The Ultimate Network Ports Cheat Sheet for Aspiring Security Professionals + Video

Listen to this Post

Featured Image

Introduction:

For cybersecurity professionals, understanding network ports is akin to a mechanic knowing every part of an engine. These digital doorways facilitate communication between devices, but misconfigured or exposed ports are the primary entry vectors for cyber attacks. From ransomware spreading via SMB to credentials being sniffed over Telnet, knowing which ports to secure and how to monitor them is the foundation of network defense and penetration testing.

Learning Objectives:

  • Identify and categorize common network ports based on their associated services and risk levels.
  • Execute command-line instructions to enumerate open ports on Linux and Windows systems.
  • Apply mitigation techniques to secure vulnerable ports against brute-force and sniffing attacks.

You Should Know:

  1. Remote Access Protocols: The Gateways to Your System
    Remote administration ports are the most targeted services on the internet because they offer direct control over a machine.

Port 22 (SSH): The Secure Standard

SSH is the backbone of Linux remote administration. It encrypts all traffic, including passwords and session data.
– How to check for SSH connections on Linux:

sudo netstat -tulpn | grep :22

– How to test SSH security from an external perspective (Kali Linux):

nmap -p 22 --script ssh-brute <target-IP>

This command attempts to brute-force credentials, highlighting the need for strong passwords or key-based authentication.

Port 23 (Telnet): The Insecure Relic

Telnet sends everything in plaintext. Attackers sniffing network traffic can capture login credentials instantly.
– Testing for cleartext credentials (Wireshark filter):

tcp.port == 23

If you capture a Telnet session, the login and password fields are visible in the packet details.

Port 3389 (RDP): The Windows Attack Surface

RDP is frequently targeted by ransomware groups. To audit RDP security on a Windows machine, check the listening status:

netstat -an | findstr :3389

To harden it, enable Network Level Authentication (NLA) via Group Policy or restrict access via Windows Firewall.

  1. Web Services: The Public Face of Your Infrastructure
    Web ports are exposed to the entire internet, making them prime targets for injection attacks and data interception.

Port 80 (HTTP) vs. Port 443 (HTTPS)

While HTTPS encrypts data in transit, HTTP exposes everything.
– Command to capture HTTP traffic on a network interface (Linux):

sudo tcpdump -i eth0 -A -s 0 port 80

The `-A` flag prints the packet data in ASCII, allowing you to see unencrypted web forms and cookies.

Port 8080 (HTTP-Proxy)

Often used as an alternative web port or proxy. Misconfigured open proxies can be abused by attackers to mask their origin.
– Detection command (Nmap):

nmap -p 8080 --script http-open-proxy <target>

3. Email Protocols: The Spam and Phishing Vectors

Email ports are critical for monitoring because they handle sensitive communication and are often abused for spam relays.

Ports 25, 587, 465 (SMTP)

Port 25 is the standard for server-to-server email transfer, but it is often unencrypted.
– Checking for open mail relays (a common misconfiguration):

nc -nv <mail-server-IP> 25
HELO test.com
MAIL FROM: <a href="mailto:attacker@example.com">attacker@example.com</a>
RCPT TO: <a href="mailto:victim@target.com">victim@target.com</a>

If the server accepts the email without authentication, it is an open relay vulnerable to spam abuse.

Ports 110 (POP3) and 143 (IMAP)

These retrieve emails. Like Telnet, they often transmit credentials in plaintext unless secured with SSL/TLS (POP3S/IMAPS on different ports).

4. Infrastructure & Databases: The Crown Jewels

Databases store the most valuable data, and file-sharing protocols are notorious for worm propagation.

Port 445 (SMB): The Ransomware Highway

The EternalBlue exploit (used by WannaCry) targeted SMBv1 on port 445.
– Disabling SMBv1 on Windows (PowerShell as Admin):

Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force

– Scanning for SMB vulnerabilities (Linux):

nmap --script smb-vuln -p 445 <target-IP>

Ports 3306 (MySQL) and 1433 (MSSQL)

Databases should never be exposed to the public internet. A simple scan can reveal them.
– Command to brute-force MySQL credentials (Hydra):

hydra -l root -P /usr/share/wordlists/rockyou.txt <target-IP> mysql

This demonstrates why strong passwords and IP whitelisting are non-negotiable.

5. Network Management: The Blind Spots

Ports like 161/162 (SNMP) are often overlooked but provide a treasure trove of information to attackers.

SNMP Community Strings

Default community strings (public/private) act as passwords. If left unchanged, attackers can dump the entire device configuration.
– Enumerating SNMP information (Linux):

snmpwalk -v 2c -c public <target-IP>

This command can reveal running processes, network interfaces, and user accounts.

What Undercode Say:

  • Encryption is non-negotiable: Protocols like Telnet, FTP, and HTTP expose data in transit. Always enforce encrypted alternatives like SSH, SFTP, and HTTPS, and use tools like Wireshark to audit your own network for cleartext leakage.
  • SMB remains a primary threat: Despite patches, many organizations still run outdated SMB versions. Regularly scanning for port 445 and disabling legacy protocols is as critical today as it was during the WannaCry outbreak.

Prediction:

As more organizations adopt Zero Trust architectures, we will see a shift away from relying on perimeter ports entirely. Internal services will move toward identity-based access and mutual TLS (mTLS), making traditional port-based ACLs less effective. However, misconfigured cloud databases and APIs will replace open SMB ports as the primary data breach vector, forcing security teams to adapt their port auditing skills to cloud-native environments.

▶️ Related Video (88% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Bhagyashreevchavan Google – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky