20 Common Ports You MUST Know in Cybersecurity!

Understanding common ports is essential for securing and troubleshooting networks. Whether you’re in IT, cybersecurity, or preparing for certifications like CompTIA, CEH, or CCNA, these ports are fundamental.

Top 20 TCP/UDP Ports in Cybersecurity

1. FTP (TCP 21) – File Transfer Protocol (unencrypted).
2. SSH (TCP 22) – Secure Shell for encrypted remote access.
3. Telnet (TCP 23) – Unencrypted remote login (insecure).
4. SMTP (TCP 25) – Simple Mail Transfer Protocol for email.
5. DNS (TCP/UDP 53) – Domain Name System for IP resolution.
6. DHCP (UDP 67/68) – Dynamic Host Configuration Protocol.
7. TFTP (UDP 69) – Trivial FTP for lightweight file transfers.

8. HTTP (TCP 80) – Unencrypted web traffic.

1. POP3 (TCP 110) – Post Office Protocol for email retrieval.
2. NTP (UDP 123) – Network Time Protocol for clock synchronization.
3. IMAP (TCP 143) – Internet Message Access Protocol for email.
4. SNMP (UDP 161/162) – Simple Network Management Protocol.
5. LDAP (TCP 389) – Lightweight Directory Access Protocol.

14. HTTPS (TCP 443) – Encrypted web traffic.

1. SMB (TCP 445) – Server Message Block for file sharing.

16. Syslog (UDP 514) – System logging protocol.

17. MySQL (TCP 3306) – Database communication.

1. RDP (TCP 3389) – Remote Desktop Protocol for Windows.
2. VNC (TCP 5900) – Virtual Network Computing for remote control.
3. IRC (TCP 6667) – Internet Relay Chat (rarely used today).

You Should Know:

1. Checking Open Ports with Linux (Netstat & Nmap)

   </li>
   </ol>
   
   <h1>List active connections (Linux/Windows)</h1>
   
   netstat -tuln
   
   <h1>Scan for open ports using Nmap</h1>
   
   nmap -sS -p 1-1000 target_IP 
   

   #### **2. Securing SSH (Port 22)**

   Disable root login and change the default port:

   sudo nano /etc/ssh/sshd_config 
   

   Add:

   PermitRootLogin no 
   Port 2222 # Change default SSH port 
   

   Restart SSH:

   sudo systemctl restart sshd 
   

   #### **3. Blocking Unnecessary Ports with Firewall (UFW)**

   sudo ufw deny 21/tcp # Block FTP 
   sudo ufw deny 23/tcp # Block Telnet 
   sudo ufw enable 
   

   #### **4. Monitoring Suspicious Traffic (TCPDump)**

   sudo tcpdump -i eth0 port 80 or port 443 -w traffic.pcap 
   

   #### **5. Testing HTTP/HTTPS (Curl & OpenSSL)**

   curl -I http://example.com 
   openssl s_client -connect example.com:443 
   

   ### **What Undercode Say:**

   Mastering these ports is crucial for network security. Always:
   – Audit open ports regularly (netstat, nmap).
   – Harden services (SSH, RDP, FTP).
   – Use firewalls (UFW, iptables) to block unwanted traffic.
   – Monitor logs (journalctl -u sshd, tcpdump).

   For penetration testers, knowing these ports helps in enumeration and exploitation. For defenders, it’s about locking down vulnerabilities.

   ### **Expected Output:**

   A well-secured network with only necessary ports open, logged traffic for analysis, and hardened services against attacks.

   **Further Reading:**

   • Nmap Official Guide
   • SSH Hardening Best Practices

   References:

   Reported By: Oche King – Hackers Feeds
   Extra Hub: Undercode MoN
   Basic Verification: Pass ✅

   Join Our Cyber World:

   💬 Whatsapp | 💬 Telegram