’ll love synced email
161-162 SNMP UDP “161 questions, 162 alerts”
389 LDAP TCP/UDP “3-8-9” – sequential and organized like a directory
443 HTTPS TCP/UDP “4-4-3” – SSL/TLS secured, the secure web standard
445 SMB TCP “4-4-5” – Windows file sharing
587 SMTP TCP “5-8-7” – modern email submission
636 LDAPS TCP “636” – secure LDAP (389 + 247 = secure)
993 IMAPS TCP “993” – secure IMAP (143 + 850 = secure)
995 POP3S TCP “995” – secure POP3 (110 + 885 = secure)

The Supporting Cast:

  • Port 7 – Echo: Sends back whatever you send it. Mostly used for testing.
  • Port 123 – NTP (Network Time Protocol): Keeps all your devices’ clocks synchronized
  • Port 179 – BGP (Border Gateway Protocol): How the internet’s routing tables are exchanged
  • Port 194 – IRC (Internet Relay Chat): Old-school chat rooms
  • Port 464 – Kerberos: Password changes in Kerberos authentication
  • Port 500 – ISAKMP/IKE: VPN key exchange
  • Port 514 – Syslog: System logging
  • Port 515 – LPR: Network printing
  • Port 548 – AFP (Apple Filing Protocol): Mac file sharing

Registered Ports (1024-49151) – The Professionals

The Business Critical:

Port Service Why You Care
1433 MSSQL Microsoft’s database standard
1521 Oracle DB Enterprise database connections
1723 PPTP VPN Legacy VPN protocol
3306 MySQL Web application database standard
3389 RDP Windows remote desktop
5060-5061 SIP VoIP phone systems
5432 PostgreSQL Another popular database
5900 VNC Cross-platform remote desktop
8080 HTTP Alternate Web development, proxies

The Gaming & Streaming:

  • Port 1194 – OpenVPN: Popular open-source VPN
  • Port 3074 – Xbox Live: Gaming traffic
  • Port 3724 – World of Warcraft: Blizzard games
  • Port 27015 – Half-Life: Source engine games
  • Port 27017 – MongoDB: NoSQL database

The Malware (Know Thy Enemy):

  • Port 1337 – WASTE: Peer-to-peer file sharing
  • Port 3127 – MyDoom: Computer worm
  • Port 4444 – Blaster: Worm/trojan
  • Port 5554 – Sasser: Computer worm
  • Port 12345 – NetBus: Trojan horse
  • Port 31337 – Back Orifice: Remote administration trojan

Port Memorization Made Easy: Mental Tricks That Actually Work

Let’s be real—nobody wants to memorize hundreds of random numbers. Here are the strategies that actually work:

Strategy 1: The Story Method

Create a narrative that links ports together:

“SSH (22) into a Telnet (23) server to send SMTP mail (25) through DNS (53) on DHCP (67-68) while sharing files via TFTP (69) and browsing HTTP (80) sites, checking email via POP3 (110) and IMAP (143), monitoring with SNMP (161), connecting to LDAP (389), securing with HTTPS (443), and sharing files via SMB (445).”

Read it a few times. Your brain remembers stories better than lists.

Strategy 2: The Association Method

Link ports to things you already know:

  • Port 80: “80 miles per hour” = fast web browsing
  • Port 443: “4-4-3” formation in soccer = defense (security)
  • Port 22: “22 caliber” = precise and secure (SSH)
  • Port 3389: “33-89” = “Remote Desktop Protocol 3389” (RDP)

Strategy 3: The Grouping Method

Cluster related ports:

Web Ports: 80 (HTTP), 443 (HTTPS), 8080 (alternate HTTP) Mail Ports: 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (SMTP submission) Secure Mail: 993 (IMAPS), 995 (POP3S) File Transfer: 20-21 (FTP), 22 (SFTP), 69 (TFTP), 445 (SMB) Remote Access: 22 (SSH), 23 (Telnet), 3389 (RDP), 5900 (VNC) Databases: 1433 (MSSQL), 3306 (MySQL), 5432 (PostgreSQL), 27017 (MongoDB)

Strategy 4: The Flashcard Blitz

Old school but effective:

  1. Make flashcards (physical or digital)
  2. Port number on one side, service on the other
  3. Review 20 cards daily for a week
  4. Focus on the ones you miss
  5. By week 2, you’ll have them down

Strategy 5: The Practical Application Method

The best way to remember ports? Use them:

  • Set up a home lab
  • Try to SSH into a Linux box (port 22)
  • Configure a web server (ports 80/443)
  • Set up file sharing (port 445)
  • Configure email (ports 25, 587, 143, 993)

Hands-on experience burns ports into your memory better than any flashcard.

