EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 8 : Network Forensics |
||||
Notes available : 7 |
You are not logged in. Please Login for track your learning progress |
|||
Default and Common Port Numbers and its protocols & functions
These ports can be opened and used by software applications and operating system services to send and receive data over networks (LAN or WAN) that employ certain protocols (eg TCP, UDP). Port numbers identify a particular application or service on a system. An IP address identifies a machine in an IP network and determines the destination of a data packet, while port numbers identify particular applications or services on a system. Port numbers identify a particular application or service on a system.
Why is it important to know these ports?
Any security researcher, bug bounty hunter, or anyone working with service configuration would benefit from this. Knowing how to do more thorough scans such as version detection or known vulnerabilities for ancient services that are still operating in the infrastructure, especially when using tools like Nmap, is handy when getting to know these protocols and services.
The following are some of the most common service names, transport protocol names, and port numbers used to differentiate between specific services that employ TCP, UDP, DCCP, and SCTP.
Port Number |
Service name |
Transport protocol |
Description |
7 |
Echo |
TCP, UDP |
Echo service |
20 |
FTP-data |
TCP, SCTP |
File Transfer Protocol data transfer |
21 |
FTP |
TCP, UDP, SCTP |
File Transfer Protocol (FTP) control connection |
22 |
SSH-SCP |
TCP, UDP, SCTP |
Secure Shell, secure logins, file transfers (scp, sftp), and port forwarding |
23 |
Telnet |
TCP |
Telnet protocol—unencrypted text communications |
25 |
SMTP |
TCP |
Simple Mail Transfer Protocol, used for email routing between mail servers |
53 |
DNS |
TCP, UDP |
Domain Name System name resolver |
69 |
TFTP |
UDP |
Trivial File Transfer Protocol |
80 |
HTTP |
TCP, UDP, SCTP |
Hypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP |
88 |
Kerberos |
TCP, UDP |
Network authentication system |
102 |
Iso-tsap |
TCP |
ISO Transport Service Access Point (TSAP) Class 0 protocol |
110 |
POP3 |
TCP |
Post Office Protocol, version 3 (POP3) |
135 |
Microsoft EPMAP |
TCP, UDP |
Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server, and WINS. Also used by DCOM |
137 |
NetBIOS-ns |
TCP, UDP |
NetBIOS Name Service, used for name registration and resolution |
139 |
NetBIOS-ssn |
TCP, UDP |
NetBIOS Session Service |
143 |
IMAP4 |
TCP, UDP |
Internet Message Access Protocol (IMAP), management of electronic mail messages on a server |
162 |
SNMP |
UDP |
SNMP agent," using destination port 161 |
163 |
SNMP |
UDP |
When the SNMP agent wants to report something or respond to a command, an agent will send an "SNMP trap" on port 162 to the manager |
381 |
HP Openview |
TCP, UDP |
HP data alarm manager |
383 |
HP Openview |
TCP, UDP |
HP performance data collector. |
443 |
HTTP over SSL |
TCP, UDP, SCTP |
Hypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP. |
464 |
Kerberos |
TCP, UDP |
Kerberos Change/Set password |
465 |
SMTP over TLS/SSL, SSM |
TCP |
Authenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for SSM (Cisco protocol) |
587 |
SMTP |
TCP |
Email message submission |
593 |
Microsoft DCOM |
TCP, UDP |
HTTP RPC Ep Map, Remote procedure call over Hypertext Transfer Protocol, often used by Distributed Component Object Model services and Microsoft Exchange Server |
636 |
LDAP over TLS/SSL |
TCP, UDP |
Lightweight Directory Access Protocol over TLS/SSL |
691 |
MS Exchange |
TCP |
MS Exchange Routing |
902 |
VMware Server |
unofficial |
VMware ESXi |
989 |
FTP over SSL |
TCP, UDP |
FTPS Protocol (data), FTP over TLS/SSL |
990 |
FTP over SSL |
TCP, UDP |
FTPS Protocol (control), FTP over TLS/SSL |
993 |
IMAP4 over SSL |
TCP |
Internet Message Access Protocol over TLS/SSL (IMAPS) |
995 |
POP3 over SSL |
TCP, UDP |
Post Office Protocol 3 over TLS/SSL |
1025 |
Microsoft RPC |
TCP |
Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end of the service port range (1024+). |
1194 |
OpenVPN |
TCP, UDP |
OpenVPN |
1337 |
WASTE |
unofficial |
WASTE Encrypted File Sharing Program |
1589 |
Cisco VQP |
TCP, UDP |
Cisco VLAN Query Protocol (VQP) |
1725 |
Steam |
UDP |
Valve Steam Client uses port 1725 |
2082 |
cPanel |
unofficial |
cPanel default |
2083 |
radsec, cPanel |
TCP, UDP |
Secure RADIUS Service (radsec), cPanel default SSL |
2483 |
Oracle DB |
TCP, UDP |
Oracle database listening for insecure client connections to the listener, replaces port 1521 |
2484 |
Oracle DB |
TCP, UDP |
Oracle database listening for SSL client connections to the listener |
2967 |
Symantec AV |
TCP, UDP |
Symantec System Center agent (SSC-AGENT) |
3074 |
XBOX Live |
TCP, UDP |
Xbox LIVE and Games for Windows – Live |
3306 |
MySQL |
TCP |
MySQL database system |
3724 |
World of Warcraft |
TCP, UDP |
Some Blizzard games, Unofficial Club Penguin Disney online game for kids |
4664 |
Google Desktop |
unofficial |
Google Desktop Search |
5432 |
PostgreSQL |
TCP |
PostgreSQL database system |
5900 |
RFB/VNC Server |
TCP, UDP |
virtual Network Computing (VNC) Remote Frame Buffer RFB protocol |
6665-6669 |
IRC |
TCP |
Internet Relay Chat . |
6881 |
BitTorrent |
unofficial |
BitTorrent is part of the full range of ports used most often |
6999 |
BitTorrent |
unofficial |
BitTorrent is part of the full range of ports used most often |
6970 |
Quicktime |
unofficial |
QuickTime Streaming Server |
8086 |
Kaspersky AV |
TCP |
Kaspersky AV Control Center |
8087 |
Kaspersky AV |
UDP |
Kaspersky AV Control Center |
8222 |
VMware Server |
TCP, UDP |
VMware Server Management User Interface (insecure Web interface). |
9100 |
PDL |
TCP |
PDL Data Stream, used for printing to certain network printers. |
10000 |
BackupExec |
unofficial |
Webmin, Web-based Unix/Linux system administration tool (default port) |
12345 |
NetBus |
unofficial |
NetBus remote administration tool (often Trojan horse). |
27374 |
Sub7 |
unofficial |
Sub7 default |
31337 |
Back Orifice |
unofficial |
Back Orifice 2000 remote administration tools |
Go to notes |