Port Checker: From IANA Assignments to Security Hardening#

When troubleshooting server issues, I often need to look up which service runs on which port. Online references are either incomplete or poorly formatted. So I compiled a quick reference for common ports, along with the technical details behind them.

Port Fundamentals#

A port number is a 16-bit unsigned integer, ranging from 0 to 65535. IANA (Internet Assigned Numbers Authority) divides ports into three ranges:

• 0-1023: Well-Known Ports, require root privileges to bind
• 1024-49151: Registered Ports, available for regular applications
• 49152-65535: Dynamic Ports, used for client temporary connections

Common web services are in the well-known range: HTTP on 80, HTTPS on 443, SSH on 22.

TCP vs UDP: Protocol Differences#

The same port number can be used simultaneously by TCP and UDP - they’re independent namespaces. Take DNS port 53:

53/TCP  - DNS zone transfers (master-slave sync)
53/UDP  - DNS queries/responses (daily resolution)

TCP is connection-oriented, establishing a reliable channel via three-way handshake. UDP is connectionless, fire-and-forget, fast but prone to packet loss.

Practical testing:

# TCP connection test
telnet example.com 80

# UDP test (requires nc)
nc -u -v example.com 53

Common Ports Quick Reference#

Web Services#

Databases#

Remote Access#

Port Scanning and Security#

Scanning with Nmap#

# Scan common ports
nmap -F target.com

# Scan specific ports
nmap -p 22,80,443 target.com

# Scan port range
nmap -p 1-1000 target.com

# Identify service versions
nmap -sV target.com

Security Hardening Tips#

Close Unnecessary Ports

# Check listening ports
netstat -tulpn

# Or use ss
ss -tulpn

Firewall Rules

# Ubuntu UFW
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

# CentOS firewalld
firewall-cmd --permanent --add-port=22/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload

Change Default Ports

Many attack scripts scan default ports. Changing them isn’t a complete solution, but avoids most automated scans:

# Change SSH to 2222
vim /etc/ssh/sshd_config
# Port 22 → Port 2222
systemctl restart sshd

Port Conflict Troubleshooting#

During development, ports often get occupied. Here’s how to troubleshoot:

# Linux/Mac
lsof -i :3000
kill -9 <PID>

# Windows
netstat -ano | findstr :3000
taskkill /PID <PID> /F

# View all listening ports
netstat -tulpn | grep LISTEN

Myth: 65535 Connection Limit#

Theoretically, TCP can handle far more than 65535 connections. The key is the four-tuple:

{source IP, source port, destination IP, destination port}

As long as the four-tuple is unique, a new connection can be established. So a server can support far more than 65535 concurrent connections.

Real limitations come from:

• File descriptor limits: ulimit -n
• Memory: Each connection uses several KB
• CPU: Connection management overhead

Optimization methods:

# Increase file descriptor limit
ulimit -n 100000

# Kernel parameter tuning
vim /etc/sysctl.conf
net.core.somaxconn = 4096
net.ipv4.tcp_max_syn_backlog = 4096

Real Case: Slow SSH Connections#

SSH connections hanging at “Connecting…” for a long time might be caused by DNS reverse lookups.

# Edit sshd_config
UseDNS no  # Disable DNS reverse lookup
GSSAPIAuthentication no  # Disable GSSAPI authentication

Restart and connection speed will improve noticeably.

Tool Recommendation#

Based on this knowledge, I built: Port Checker

Features:

• Category-based lookup (Web/Database/Mail/Remote)
• Protocol annotation (TCP/UDP)
• Service descriptions and security recommendations

The database includes 16 most commonly used ports, covering most development scenarios.

Related: IP Subnet Calculator | DNS Lookup