What Is a Port Number?
A port number is a logical communication endpoint used by network services. Think of an IP address as an apartment building — the port number is the specific apartment inside.
IP Address
The building
+
Port Number
The specific apartment
Complete A+ Port Numbers List
| Port | Protocol | Service | Exam priority |
|---|---|---|---|
| 20 / 21 | TCP | FTP File Transfer Protocol — 20 = data, 21 = control |
High |
| 22 | TCP | SSH / SFTP Secure Shell + Secure File Transfer (SFTP runs over SSH) |
High |
| 23 | TCP | Telnet Unencrypted remote access — replaced by SSH |
High |
| 25 | TCP | SMTP Simple Mail Transfer Protocol — sends email between servers |
High |
| 53 | UDP / TCP | DNS Domain Name System — resolves hostnames to IPs |
High |
| 67 / 68 | UDP | DHCP 67 = server, 68 = client — automatic IP assignment |
Medium |
| 80 | TCP | HTTP Unencrypted web traffic |
High |
| 110 | TCP | POP3 Post Office Protocol — downloads email to device, deletes from server |
High |
| 137–139 | TCP/UDP | NetBIOS Windows name resolution and file sharing (legacy) |
Medium |
| 143 | TCP | IMAP Internet Message Access Protocol — email stays on server, synced to devices |
High |
| 161 / 162 | UDP | SNMP Simple Network Management Protocol — monitors network devices. 161 = queries, 162 = traps |
Medium |
| 389 | TCP | LDAP Lightweight Directory Access Protocol — used with Active Directory |
Medium |
| 443 | TCP | HTTPS Encrypted web traffic — HTTP over SSL/TLS |
High |
| 445 | TCP | SMB Server Message Block — Windows file and printer sharing |
Medium |
| 587 | TCP | SMTP (Submission) Authenticated email submission — modern replacement for port 25 for clients |
Medium |
| 636 | TCP | LDAPS LDAP over SSL — encrypted directory access |
Know it |
| 990 | TCP | FTPS FTP over SSL — encrypted file transfer (different from SFTP) |
Know it |
| 993 | TCP | IMAPS IMAP over SSL — encrypted email retrieval |
Medium |
| 995 | TCP | POP3S POP3 over SSL — encrypted email download |
Medium |
| 3389 | TCP | RDP Remote Desktop Protocol — graphical remote access to Windows |
High |
Network+ Port Numbers
The Network+ exam N10-009 tests a broader set of ports than A+, covering routing protocols, infrastructure services, voice over IP, and database servers you'll encounter in enterprise environments.
| Port | Protocol | Service | Exam priority |
|---|---|---|---|
| 49 | TCP | TACACS+ Terminal Access Controller Access Control System — AAA for Cisco devices, fully encrypts payload |
High |
| 69 | UDP | TFTP Trivial File Transfer Protocol — simple, no auth, used to push IOS images to network devices |
High |
| 119 | TCP | NNTP Network News Transfer Protocol — Usenet newsgroup transfers |
Know it |
| 179 | TCP | BGP Border Gateway Protocol — inter-AS routing on the internet. The routing protocol of the internet. |
High |
| 427 | TCP/UDP | SLP Service Location Protocol — discovers services on a local network |
Know it |
| 514 | UDP | Syslog System logging protocol — sends log messages to a central syslog server |
High |
| 520 | UDP | RIP Routing Information Protocol — legacy distance-vector routing protocol |
Medium |
| 546 / 547 | UDP | DHCPv6 DHCPv6 client (546) and server (547) — IPv6 address assignment |
Medium |
| 1433 | TCP | MS SQL Server Microsoft SQL Server — default database port |
High |
| 1521 | TCP | Oracle DB Oracle Database listener — default connection port |
Medium |
| 1720 | TCP | H.323 VoIP call setup protocol — used in older video conferencing systems |
Know it |
| 1812 / 1813 | UDP | RADIUS Remote Authentication Dial-In User Service — 1812 = auth, 1813 = accounting. Used for 802.1X and VPN auth. |
High |
| 3306 | TCP | MySQL / MariaDB MySQL and MariaDB database server — most common open-source database port |
High |
| 5060 / 5061 | TCP/UDP | SIP Session Initiation Protocol — VoIP call setup. 5060 = unencrypted, 5061 = TLS encrypted |
High |
| 5432 | TCP | PostgreSQL PostgreSQL database server — common in enterprise and cloud environments |
Medium |
| 5900 | TCP | VNC Virtual Network Computing — graphical remote desktop (cross-platform, no encryption by default) |
High |
| 8080 / 8443 | TCP | HTTP-alt / HTTPS-alt Alternate web server ports — 8080 = HTTP, 8443 = HTTPS. Used for dev, proxies, and web apps. |
High |
| 27017 | TCP | MongoDB MongoDB NoSQL database — default connection port |
Know it |
Security+ Port Numbers
Security+ SY0-701 tests ports from both a defensive and offensive perspective — knowing which ports represent attack surfaces, which are commonly scanned, and which security tools use which ports.
