This appendix is designed to provide general information about service ports that are discovered on IP networks. Outlined are ports 1-80, along with many other common higher ports and specific ports found within the environment.
TCP/UDP # General Name Short Description 0 Reserved Reserved 1 TCP Port N/A Service Multiplex 2 Compressnet Proprietary Management Utility 3 Compressnet Proprietary Compression Process 4 Unassigned Unassigned 5 RJE Remote Job Entry Protocol. [email protected] 6 Unassigned N/A 7 ECHO Echo protocol, used to discovered live IP hosts on an IP network. 8 Unassigned N/A 9 Discard Discard protocol, used for packet discard signaling. 10 Unassigned N/A 11 Sysstat Sysstat protocol, used to determine information about active remote users connected to a system. 12 Unassigned N/A 13 Daytime Daytime (RFC 867), used to determine the time from a remote computer hosting this service. 14 Unassigned N/A 15 Unassigned N/A 16 Unassigned N/A 17 QOTD QOTD (Quote of the Day) protocol, used to obtain a quote of information from a remote computer hosting this service. 18 MSP MSP (Message Sent Protocol), used to send general network messages to computers on an IP network. 19 CHARGEN Character Generator protocol, used to generate random character strings from a remote computer. 20 FTP-DATA FTP (File Transfer Protocol), used to download data from a remote IP host.
1/9 21 FTP FTP (File Transfer Protocol), used to control the downloading of data from a remote IP host. 22 (SSH) SSH SSH Remote Login Protocol, used as an alternative to TELNET to provide encryption of remote shell and logon processes. 22 PCAnywhere Symantec�s PCAnywhere uses port 22 for (PCAnywhere) remote client authentication when providing a PCAnywhere session. 23 TELNET TELNET, a remote shell and login protocol, providing remote shell access on IP hosts. 24 APMS Any Private Mail System. (No Description) 25 SMTP SMTP (Simple Mail Transfer Protocol) is used to delivery and remotely queue IP mail between IP hosts and domains. 26 Unassigned N/A 27 NSW User Proprietary for NSM systems, sometimes used System FE by SLMAIL. 28 Unassigned N/A 29 MSG ICP Proprietary, No description. 30 Unassigned N/A 31 MSG AUTH MSG Authentication, Proprietary. No description. 32 Unassigned N/A 33 DSP Display Support Protocol, Proprietary. No description. 34 Unassigned N/A 35 APPS Any Private Printer Server, flexible for all IP Print servers. 36 Unassigned N/A 37 TIME Time Protocol, used to determine the time from a remote computer hosting this service. 38 RAP Route Access Protocol, used to discovered IP network gateways, when one is not assigned. (Experimental) 39 RLP Resource Location Protocol, used to find hosted resources on remote IP clients. 40 Unassigned N/A 41 Graphics Graphics, used for accelerated graphics over the network, used via Direct3D. 42 (IANA) HNS
2/9 Host Name Server, used for hostname resolution to IP address. 42 (Microsoft) WINS Windows Internet Naming Service, used to resolve NetBIOS computer names to IP address. 43 WHOIS WHOIS, used to find information about a remote IP host. 44 MPM-FLAGS MPM Flags Protocol, Proprietary. No description. 45 MPM Message Processing Module. (RECV), Proprietary. No description. 46 MPM-SND MPM Send, Proprietary. No description. 47 NI-FTP NI FTP, Proprietary. No description. 48 AUDITD Digital Audit Daemon, Proprietary. No description. 49 TACAS Login Host Protocol, provides central authentication services for network communications devices. 50 RE-MAIL-CH Remote Mail Checking Protocol, Proprietary. No description. 51 LA-MAINT IMP Logical Address Maintenance, Proprietary. No description. 52 XNS-TIME XNS Time Protocol, Proprietary. No description. 53 DNS Domain Name Service, provides hostname to IP address resolution for IP networks. 54 XNS-CH XNS Clearing House, Proprietary. No description. 55 ISI-GL ISI Graphics Language, Proprietary. No description. 56 XNS-AUTH XNS Authentication, Proprietary. No description. 57 APTA Any Private Terminal Access, Proprietary. No description. 58 XNS-MAIL XNS Mail Protocol, Proprietary. No description. 59 APFS Any Private File Service, Proprietary. No description. 60 Unassigned N/A 61 NI-MAIL NI MAIL, Proprietary. No description. 62 ACAS ACA Services, Proprietary. No description. 63 WHOIS++ WHOIS++, Proprietary. No description. 64 COVIA
