Find what’s listening on a port
Network services live on numbered ports. HTTPS is 443, SSH is 22, PostgreSQL is 5432. When you see an open port in a scan, a firewall rule, or a netstat listing, you need to know what it is — and the reverse, the canonical port for a given service. This searchable reference covers the most common TCP and UDP assignments with the service name, transport and the typical daemon or process behind it.
How it works
Each entry pairs a port number with a transport protocol (TCP or UDP), because a port is only meaningful together with its transport — TCP 53 and UDP 53 are different endpoints. The table is filtered live: type a number to find the service, or type a service name to find its conventional port. The transport filter lets you restrict results when you are reasoning about a stateful TCP listener versus a connectionless UDP one. Port ranges follow IANA: 0–1023 well-known, 1024–49151 registered, 49152–65535 dynamic/ephemeral.
Ports you encounter most often
| Port | Transport | Service | Notes |
|---|---|---|---|
| 22 | TCP | SSH | Secure shell; restrict to trusted sources |
| 25 | TCP | SMTP | Mail relay between servers; usually blocked by ISPs for clients |
| 53 | TCP + UDP | DNS | UDP for queries, TCP for zone transfers and large responses |
| 80 | TCP | HTTP | Unencrypted web; many servers redirect to 443 |
| 443 | TCP | HTTPS | TLS-encrypted web traffic |
| 587 | TCP | Submission | Authenticated email from mail clients |
| 3306 | TCP | MySQL | Default database port; block from internet |
| 5432 | TCP | PostgreSQL | Default Postgres port; block from internet |
| 6379 | TCP | Redis | In-memory store; never expose without auth |
| 8080 | TCP | HTTP-alt | Common for dev servers and proxies |
Dual-transport services
Several services register on both TCP and UDP for the same port number. DNS is the clearest example: UDP 53 handles normal queries (fast, connectionless), while TCP 53 handles zone transfers and responses too large for a single UDP datagram. NTP uses UDP 123 for time synchronisation but TCP 123 for management in some implementations. SNMP uses UDP 161 for agents and UDP 162 for traps, with TCP available as a fallback.
What to check when a scan shows an unexpected open port
- Confirm the actual process:
ss -tulpn | grep <port>orlsof -i :<port>(macOS/Linux) shows the listening PID. - Check whether it should be public-facing or only reachable within a private network.
- Compare against your known service list — anything unrecognised warrants investigation, not assumption.
- For cloud environments, verify your security-group or firewall rules match what is actually open.
Tips and notes
Treat these as conventions, not guarantees — always confirm the real listening port with ss -tulpn or netstat -tulpn rather than assuming the default. Remember that some services need both transports (DNS, NTP) and some use one port for plaintext and another for TLS (HTTP 80 vs HTTPS 443, SMTP 25 vs submission 587 vs SMTPS 465). For firewalls, deny by default and open only the ports you intentionally serve, restricting management ports like SSH to trusted source addresses.