Real-World Troubleshooting: When Ports Go Wrong

Let’s talk about how this knowledge actually helps you in the real world:

Scenario 1: “The Website Won’t Load”

Symptoms: Users can’t access your company website.

Troubleshooting with port knowledge:

  1. Can you ping the server? (Tests basic connectivity)
  2. Is port 443 (HTTPS) open and responding?
  3. Is port 80 (HTTP) redirecting to 443?
  4. Check firewall rules for ports 80 and 443
  5. Verify web server is listening on these ports

Most common cause: Firewall blocking port 443 or web server not listening properly.

Scenario 2: “I Can’t Remote Into the Server”

Symptoms: Remote desktop connection fails.

Troubleshooting with port knowledge:

  1. Windows server? Check port 3389 (RDP)
  2. Linux server? Check port 22 (SSH)
  3. Is the port open on the firewall?
  4. Is the service running on the server?
  5. Try from a different network to rule out local firewall issues

Most common cause: Firewall rule blocking RDP/SSH ports.

Scenario 3: “Email Isn’t Working”

Symptoms: Can’t send or receive email.

Troubleshooting with port knowledge:

  1. Receiving issues? Check ports 143 (IMAP) or 110 (POP3)
  2. Sending issues? Check port 587 (SMTP submission) or 25 (SMTP)
  3. Using SSL? Check ports 993 (IMAPS) or 995 (POP3S)
  4. Verify mail server is listening on correct ports
  5. Check if ISP is blocking port 25 (common)

Most common cause: ISP blocking port 25 or incorrect email client configuration.

Scenario 4: “File Sharing Broke”

Symptoms: Can’t access network drives.

Troubleshooting with port knowledge:

  1. Windows network? Check port 445 (SMB)
  2. Also check ports 137-139 (NetBIOS) for older systems
  3. Mac network? Check port 548 (AFP)
  4. Linux? Might be using port 2049 (NFS)
  5. Verify network file sharing service is running

Most common cause: Windows update disabled SMBv1, blocking port 445 traffic.

Security Implications: The Ports Hackers Love

Understanding ports isn’t just about making things work—it’s about keeping them secure. Here are the ports that keep security professionals up at night:

The Usual Suspects

Port 22 (SSH):

  • The threat: Brute-force password attacks
  • The defense: Use SSH keys instead of passwords, disable root login, use fail2ban

Port 3389 (RDP):

  • The threat: Ransomware’s favorite entry point
  • The defense: Use VPN access only, enable Network Level Authentication, use strong passwords

Port 445 (SMB):

  • The threat: Wannacry, NotPetya, and other devastating worms
  • The defense: Keep systems patched, disable SMBv1, use VLANs to segment networks

Port 23 (Telnet):

  • The threat: Everything sent in plain text, including passwords
  • The defense: Don’t use Telnet. Period. Use SSH instead.

Port 21 (FTP):

  • The threat: Unencrypted file transfers, credential theft
  • The defense: Use SFTP (port 22) or FTPS (ports 989-990) instead

The Hacker’s Toolkit

Attackers commonly scan for these ports:

  • Port 80/443: Looking for vulnerable web applications
  • Port 22: SSH brute-forcing
  • Port 3389: RDP attacks
  • Port 25: Open mail relays for spam
  • Port 53: DNS amplification attacks
  • Port 161: SNMP community string guessing

Pro tip: Close every port you don’t absolutely need. Every open port is a potential entry point.

Certification Exam Focus: What You Must Know

If you’re studying for CompTIA Network+, Security+, CCNA, or similar certifications, focus on these key points:

The Top 20 Ports (Memorize These)

Your exam will definitely ask about these:

  1. FTP (20-21)
  2. SSH (22)
  3. Telnet (23)
  4. SMTP (25)
  5. DNS (53)
  6. DHCP (67-68)
  7. TFTP (69)
  8. HTTP (80)
  9. POP3 (110)
  10. IMAP (143)
  11. SNMP (161-162)
  12. LDAP (389)
  13. HTTPS (443)
  14. SMB (445)
  15. SMTP Submission (587)
  16. LDAPS (636)
  17. IMAPS (993)
  18. POP3S (995)
  19. MSSQL (1433)
  20. RDP (3389)

The Exam Tricks

Trap Question #1: “Which port does FTP use?”

