Selected TCP/IP protocols/ports

Table of Content

For full list of ports/protocols see RFC 1700.

Selected Ports
Decimal Keyword Description  Reference
7 udp/tcp echo Server echoes the data that the client sends  
9 udp/tcp discard Server silently discard whatever data the client sends  
13 udp/tcp daytime Server returns the time and date  
19 udp chargen Server responds with string of ASCII chars  
19 tcp chargen Server sends stream until conn. terminated by client  
20 tcp ftp-data File Transfer (FTP), data  
21 tcp ftp File Transfer (FTP), connection dialog  
22 tcp ssh SSH  
23 tcp telnet Telnet 854
25 tcp smtp Simple Mail Transfer (SMTP)  
37 udp/tcp time Server returns the time as a 32-bit bin number  
42   MS WINS database replication.  
43 tcp whois WhoIs  
53 udp/tcp domain Domain Name Server (DNS)  
69 udp tftp Trivial File Transfer (TFTP)  
80 tcp www World Wide Web HTTP  
88 udp/tcp kerberos-sec Kerberos  
98 tcp   linuxconf exploit  
102   X.400 MTA for MS Exchange 1006?
109 tcp pop2 Post Office Protocol v2 (POP2)  
110 tcp pop3 Post Office Protocol v3 (POP3)  
111 tcp sunrpc Sun RPC  
119 tcp nntp Network News Transfer Protocol (NNTP)  
123 udp ntp Network Time Protocol (NTP) 1305 or 1769
137 udp netbios-ns NetBIOS name service  
138 udp netbios-dgm NetBIOS datagram service. This is primarily used for broadcasting information.  
139 tcp netbios-ssn    
143 tcp imap2 Interim Mail Access Protocol (IMAP) v2  
161 udp snmp Simple Network Management Protocol  
389 tcp/udp ldap Lightweight Directory Access Protocol  
443 tcp   SSL for HTTPS  
445 tcp/udp epmap Used by W2k to 'discover' a AD server (microsoft-ds)  
464 tcp/udp kpasswd5 Kerberos (W2k)  
500 udp isakmp ISAKMP (W2k)  
513 udp who Who  
514 udp syslog Syslog  
515 tcp printer Printer  
563   NNTP over SSL (MS Exchange)  
593 tcp   DCOM over http (http-rpc-epmap) - W2k  
636 tcp   ldap over TLS/SSL (was sldap) - MS W2k, Exchange  
666 tcp doom Doom  
993   IMAP4 over SSL - MS Exchange  
995   POP3 over SSL (MS Exchange)  
749-751 tcp    Kerberos  
1080 SOCKS SOCKS or WinGate 1928,1929
1243 tcp   SubSeven Trojan  
1352 tcp   Lotus Notes connection  
1433 tcp/udp ms-sql-s Microsoft-SQL-Server  
1494 tcp   Citrix ICA client  
1503 tcp   T.120 teleconferencing protocol (MS NetMeeting)  
1645 udp   RADIUS server communication ??  
1646 udp   RADIUS accounting ??  
1717   Convoy Cluster Server ?  
1720 tcp   H.323 call setup (MS NetMeeting)  
1723 tcp & 0 gre   Microsoft PPTP  
1731 tcp   Audio call control (MS NetMeeting)  
1999 tcp   Cisco ID port  
2049 udp nfs NFS  
2140 tcp/udp   DeepThroat Trojan  
2345 tcp ovalarmsrv HP Open View Alarm Server daemon  
2389 tcp ovsessionmgr HP Open View Web Session Manager  
2504   WLBS Cluster Server ?  
2532 tcp ovtopmd HP Open View IP Topology Daemon  
3150 tcp/udp   DeepThroat Trojan  
3389 tcp   RDP client (MS Terminal Server-W2k)  
3456 udp vat ?? W2k related  
5631 tcp & 5632 udp   pcANYWHERE connection  
6667 & 7000 tcp   Internet Relay Chat (IRC) Server  
6670 tcp   DeepThroat Trojan  
7777 tcp ovuispmd HP OpenView UI Services Daemon  
12345-12346 tcp NetBus NetBus (trojan)   
27444 trinoo Trinoo - DoS attack tool  
31335 trinoo Trinoo - DoS attack tool  
31337 udp backorifice Back Orifice (trojan) default port  

MS NetMeeting

Port Function
389tcp Internet Locator Service (ILS) - LDAP
522tcp User Location Service
1503tcp T.120
1720tcp H.323 call setup
1731tcp Audio call control
Dynamic H.323 call control
Dynamic H.323 streaming (Real-Time Transfer Protocol (RTP) over UDP)

Protocols

Decimal Keyword Protocol   Decimal Keyword Protocol
1 ICMP Internet Control Message   4 IP IP in IP (encapsulation)
6 TCP Transmission Control   17 UDP User Datagram
47 GRE General Routing Encapsulation     BGP  

ICMP Protocol

See RFC-792, "Internet Control Message Protocol"; Appendix I of RFC-950, "Internet Standard Subnetting Procedure"; and RFC-1256, "ICMP Router Discovery Messages."

Type Code Meaning
0 Echo Reply message
3   Destination Unreachable Message
3 0 net unreachable
3 1 host unreachable 
3 2 protocol unreachable 
3 3 port unreachable 
3 4 fragmentation needed and DF set
3 5 source route failed 
4 0 Source Quench Message 
5   Redirect Message 
5 0 Redirect datagrams for the Network 
5 1 Redirect datagrams for the Host 
5 2 Redirect datagrams for the Type of Service and Network 
5 3 Redirect datagrams for the Type of Service and Host
6 Alternate-address
8 0 Echo message
9 Router-advertisement (?IRDP)
10 Router-solicitation (?IRDP)
11 Time Exceeded Message
11 0 time to live exceeded in transit
11 1 fragment reassembly time exceeded
12 0 Parameter Problem Message
13 0 Timestamp message
14 0 Timestamp reply message 
15 0 Information request message
16 Information reply message
17 Mask-request
18 Mask-reply
31 conversion-error
32 mobile-redirect

Configuration Tips

1 To allow Route Trace function (tracert) through the PIX firewall implement the following command:
  conduit permit icmp any any time-exceeded

Microsoft Exchange Builds

Build Exchange Version
5.5.2650 Exchange 5.5 SP3
5.5.2448 Exchange 5.5 SP2
5.5.2232 Exchange 5.5 SP1
5.5.1960 Exchange 5.5
5.0.1458 Exchange 5.0 SP1
5.0.1457 Exchange 5.0
4.0.995 Exchange 4.0 SP4
4.0.994 Exchange 4.0 SP3
4.0.993 Exchange 4.0 SP2
4.0.838 Exchange 4.0 SP1
4.0.837 Exchange 4.0

Last Modified: