Network communication on the internet relies on ports and services. Every web request, email, remote login, or file transfer uses a specific network port to reach the correct service on a server.
This post provides a deep, textbook-style explanation of common network ports and services, based on the cheat-sheet shown above. It is designed for:
- Networking students
- Cybersecurity learners
- SOC analysts
- Interview preparation (fresher to mid-level roles)
What Is a Network Port?
A network port is a logical communication endpoint used by transport layer protocols such as TCP and UDP.
While an IP address identifies a device, a port identifies which service or application on that device should receive the data.
Example:
IP Address: 192.168.1.10 Port: 80 (HTTP)
This tells the system to send traffic to the web server running on that machine.
TCP vs UDP (Important for Ports)
| Protocol | Characteristics |
|---|---|
| TCP | Reliable, connection-oriented, ordered delivery |
| UDP | Fast, connectionless, no delivery guarantee |
Most critical services (web, SSH, email) use TCP. Services requiring speed (DNS, DHCP, NTP) often use UDP.
Common Network Ports and Services (Detailed Breakdown)
Port 20 / 21 – FTP (File Transfer Protocol)
FTP is used to transfer files between a client and a server.
- Port 21 – Control channel
- Port 20 – Data transfer
Security Note: FTP transmits data and credentials in plain text and is considered insecure.
Typical Use: Uploading or downloading files on legacy systems.
Port 22 – SSH (Secure Shell)
SSH provides encrypted remote access to systems. It replaces insecure protocols like Telnet.
Functions:
- Remote command execution
- Secure file transfer (SCP, SFTP)
- Server administration
Security Importance: One of the most targeted ports by attackers (brute force attacks).
Port 23 – Telnet
Telnet provides remote terminal access but does not use encryption.
All data, including passwords, is sent in plain text.
Status: Obsolete and insecure. Replaced by SSH.
Port 25 – SMTP (Simple Mail Transfer Protocol)
SMTP is responsible for sending emails between clients and mail servers.
It does not retrieve email — only sends it.
Security Note: Often abused for spam if not properly secured.
Port 53 – DNS (Domain Name System)
DNS translates domain names into IP addresses.
Example:
google.com → 142.250.72.14
DNS uses:
- UDP for queries
- TCP for zone transfers
DNS is a critical service and a common attack target (DNS spoofing, poisoning).
Ports 67 / 68 – DHCP
DHCP automatically assigns IP addresses and network settings.
- Port 67 – Server
- Port 68 – Client
Without DHCP, IP configuration would be manual.
Port 80 – HTTP
HTTP enables web browsing but does not encrypt data.
Data sent over HTTP can be intercepted and modified.
Status: Largely replaced by HTTPS.
Port 110 – POP3
POP3 retrieves emails from a server and typically deletes them after download.
Used for offline email access.
Port 123 – NTP
NTP synchronizes system clocks across networks.
Accurate time is critical for:
- Log correlation
- Authentication
- Security investigations
Port 143 – IMAP
IMAP retrieves email while keeping it stored on the server.
Supports multi-device access.
Port 443 – HTTPS
HTTPS is the secure version of HTTP.
Uses SSL/TLS encryption to protect data in transit.
Critical for:
- Online banking
- E-commerce
- Authentication systems
Port 445 – SMB / CIFS
SMB enables file and printer sharing in Windows environments.
Security Importance: Frequently exploited in ransomware attacks (e.g., WannaCry).
Port 3306 – MySQL / MariaDB
Used by MySQL and MariaDB database servers.
Exposing this port publicly is a serious security risk.
Port 3389 – RDP
RDP allows remote graphical access to Windows systems.
Commonly targeted by:
- Brute force attacks
- Ransomware operators
Port 5432 – PostgreSQL
Default port for PostgreSQL databases.
Typically restricted to internal networks only.
Why Network Ports Matter in Cybersecurity
Open ports represent potential attack surfaces.
Security teams use port knowledge to:
- Harden firewalls
- Detect unauthorized services
- Investigate attacks
Tools like Nmap are used to scan ports during security assessments.
Interview-Ready Explanation
Network ports identify services on a system. Understanding common ports helps security professionals detect misconfigurations, attacks, and unauthorized services.
Final Summary
Common network ports and services form the foundation of networking and cybersecurity. A strong understanding of ports, protocols, and use cases is essential for defensive security, incident response, and penetration testing.
If you know your ports, you understand the network 🔐
