What are well-known ports?

Well-known ports are port numbers 0–1023 reserved by IANA (Internet Assigned Numbers Authority) for common internet services. Root or administrator privileges are required to bind a server to these ports on most operating systems.

What is the difference between TCP and UDP?

TCP (Transmission Control Protocol) is connection-oriented: it guarantees delivery and order. UDP (User Datagram Protocol) is connectionless: it is faster but does not guarantee delivery. Many services use both — DNS (port 53) uses UDP for queries and TCP for large responses and zone transfers.

How do I check which ports are open on my server?

Use: ss -tlnp (Linux) or netstat -an (cross-platform) to see listening ports locally. For remote scanning, nmap -sV target runs a service-version scan. Note: scanning ports without permission is illegal in many jurisdictions.

What ports should I close on a production server?

Close or firewall any port not actively used. Common unnecessary services to disable: Telnet (23), FTP (21), rsh/rlogin (512-514), SMTP on servers that do not send mail (25), and any developer or debugging ports.

Why does my application need to run above port 1024?

Ports 0–1023 are privileged ports. On Linux, only root or a process with the CAP_NET_BIND_SERVICE capability can bind to them. Running application servers on ports ≥1024 (e.g. 3000, 8080, 8443) and using a reverse proxy (NGINX, Caddy) is the recommended approach.

What is port 443 and why is it used for HTTPS?

Port 443 is the IANA-registered port for HTTPS (HTTP over TLS/SSL). Browsers default to port 443 for https:// URLs, so the port number is implicit and does not appear in the URL.

What is port 22 and how can I secure SSH?

Port 22 is the default SSH port. To reduce automated brute-force attempts: change the port to a high number in sshd_config (security through obscurity, not a substitute for key auth), disable password authentication, restrict to specific source IPs via firewall rules, and use fail2ban.

What are ephemeral ports?

Ephemeral (dynamic) ports are temporary ports (32768–60999 on Linux, 49152–65535 per IANA) automatically assigned by the OS to outbound connections. When your browser connects to port 443, the OS assigns an ephemeral source port for that session.

Well-Known Port Reference

Browse IANA well-known ports (0–1023). Search by port number, protocol, or service name. All data is local — no server lookup needed.

100% client-side · no network requests

Port	Protocol	Service	Description

How to use the port reference

Type a port number, service name, or protocol into the search box.
Filter by TCP, UDP, or TCP/UDP using the protocol dropdown.
Results update instantly as you type.

Common use cases

Firewall rules: Identify which ports a service needs before writing iptables or cloud security group rules.
Troubleshooting: Look up an unfamiliar port seen in netstat or tcpdump output.
Security auditing: Cross-reference open ports against this list to identify unexpected services.

Frequently Asked Questions

What are well-known ports?: Well-known ports are port numbers 0–1023 reserved by IANA (Internet Assigned Numbers Authority) for common internet services. Root or administrator privileges are required to bind a server to these ports on most operating systems.
What is the difference between TCP and UDP?: TCP (Transmission Control Protocol) is connection-oriented: it guarantees delivery and order. UDP (User Datagram Protocol) is connectionless: it is faster but does not guarantee delivery. Many services use both — DNS (port 53) uses UDP for queries and TCP for large responses and zone transfers.
How do I check which ports are open on my server?: Use: ss -tlnp (Linux) or netstat -an (cross-platform) to see listening ports locally. For remote scanning, nmap -sV target runs a service-version scan. Note: scanning ports without permission is illegal in many jurisdictions.
What ports should I close on a production server?: Close or firewall any port not actively used. Common unnecessary services to disable: Telnet (23), FTP (21), rsh/rlogin (512-514), SMTP on servers that do not send mail (25), and any developer or debugging ports.
Why does my application need to run above port 1024?: Ports 0–1023 are privileged ports. On Linux, only root or a process with the CAP_NET_BIND_SERVICE capability can bind to them. Running application servers on ports ≥1024 (e.g. 3000, 8080, 8443) and using a reverse proxy (NGINX, Caddy) is the recommended approach.
What is port 443 and why is it used for HTTPS?: Port 443 is the IANA-registered port for HTTPS (HTTP over TLS/SSL). Browsers default to port 443 for https:// URLs, so the port number is implicit and does not appear in the URL.
What is port 22 and how can I secure SSH?: Port 22 is the default SSH port. To reduce automated brute-force attempts: change the port to a high number in sshd_config (security through obscurity, not a substitute for key auth), disable password authentication, restrict to specific source IPs via firewall rules, and use fail2ban.
What are ephemeral ports?: Ephemeral (dynamic) ports are temporary ports (32768–60999 on Linux, 49152–65535 per IANA) automatically assigned by the OS to outbound connections. When your browser connects to port 443, the OS assigns an ephemeral source port for that session.

Report a problem with this tool