Common TCP and UDP ports: a cheat sheet
A scannable reference of common TCP and UDP ports grouped by purpose — web, mail, file transfer, remote access, databases, and infrastructure.
This cheat sheet is a quick reference to the TCP and UDP ports you meet most often, grouped by what they do. Every port number links to its full PortsDB entry — or you can browse all ports. The risk column flags how cautious you should be about exposing each one.
Quick reference table
| Port | Service | Transport | Risk |
|---|---|---|---|
| 20 / 21 | FTP data / control | TCP | High — cleartext, use SFTP |
| 22 | SSH / SFTP | TCP | Medium — key auth only |
| 23 | Telnet | TCP | High — cleartext, avoid |
| 25 | SMTP | TCP | Medium |
| 53 | DNS | TCP/UDP | Medium |
| 80 | HTTP | TCP | Medium — redirect to HTTPS |
| 110 | POP3 | TCP | Medium |
| 123 | NTP | UDP | Medium — reflection risk |
| 143 | IMAP | TCP | Medium |
| 161 | SNMP | UDP | High — default strings |
| 389 | LDAP | TCP/UDP | High — internal only |
| 443 | HTTPS | TCP | Low — expose this |
| 445 | SMB | TCP | Critical — never expose |
| 465 | SMTPS | TCP | Low |
| 587 | SMTP submission | TCP | Low |
| 993 | IMAPS | TCP | Low |
| 995 | POP3S | TCP | Low |
| 3306 | MySQL | TCP | High — private only |
| 3389 | RDP | TCP | Critical — VPN only |
| 5432 | PostgreSQL | TCP | High — private only |
| 6379 | Redis | TCP | Critical — no auth default |
Web and proxies
The workhorses of the web are port 80 (HTTP) and port 443 (HTTPS) — always redirect the former to the latter. Alternate app ports include port 8080 and proxies on port 3128. Search dashboards like Kibana often sit on port 5601.
Mail uses a cluster of ports: port 25 for server-to-server SMTP, port 587 for authenticated submission, and port 465 for SMTPS. Clients fetch mail over POP3 (port 110) and IMAP (port 143), with TLS variants on port 995 and port 993.
File transfer and sharing
FTP control and data live on port 21 and port 20, but prefer SFTP over port 22. Windows file sharing uses SMB on port 445 with legacy NetBIOS on port 139 and port 137. NFS is on port 2049, and rsync on port 873.
Remote access
The big three: SSH on port 22, RDP on port 3389, and VNC on port 5900. Avoid Telnet on port 23. VPNs commonly use OpenVPN on port 1194 and IPsec on port 500.
Databases
Keep all of these on private networks: MySQL port 3306, PostgreSQL port 5432, MS-SQL port 1433, Oracle port 1521, Redis port 6379, MongoDB port 27017, Elasticsearch port 9200, and Memcached port 11211.
Directory, AD and infrastructure
Active Directory and directory services rely on LDAP (port 389), LDAPS (port 636), Kerberos (port 88), and the global catalog (port 3268). Core infrastructure includes DNS (port 53), NTP (port 123), SNMP (port 161), and syslog (port 514). Message queues and clusters show up on Kafka (port 9092), RabbitMQ (port 5672), and ZooKeeper (port 2181).
Conclusion
Knowing what listens where is the first step to securing it. Use this sheet to recognize services during a scan, then apply the rule of thumb: expose only what you must (usually port 443), keep databases and admin ports private, and look up anything unfamiliar on PortsDB.