| Port | Protocol | Service | Security relevance |
|---|---|---|---|
| 88 | TCP/UDP | Kerberos Authentication protocol used in Active Directory — Kerberoasting attack targets this port |
High |
| 135 | TCP | RPC / MSRPC Windows Remote Procedure Call — used by many Windows services; common target in lateral movement |
High |
| 443 | TCP | HTTPS / TLS Encrypted web — attackers commonly tunnel C2 traffic over port 443 to blend with normal traffic |
High |
| 445 | TCP | SMB Windows file sharing — exploited by WannaCry (EternalBlue). Block at perimeter firewall; disable if unused. |
High |
| 500 | UDP | IKE / IPsec Internet Key Exchange — used to set up IPsec VPN tunnels |
High |
| 636 | TCP | LDAPS LDAP over TLS — secure directory access. Port 389 (unencrypted) should be disabled in favour of 636. |
High |
| 853 | TCP | DNS over TLS (DoT) Encrypts DNS queries to prevent eavesdropping and DNS spoofing — privacy-focused DNS |
Medium |
| 989 / 990 | TCP | FTPS FTP over TLS — 989 = data, 990 = control. Distinct from SFTP (which runs over SSH port 22). |
Medium |
| 1194 | UDP | OpenVPN OpenVPN default port — commonly used for remote access VPN |
Medium |
| 3389 | TCP | RDP Remote Desktop Protocol — high-value attack target; exposed RDP is a leading ransomware entry point. Change default port or restrict with firewall. |
High |
| 4444 | TCP | Metasploit / Meterpreter Default listener port for Metasploit Framework — seeing outbound connections to 4444 is a strong malware indicator |
High |
| 6881–6889 | TCP/UDP | BitTorrent Peer-to-peer file sharing — often blocked in corporate environments; data loss risk |
Know it |
⚡ Security+ exam tip — FTPS vs SFTP: These are completely different protocols that both do encrypted file transfer. SFTP (Secure FTP) runs over SSH on port 22 and is a subsystem of SSH. FTPS (FTP Secure) runs over TLS on ports 989/990 and is FTP with a TLS wrapper. Exam questions deliberately confuse these — know which uses which port.
Memory Tricks
80
HTTP — Web
The standard, unencrypted web
443
HTTPS — Secure Web
Secure web traffic = think: padlock
22
SSH — Secure Shell
Two 2's = doubly secure
3389
RDP — Remote Desktop
Big number = big screen sharing
53
DNS — Name Lookup
Short number = fast lookup
25
SMTP — Email Sending
25 letters in the alphabet — sends mail
⚡ CompTIA A+ Exam Tip
If a question mentions secure web traffic → think Port 443 (HTTPS).
If a question mentions remote desktop access → think Port 3389 (RDP).
If DNS is failing → Port 53 may be blocked by the firewall.
A+ Exam Scenarios — Port Questions
The A+ exam tests ports through scenario questions. Here are the most common patterns and the answers:
💬 "A user cannot access HTTPS websites but HTTP works fine." → Port 443 is blocked by the firewall
💬 "Which port does Remote Desktop use?" → 3389
💬 "Which protocol uses port 53?" → DNS
💬 "A user's email is not being received. Which port should be checked?" → 25 (SMTP)
💬 "Which port is used for encrypted email retrieval that keeps mail on the server?" → 993 (IMAPS)
💬 "A technician needs to securely transfer files to a Linux server. Which port?" → 22 (SFTP/SSH)
💬 "Which port does DHCP use to communicate with clients?" → 68
💬 "An administrator needs to monitor network devices remotely. Which protocol and port?" → SNMP, port 161
💬 "Which port is used for Windows file sharing?" → 445 (SMB)
💬 "Telnet is a security risk because..." → It transmits data including passwords in plaintext — use SSH (22) instead
Troubleshooting Example
🔧 Real-World Scenario
Scenario: A user can access HTTP websites but not HTTPS websites.
What should you check? Verify that port 443 is not being blocked by a firewall rule. HTTP (port 80) working while HTTPS fails is a classic port-blocking symptom.
Quick Reference — All A+ Ports
20/21FTP
22SSH/SFTP
23Telnet
25SMTP
53DNS
67/68DHCP
80HTTP
110POP3
137-139NetBIOS
143IMAP
161/162SNMP
389LDAP
443HTTPS
445SMB
587SMTP Auth
990FTPS
993IMAPS
995POP3S
3389RDP
📚 Recommended Study Tools
Lock In These Port Numbers
Practice exams and structured review are the fastest way to make these stick.
Related Networking Articles
Preparing for A+, Network+, or Security+?
See the books, practice exams, and free resources that actually work.