3/9 Communications Integrator. (CI), Proprietary. No description. 65 TACAS-DS TACAS Database Service provides database services for the TACAS protocol. 66 SQL*NET Used by Oracle and SQL*NET for network database services over IP. 67 BOOTPS Bootstrap Protocol Server, used to allow diskless workstation clients to boot onto an IP network and obtain its IP address automatically from servers hosting this service. 68 BOOTPC Bootstrap Protocol Client, used by diskless clients to query BOOTPS for an IP address. 69 TFTP TFTP (Trivial File Transfer Protocol) provides downloading and uploading of data between network hosts on an IP network. 70 Gopher Gopher provides search engine type functions over an IP network. 71 NETRJS-1 Remote Job Service #1, Proprietary. No description. 72 NETRJS-2 Remote Job Service #1, Proprietary. No description. 73 NETRJS-2 Remote Job Service #1, Proprietary. No description. 74 NETRJS-4 Remote Job Service #1, Proprietary. No description. 75 APDOS Any Private Dial Out Service, Proprietary. No description. 76 DEOS Distributed External Object Store, Proprietary. No description. 77 APRJES Any Private RJE Service, Proprietary. No description. 78 VETTCP VET TCP, Proprietary. No description. 79 FINGER Finger services provide information about users logged onto a remote system. 80 HTTP HTTP (HyperText Transfer Protocol) provides web services such as websites and downloading/uploading of remote files. 88 KERBEROS Kerberos is an authentication protocol, used is Windows 2000 (NATIVE MODE) along with some implementations of UNIX. 109 POP2
4/9 POP2 (Post Office Protocol version 2) provides e-mail clients with the ability to download e-mail from remote IP mail servers hosting this service. 110 POP3 POP3 (Post Office Protocol version 3) provides e-mail clients with the ability to download e-mail from remote IP mail servers hosting this service. 111 SUNRPC SUN Remote Procedure Call Protocol, remote execution ability in RPC with Sun Micro systems. 113 AUTH Authentication provides remote authentication mechanism. Usually hosted on firewalls. 115 SFTP SFTP (Simple File Transfer Protocol) used to download data from a remote IP host. 118 SQLSERV Legacy SQL database services. 119 NNTP NNTP (Network News Transfer Protocol) used to provide global newsgroup capabilities in an IP network. 123 NTP NTP (Network Time Protocol) used to provide remote IP clients with Time synchronization capabilities. 135 EPMAP DCE Endpoint Resolution. 137 NETBIOS-NS NETBIOS Name Service, used in Microsoft Networks to provide remote name resolution 138 NEBIOS-DGM NETBIOS Datagram Service, used in Microsoft Networks for NETBIOS UDP support. 139 NETBIOS-SSN NETBIOS Session Service, used in Microsoft Networks for NETBIOS session layer support. 143 IMAPv4 IMAP (Internet Message Access Protocol version 4) provides e-mail clients with the ability to download e-mail from remote IP mail servers hosting this service. 161 SNMP SNMP (Simple Network Management Protocol) used to capture statistical network data from devices running SNMP services. 194 IRC IRC (Internet Relay Chat Protocol) provides IRC clients the ability to connect to IRC-SERV (see port 529) on an IP network to provide Instant Messaging. 199 SMUX SMUX is used for providing multiplexing capabilities over IP networks. (Primarily in UNIX)
5/9 280 HTTP-MGT HTTP (HyperText Transfer Protocol � Management) provides a remote management configuration through HTTP, or web services. 389 LDAP LDAP (Lightweight Directory Access Protocol) provides access to a networked directory over IP networks. 443 HTTPS HTTP over SSL, provides HTTP services (See port 80) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. 445 Microsoft-DS Microsoft Directory Service provides for File and Print Sharing through the Active Directory in Windows 2000. 464 KPASSWD Kerberos Password provides a means to transmit Kerberos (See port 88) logon credentials in an encrypted format over an IP network. 512 (EXEC) EXEC EXEC provides remote process execution TCP authentication performed using passwords and UNIX login names. 512 (Comsat) COMSAT COMSAT, Proprietary. No description. UDP 512 (BIFF) BIFF BIFF provides mail notification to remote clients UDP to alert them when new mail has arrived. (UNIX) 513 (LOGIN) LOGIN Login provides remote login via telnet, TCP automatic authentication performed based on privileged port numbers and distributed databases which identify "authentication domains". (UNIX) 513 (WHO) WHO WHO maintains databases showing who's UDP logged in to machines on a local net and the load average of the CPU. (UNIX) 514 (SHELL) SHELL Shell provides a cmd.exe interface like exec, but TCP automatic authentication is performed through the login server. (UNIX) 514 (SYSLOG) SYSLOG SYSLOG provides statistical logging information UDP about devices on an IP network. 515 SPOOLER SPOOLER allows for remote print queuing, which is usually present on most network print servers in an IP network. 529 IRC-SERV IRC (Internet Relay Chat Protocol Server) provides IRC services to IRC clients.
