Port & Protocol Reference
Searchable reference of 200+ well-known TCP and UDP ports. Filter by category — web, databases, DevOps, email, security and more. Click any row for details.
What is a Port & Protocol Reference?
A port and protocol reference is a searchable database of TCP and UDP port numbers and the services that use them by convention. When configuring firewalls, writing security group rules, debugging network connectivity, or setting up a new service, engineers need to quickly look up which port a service uses, whether it is TCP or UDP, and what the security implications of exposing it are. Having this information instantly accessible reduces the time spent consulting documentation and eliminates common mistakes like accidentally opening port 3306 to the public internet.
Port numbers are a fundamental part of the TCP/IP networking model, defined in RFC 6335 and maintained by the Internet Assigned Numbers Authority (IANA). The 65,535 available port numbers are divided into three ranges: well-known ports (0–1023), which are assigned to core services and require elevated privileges to bind to on most operating systems; registered ports (1024–49151), used by application software and middleware; and dynamic or ephemeral ports (49152–65535), assigned by the OS for outbound connections. Understanding these ranges matters when writing firewall rules, configuring Kubernetes NetworkPolicies, or setting up cloud security groups.
When to Use This Tool
- Configuring firewall rules and cloud security groups: Look up the correct port and protocol before writing AWS security group ingress rules, GCP firewall rules, or iptables entries so that you open only the minimum necessary ports.
- Debugging connectivity failures: When a service is unreachable, check this reference to confirm you are targeting the correct port and protocol, and verify that no known security restriction applies to that port (such as cloud providers blocking port 25 for outbound SMTP).
- Writing Kubernetes NetworkPolicies: Reference port numbers for databases, message brokers, and microservice APIs when defining ingress and egress rules in Kubernetes NetworkPolicy manifests to achieve least-privilege pod networking.
- Planning a new service's port allocation: Before choosing a port for a new internal service, check this reference to avoid conflicts with well-known services or ports that are commonly blocked by corporate network policies or cloud provider restrictions.
How It Works
The tool stores a curated database of over 200 port entries drawn from the IANA port registry and common DevOps usage patterns. Each entry includes the port number, service name, protocol (TCP, UDP, or both), category (Web, Database, DevOps, Security, etc.), and a description. The search runs a substring match across port number, service name, category, and description simultaneously, so you can find a service by typing any identifying term. Category filter buttons and TCP/UDP toggle buttons narrow results in real time. Column header clicks trigger a client-side sort on the current filtered dataset, and all filtering and sorting happens in the browser with no server round-trips.
Frequently Asked Questions
What is a well-known port?
Well-known ports are port numbers in the range 0 to 1023, reserved by IANA for standardized services that form the backbone of internet communications. Common examples include HTTP on port 80, HTTPS on port 443, SSH on port 22, DNS on port 53 (both TCP and UDP), SMTP on port 25, and FTP on ports 20 and 21. On Unix-like operating systems, binding to a port below 1024 requires root or CAP_NET_BIND_SERVICE privileges, which is why web servers typically run as root initially and then drop privileges, or use a reverse proxy to forward traffic from port 80/443 to an unprivileged application port like 8080 or 3000.
What is the difference between TCP and UDP?
TCP (Transmission Control Protocol) establishes a connection using a three-way handshake, then guarantees that all data packets arrive in order and without corruption through acknowledgments and retransmission. This reliability makes TCP the right choice for HTTP, HTTPS, SSH, database connections, and any protocol where data integrity is essential. UDP (User Datagram Protocol) sends packets without a connection setup, acknowledgment, or ordering guarantee — making it significantly faster and with less overhead. UDP is used for DNS queries (where a fast round trip matters more than reliability), NTP time synchronization, VoIP, video streaming, and gaming. Some services like DNS use both: UDP for small queries and TCP for zone transfers or responses exceeding 512 bytes.
Which ports should I block at the firewall for security?
For any internet-facing infrastructure, start by blocking all inbound traffic by default and only explicitly allowing the ports your services require. Specific ports to block unless absolutely necessary include Telnet (23) — replace with SSH (22); FTP (20/21) — replace with SFTP over SSH; TFTP (69) — often used in attacks; SMB and NetBIOS (137, 138, 139, 445) — frequently exploited for ransomware lateral movement; RDP (3389) and VNC (5900) — high-value brute-force targets; and all database ports (MySQL 3306, PostgreSQL 5432, Redis 6379, MongoDB 27017, Elasticsearch 9200) which should be accessible only from application subnets, never from the public internet. Also note that many cloud providers block outbound port 25 (SMTP) by default to prevent abuse — use port 587 with STARTTLS for transactional email instead.