  • Trick: The answer might be “20 AND 21” not just one
  • Port 20 is data, port 21 is control

Trap Question #2: “Which port is used for secure email retrieval?”

  • Trick: Could be asking about IMAPS (993) or POP3S (995)
  • Read carefully to determine which protocol they mean

Trap Question #3: “What protocol uses port 53?”

  • Trick: They might ask about TCP or UDP
  • Answer: DNS uses BOTH TCP and UDP

Study Smart, Not Hard

Week 1: Learn the top 20 ports cold Week 2: Add the next 20 common ports Week 3: Practice with port-based troubleshooting scenarios Week 4: Take practice exams focusing on port questions

Most Important: Understand what each service DOES, not just memorize the number. Exam questions often describe a scenario and ask you to identify the port.

Port Forwarding: Opening the Gates

Port forwarding tells your router to send traffic on a specific port to a specific device on your internal network.

Example: You’re running a web server at home on 192.168.1.100

  • Configure router to forward external port 80 to 192.168.1.100:80
  • Now external users can access your server via your public IP

Security note: Only forward ports you absolutely need, and never forward to port 3389 (RDP) or 22 (SSH) directly—use a VPN instead.

Port Scanning: The Hacker’s First Step

Tools like Nmap scan for open ports to identify:

  • What services are running
  • What vulnerabilities might exist
  • What operating system is in use

Basic Nmap scan: nmap -p 1-65535 192.168.1.1

This scans all 65,535 ports on the target. As a defender, you should regularly scan your own systems to see what attackers would find.

The Port Cheat Sheet: Your Quick Reference

Print This and Keep It On Your Desk

The Critical 10:

80 - HTTP
443 - HTTPS
22 - SSH
25 - SMTP
53 - DNS
3389 - RDP
445 - SMB
3306 - MySQL
143 - IMAP
587 - SMTP

Quick Recall Format:

  • 20s Club: FTP(20-21), SSH(22), Telnet(23), SMTP(25)
  • 50s Club: DNS(53)
  • 60s Club: DHCP(67-68), TFTP(69)
  • 80s Club: HTTP(80)
  • 100s Club: POP3(110), NTP(123), IMAP(143), SNMP(161-162)
  • 300s Club: LDAP(389)
  • 400s Club: HTTPS(443), SMB(445)
  • 500s Club: SMTP(587), LDAPS(636)
  • 900s Club: IMAPS(993), POP3S(995)
  • 1000s Club: MSSQL(1433)
  • 3000s Club: MySQL(3306), RDP(3389)

Your Network Mastery Starts Here

You don’t need to know all 65,535 ports. You need to know the 20-30 that matter, understand what they do, and know how to troubleshoot when things go wrong.

The difference between a struggling IT technician and a confident network professional often comes down to this fundamental knowledge. Ports aren’t just numbers; they’re the language of network communication.

What You’ll Master:

Network fundamentals including ports, protocols, and troubleshooting methodologies

Hands-on labs where you’ll actually configure services on different ports and see how they interact

Security best practices for securing network services and closing vulnerable ports

Certification preparation for CompTIA Network+, Security+, and CCNA with focused port knowledge

Real-world scenarios based on actual network issues you’ll face in the field

Troubleshooting frameworks that use port knowledge to diagnose problems systematically

Your Path Forward:

Networking Fundamentals Track

  • Master the OSI model and how ports fit in
  • Configure network services on common ports
  • Troubleshoot connectivity issues using port knowledge
  • Prepare for CompTIA Network+ certification

Security Professional Track

  • Learn which ports present security risks
  • Configure firewalls and access control lists
  • Perform network security assessments
  • Prepare for CompTIA Security+ and beyond

The Investment That Pays Off:

Network administrators with strong fundamentals earn $60,000-$85,000+ annually. Security professionals with networking knowledge command even higher salaries. Your investment in proper training pays for itself quickly.

Don’t just memorize ports—master networking.

Enroll in our networking and cybersecurity training programs today and transform from confused beginner to confident network professional.

Scroll to Top