6/9 563 NNTPS NNTP over SSL provides NNTP services (See port 119) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. 585 IMAP4S IMAP version 4 over SSL provides IMAP4 services (See port 143) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. (Also found on Port 993) 593 HTTP/DCE HTTP-RPC-EPMAP provides RPC (Remote Procedure Call) functionality through the HTTP protocol. 636 LDAPS LDAP over SSL provides LDAP services (See port 389) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. 799 ControlIT / Computer Associates Remotely Possible and Remotely ControlIT product lines use this port to establish Possible remote control sessions. 800 ControlIT / Computer Associates Remotely Possible and Remotely ControlIT product lines use this port to establish Possible remote control sessions. 989 FTP-DATAS FTP-DATA over SSL provides FTP-DATA services (See port 20) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. 990 FTPS FTP over SSL provides FTP services (See port 21) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. 992 TELNETS Telnet over SSL provides TELNET services (See port 23) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. 993 IMAPS IMAP version 4 over SSL provides IMAP4 services (See port 143) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. (Also found on Port 585) 994 IRCS IRC over SSL provides IRC services (See port 194) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an
7/9 IP network. 995 POP3S POP3 over SSL provides POP3 services (See port 110) over SSL (secure socket layer) to provide encryption, to protect data as it transverses an IP network. 1023-1030 Reserved N/A (IANA) 1023-1030 FPS Microsoft�s File and Print Sharing Services, (Microsoft) allowing for remote registry changes over NetBIOS. 1433 SQL Microsoft�s SQL database access protocol for SQL over an IP network. 1494 Citrix ICA Citrix Thin-Client technology provides terminal services to remote clients for low bandwidth usage. 1505 FunkProxy Funk software�s Proxy product line hosts remote control services over IP networks. 1720 H323 H323 provides Voice over IP capabilities on an IP network, to effectively encapsulate Analog voice into Digital IP packets to be routed. 1723 PPTP PPTP (Point to Point Tunneling Protocol) provides tunnel encryption capabilities between hosts on an IP network. 2000 Remotely Remotely Anywhere hosts remote control Anywhere services over IP networks. 2001 Remotely Remotely Anywhere hosts remote control Anywhere services over IP networks. 3000 � 30xx Remote Printer These ports are often found hosting remote print Queuing capabilities on a network print server in an IP network. 3389 Terminal Microsoft�s Terminal Services provides remote Services clients with a low bandwidth remote access to server resources. 5631 PCAnywhere Symantec�s PCAnywhere hosts remote control services over IP networks. 5632 PCAnywhere Symantec�s PCAnywhere hosts remote control services over IP networks. 5800 � 58xx VNC AT&T�s VNC (Virtual Network Control) hosts remote control services over IP networks through emulated HTTP services using JAVA APPLETS.
8/9 42509 InoculateIT InoculateIT 6.0 admin service provides policy etrust Admin based virus software management over an IP Server network. 42510 InoculateIT InoculateIT 6.0 client service queries admin etrust client services to receive policies pertaining to virus service protection software. 49408 / 49609 NetMeeting Microsoft�s NetMeeting product line offers remote control capabilities, along with video and voice conferencing over IP based networks. 65301 PCAnywhere Symantec�s PCAnywhere provides remote control services over IP networks.
9/9