Network Ports: Common Ports and Port Scanning

March 11, 2026 · 5 min read

Understanding Network Ports

Network ports are vital to digital communications, facilitating connections to specific services on computer systems. Data traversing a network is directed using a combination of an IP address and a port number. The IP address identifies the networked device, while the port number ensures data reaches the right software process.

To better understand the use and management of network ports, consider an analogy. Think of a port number as a specific extension in a large office building (the server) with a general phone number (the IP address). Just as extensions direct calls to specific employees, ports direct data to specific applications and services.

Well-Known Ports (0-1023)

Well-known ports are standardized by the Internet Assigned Numbers Authority (IANA) for popular protocols. These ports are typically reserved for widely used services, and understanding them is crucial for network configuration and security.

• 20/21: FTP - Used for file transfers between systems. FTP requires both ports: 21 for establishing command control and 20 for data transfer. Consider using secure alternatives like SFTP (on port 22) for enhanced security.
• 22: SSH - This secure protocol allows encrypted remote administration, file transfers, and tunneling. Always ensure SSH is configured to limit login attempts to prevent brute-force attacks.
• 25: SMTP - Responsible for sending emails, SMTP servers are common targets for spam. Limit exposure by requiring authentication and using filters to prevent unauthorized access.
• 53: DNS - It translates human-friendly domain names to IP addresses. Use the DNS lookup tool to troubleshoot common issues with DNS configurations.
• 80: HTTP and 443: HTTPS - HTTP is crucial for browsing, while HTTPS adds security by encrypting data. Always prefer HTTPS to safeguard users' sensitive information.
• 110: POP3 and 143: IMAP - These email retrieval protocols differ in handling messages. IMAP allows server-based email management, whereas POP3 downloads emails, often deleting them from the server.
• 993: IMAPS and 995: POP3S - These secure versions of IMAP and POP3 ensure encrypted connections to mail servers, providing better protection against eavesdropping.

Configuring Your Firewall

Regular firewall audits are essential to maintaining security by ensuring that only necessary ports are open. Firewalls can be adjusted using tools like firewalld on Linux or Windows Firewall, allowing you to configure, manage, and inspect open ports easily. Here’s a sample iptables configuration to allow SSH traffic:

# Open port 22 for SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Save settings
service iptables save

Hosting different services on a server? Ensure each port's necessity, reducing the attack surface by closing unnecessary ones. Consider using port knocking to enhance security, where ports only open when the correct sequence of attempts is made.

Common Application Ports

Beyond well-known ports, many other ports cater to specific applications vital for operations in development, database management, and application serving.

• 3000: Node.js - Often used by developers for running development web servers. Ensure these ports are closed in production, as they commonly lack security hardening.
• 3306: MySQL - MySQL databases frequently use this port. Restrict access to this port to trusted IP addresses or localhost for enhanced security.
• 5432: PostgreSQL - The default port for PostgreSQL databases. Similar to MySQL, always limit accessibility to prevent unauthorized access.
• 6379: Redis - As an in-memory store, require Redis to bind to localhost or implement authentication for added security.
• 8080: HTTP Alternative and 8443: HTTPS Alternative - Used for web services when default ports are unavailable. Ensure proper configuration to enforce HTTPS whenever possible.
• 27017: MongoDB - Default port for MongoDB databases. Protect with access controls and possible network-level encryption (TLS/SSL).

Troubleshooting Services

When a service fails, verifying its port can identify the problem. Employ tools like CORS tester for HTTP-related issues. Here’s how you can start troubleshooting:

# Check active TCP sessions
netstat -tuln

# Verify if the service is running
systemctl status nginx  # For web servers

# Test specific port connectivity
telnet localhost 5432

Ensure your firewall rules aren’t inadvertently blocking critical services. Misconfigured firewalls can often be the root cause of connectivity issues.

Port Scanning and Analysis

Port scanning reveals open ports on network devices, necessary for security assessments and diagnostics. The ease of executing port scans makes it essential to regularly perform your own scans to preemptively identify weak spots.

# Use Netcat to check a port
nc -zv example.com 80

# Comprehensive port scan with Nmap
nmap -p 1-65535 -T4 example.com

Engage with more detailed security analyses with the CIDR calculator to efficiently manage subnetting. Additionally, audit using tools like ss or lsof to discover local services listening on specific ports, and close those that aren’t necessary.

Security Considerations

Understanding port management is crucial for a secure networking environment. Follow these practices:

• Enable access only for essential services, limiting exposure to attack.
• Create comprehensive firewall rules to restrict network traffic to critical services.
• Utilize automated tools for port audits to maintain security integrity over time. Scheduled with cron jobs (see our cron parser) this ensures timely notifications.
• Encrypt traffic using TLS/SSL to protect data during transmission.

Auditing Ports

Impediments often arise from unauthorized configurational changes. Automate audits with monitoring tools or simple bash scripts scheduled by cron jobs. Consider this script:

#!/bin/bash
# Check open ports and log results
nmap -v -v -oG - localhost > /var/log/port_audit.log

Define alerts based on these audits, so you stay informed about unprivileged changes.

Practical Security Actions

Implement the following to maintain network security:

• Audit using command-line tools such as netstat or lsof for open ports, adjusting firewall policies accordingly.
• Secure transfers by leveraging protocols with TLS/SSL support, replacing unencrypted alternatives (e.g., use SFTP instead of plain FTP).
• Transfer files securely using a base64 encoder to encode sensitive data, ensuring secure transport and decoding at destinations.

Key Takeaways

• Ports are essential for routing network data to the correct application endpoints.
• Understand and monitor well-known ports and those used by your applications.
• Port scanning is crucial for identifying open ports and potential vulnerabilities.
• Regular audits and secure configurations reduce unauthorized network access risks.
• Utilize available tools for efficient network management and threat mitigation.