🔌 Networking

Port & Protocol Reference

Searchable reference of 200+ well-known TCP and UDP ports. Filter by category — web, databases, DevOps, email, security and more. Click any row for details.

📖 How to Use This Tool
1
Search for a port number or service name in the search bar
2
Filter by category (Database, DevOps, Security, etc.)
3
Toggle between TCP, UDP or ALL protocols
4
Click column headers to sort by port number, name or category
📝 Examples
Find port
Input: Search: 5432
Output: PostgreSQL — TCP, Database
Find by service
Input: Search: redis
Output: 6379 — Redis in-memory data store
Category:
Port ↕ Service Protocol Category Description
Port ranges: Well-known ports are 0–1023 (require root/admin). Registered ports are 1024–49151. Dynamic/ephemeral ports are 49152–65535. Always check your OS firewall and security groups when exposing ports.

Port & Protocol Reference Overview

A port and protocol reference is a searchable database of TCP and UDP port numbers and the services that use them by convention. When configuring firewalls, writing security group rules, debugging network connectivity, or setting up a new service, engineers need to quickly look up which port a service uses, whether it is TCP or UDP, and what the security implications of exposing it are. Having this information instantly accessible reduces the time spent consulting documentation and eliminates common mistakes like accidentally opening port 3306 to the public internet.

Port numbers are a fundamental part of the TCP/IP networking model, defined in RFC 6335 and maintained by the Internet Assigned Numbers Authority (IANA). The 65,535 available port numbers are divided into three ranges: well-known ports (0–1023), which are assigned to core services and require elevated privileges to bind to on most operating systems; registered ports (1024–49151), used by application software and middleware; and dynamic or ephemeral ports (49152–65535), assigned by the OS for outbound connections. Understanding these ranges matters when writing firewall rules, configuring Kubernetes NetworkPolicies, or setting up cloud security groups.

Step-by-Step Example

Say you're writing an AWS security group for a new internal PostgreSQL instance and want to confirm you're locking it down correctly. Type "postgres" into the search box — the substring match scans port number, service name, category, and description simultaneously, returning the entry for port 5432/TCP under the Database category, with a description noting it should never be exposed to the public internet. Cross-check by clicking the Database category filter button to see it alongside MySQL (3306), Redis (6379), and MongoDB (27017) — all of which share the same exposure risk.

From there, you'd write a security group ingress rule scoped to TCP port 5432, sourced only from the application subnet's CIDR block or security group ID, never 0.0.0.0/0. If you instead needed to debug why an application can't reach an outbound SMTP relay, searching "smtp" surfaces port 25/TCP alongside a note that many cloud providers block outbound port 25 by default — pointing you toward port 587 with STARTTLS as the actual fix instead of spending an hour debugging security group rules that were never the problem.

Why DevOps Teams Use This

  • Configuring firewall rules and cloud security groups: Look up the correct port and protocol before writing AWS security group ingress rules, GCP firewall rules, or iptables entries so that you open only the minimum necessary ports.
  • Debugging connectivity failures: When a service is unreachable, check this reference to confirm you are targeting the correct port and protocol, and verify that no known security restriction applies to that port (such as cloud providers blocking port 25 for outbound SMTP).
  • Writing Kubernetes NetworkPolicies: Reference port numbers for databases, message brokers, and microservice APIs when defining ingress and egress rules in Kubernetes NetworkPolicy manifests to achieve least-privilege pod networking.
  • Planning a new service's port allocation: Before choosing a port for a new internal service, check this reference to avoid conflicts with well-known services or ports that are commonly blocked by corporate network policies or cloud provider restrictions.

Under the hood, the tool stores a curated database of over 200 port entries drawn from the IANA port registry and common DevOps usage patterns, each with a port number, service name, protocol (TCP, UDP, or both), category, and description. Category filter buttons and TCP/UDP toggle buttons narrow results in real time, and column header clicks trigger a client-side sort on the current filtered dataset — all filtering and sorting happens in the browser with no server round-trips.

Frequently Asked Questions

What is a well-known port?

Well-known ports are port numbers in the range 0 to 1023, reserved by IANA for standardized services that form the backbone of internet communications. Common examples include HTTP on port 80, HTTPS on port 443, SSH on port 22, DNS on port 53 (both TCP and UDP), SMTP on port 25, and FTP on ports 20 and 21. On Unix-like operating systems, binding to a port below 1024 requires root or CAP_NET_BIND_SERVICE privileges, which is why web servers typically run as root initially and then drop privileges, or use a reverse proxy to forward traffic from port 80/443 to an unprivileged application port like 8080 or 3000.

What is the difference between TCP and UDP?

TCP (Transmission Control Protocol) establishes a connection using a three-way handshake, then guarantees that all data packets arrive in order and without corruption through acknowledgments and retransmission. This reliability makes TCP the right choice for HTTP, HTTPS, SSH, database connections, and any protocol where data integrity is essential. UDP (User Datagram Protocol) sends packets without a connection setup, acknowledgment, or ordering guarantee — making it significantly faster and with less overhead. UDP is used for DNS queries (where a fast round trip matters more than reliability), NTP time synchronization, VoIP, video streaming, and gaming. Some services like DNS use both: UDP for small queries and TCP for zone transfers or responses exceeding 512 bytes.

Which ports should I block at the firewall for security?

For any internet-facing infrastructure, start by blocking all inbound traffic by default and only explicitly allowing the ports your services require. Specific ports to block unless absolutely necessary include Telnet (23) — replace with SSH (22); FTP (20/21) — replace with SFTP over SSH; TFTP (69) — often used in attacks; SMB and NetBIOS (137, 138, 139, 445) — frequently exploited for ransomware lateral movement; RDP (3389) and VNC (5900) — high-value brute-force targets; and all database ports (MySQL 3306, PostgreSQL 5432, Redis 6379, MongoDB 27017, Elasticsearch 9200) which should be accessible only from application subnets, never from the public internet. Also note that many cloud providers block outbound port 25 (SMTP) by default to prevent abuse — use port 587 with STARTTLS for transactional email instead.