Nowadays networking is one of the most important parts of the IT business.
Either way, if you have/want to block ports with a firewall/masquarading/tunneling,
want to check for runnings daemons(/services) or something else, you may want
a more comprehensive overview about these with some hints and remarks about the
essential ports largely used, together with a statement, which protocol (TCP/IP or
UDP) is used exclusively or mainly, than official RFC documents or modern
/etc/services files on UNIX systems offer. Therefore I hope to provide you
with some useful informations below.
Some general hints for the less experienced in these topics: the port numbers
below 1024 are privileged ones, what means, that a server process (UNIX daemon)
can be run only by the root user on it. A bunch of services is managed by
the portmapper (rpc service) and the inetd, which launches other special
daemons listed below, when requested on the corresponding port. And finally,
you can easily discriminate between TCP/IP and UDP with the telnet client:
typing
telnet IPaddress (or hostname, if resolvable) port-number
gives you usually a connect response, when there is a service available via
TCP/IP, while not when it runs via UDP/IP, and this is also a possibility, to
check for certain ports and therefore services on the given host.| port / protocol | service name | common UNIX daemon(s) | additional remarks |
| 20/tcp and 21/tcp | ftp (file transfer protocol) data and login control | in.ftpd,wu.ftpd,proftpd; launched by inetd | obsolete:insecure, because unencrypted and difficult to harden service, please use sshd and scp or sftp instead (see below) |
| 22/tcp | ssh (Secure SHell) | sshd | secure, because fully encrypted remote login (ssh) and copy (scp and sftp) service, please use exclusively this full substitute instead of the obsolete ftp, telnet, rlogin, rsh, rcp and so on! |
| 23/tcp | telnet (remote login) | in.telnetd, launched by inetd | obsolete: unencrypted login, use sshd and ssh instead, see above |
| 25/tcp | smtp (simple mail transfer protocol) | sendmail, postfix, qmail, etc. | standard mail protocol since 30 years, only way to communicate world wide with messages without http measures, for your privacy you need to encrypt mails preferably with the free PGP (pretty good privacy) |
| 53/udp and 53/tcp | DNS (domain name system) | bind (Berkeley Internet Name Domain) | the name service of the Internet, used by http, smtp and all others to resolve symbolic names into the IP layer addresses, name resolution is done via udp, zone transfers between several name servers via tcp |
| 80/tcp | http (Hyper Text Transfer Protocol) = www (World Wide Web) | httpd (= apache, A PAtCHy [web] sErver) | the Internet/web service, unencrypted port (see below, 443, for encrypted counterpart) for standard data transfer from web servers to user agents (browsers, robots, download tools) |
| 88/tcp | kerberos | krshd | high security special purpose protocol with ticket system and so on |
| 110/tcp | pop3 (Post Office Protocol version 3) | popper, launched by inetd | post retrieval service of storing mail servers with encryption possibilities |
| 111/udp | (sun)rpc (remote procedure call) | rpc.statd, rpc.rusersd,rpc.walld | insecure remote calls of special information services |
| 119/tcp | nntp (Network News Transfer Protocol) | leafnode | the internet news server query service |
| 123/udp | ntp (Network Time Protocol) | (x)ntpd | modern world wide time service for synchronisation with nuclear clock driven time standard |
| 137/udp | netbios-ns (NETBIOS Name Service) | nmbd | special name service for a still too widespread proprietary OS and its SMB (Server Message Block) system, needed in union with the following service |
| 139/tcp | netbios-ssn (NETBIOS Session Service Network) | smbd (Samba daemon) | special session service for that proprietary OS and its SMB (Server Message Block) system, works together with immediately above service |
| 143/tcp | imap2 (Internet Message Access Protocol version 2) | imapd (Interactive Mail Access Protocol Daemon), launched by inetd | rather insecure and therefore only locally suitable mail retrieval service, for non-local purposes prefer pop3 (see above) |
| 161/tcp | snmp (Simple Network Management Protocol) | snmpd | base of communication between very different technical units (not only computers), they have to share the network capability and these protocol rules only: CAUTION: very insecure (no limiting of allowed requesting IP addresses possible) |
| 194/tcp | irc (Internet Relay Chat) | ircd | the Internet chat service |
| 220/tcp | imap3 (Interactive Mail Access Protocol version 3) | imapd | modern mail retrieval service, successor of imap2 (see above), but still pop3 may the better alternative (see above too) |
| 389/tcp | ldap (Lightweight Directory Access Protocol) | ldapd | network distributed, domain organized directory service, connection part, see also immediately below |
| 389/udp | ldap (Lightweight Directory Access Protocol) | slapd (Standalone Lightweight Access Protocol Daemon | network distributed, domain organized directory service, listener/contoller part, see also immediately above |
| 443/tcp | https (HyperText Transfer Protocol Secure) | httpd (= apache) | encrypted (via TLS/SSL) counterpart to above http/80 entry, the only acceptable way, to do online credit card transactions |
| 514/udp | system log listener | syslogd | always active to log other hosts informations, because otherwise the daemon won't start |
| 515/tcp | print spooler | lpd (Line Printer Daemon) | network printer queue |
| 554/tcp | rtsp (Real Time Stream Protocol) | rsvpd (Resource reSerVations Protocol Daemon) | used by Real Media for video and audio streaming |
| 631/tcp | ipp (Internet Printing Protocol) | cupsd --- CUPS (Common Unix Printing System) Daemon | unencrypted port for (local) printer access via browser and CUPS client |
| 744/udp | flexlm (FLEXible License Manager) | lmgrd (License ManaGeR Daemon) | network bound license evaluation system |
| 901/tcp | swat (Samba Web Administration Tool) | swat, launched by inetd | browser/web bound Samba administration (see above, 137/nmbd and 139/smbd), use with care: it's not encrypted without additional measures |
| 993/tcp | imaps (Interactive Mail Access Protocol Secure version 4) | imapd, launched by inetd | TLS/SSL encrypted mail retrieval system (see also imap above) |
| 994/tcp | ircs (Internet Relay Chat Secure) | ircd | the Internet chat system TLS/SSL encrypted, see also irc above |
| 995/tcp | pop3s (Post Office Protocol Secure version 3) | popper, launched by inetd | TLS/SSL encrypted mail retrieval system (see also pop3 above) |
| 2049/tcp | NFS (Network File System by Sun) | nfsd, rpc.nfsd, needs (sun)rpc and portmap too | network sharing of filesystems, only suitable for local networks |
| 2049/udp | NFS (Network File System by Sun) | rpc.mountd needs (sun)rpc and portmap too | network sharing of filesystems, only suitable for local networks |
| 2401/tcp | cvspserver (Concurrent Version System Password server) | cvs, launched by inetd (alternatively by sshd, see above) | RCS (revision control system) based network version control, suitable even for Internet cooperation, but than usage via ssh (see above) is recommended, because this pserver protocol does only a not really secure scrambling of passwords (only suitable for anonymous checkout otherwise) |
| 6000/tcp (--6063/tcp) | x11 | X (X window system server) | standard GUI base server of the X/Open Group, the ports above 6000 up to 6063 are addressed via display (variable: upper case) setting to 1, 2 and so on, instead of 0, for the ports 6001, 6002 and so on instead of 6000 (display number part 1 = port offset) |
| 8080/tcp | http-alt (alternative http) | httpd (= apache) | see http above: usually privately=non-public used http port |
Thanks...
No comments:
Post a Comment