Common port and its brief description
By: Free Pentium (WGSCD) collection
Reprint, please indicate the source and the author
0 is usually used to analyze the operating system. This method can work because "0" in some systems is invalid port, which will produce different results when you try to use a usual closing port to connect it. A typical scan: Use the IP address of 0.0.0.0 to set the ACK bit and broadcast in Ethernet layer.
1. TCPMUX This shows that someone is looking for SGI IRIX machines. IRIX is the main provider of TCPMUX, which is opened in this system by default. IRIS machines are published in the release of several default unconsored accounts such as LP, Guest, UUCP, NUUCP, DEMOS, TUTOR, DIAG, EZSETUP, OUTOFBOX, and 4DGIFTS. Many administrators have forgotten to delete these accounts. Therefore, Hacker searches for TCPMUX on the Internet and uses these accounts.
7 Echo You can see how many people search for the Fraggle amplifier, sent to XX.x.0 and X.x.x.255. Common DOS Attacks are echo-loops, and an attacker is forged from a UDP packet from one machine to another, and the two machines respond to these packets in their fastest way. Another thing is a TCP connection established by DoubleClick in the word port. There is a product called "Resonate Global Dispatch", which is connected to this port of DNS to determine the nearest route. Harvest / Squid Cache will send UDP Echo from the 3130 port: "If you open the cache's Source_Ping ON option, it will respond to a hit reply on the UDP ECHO port of the original host." This will generate a lot of such packets.
11 SysStat This is a UNIX service that lists all the running processes on the machine and what is started. This provides many information for intruders and threats to the machine, such as exposing programs known to certain weaknesses or accounts. This is similar to the results of the "PS" command in the UNIX system. Again: ICMP has no port, ICMP Port 11 is usually ICMP Type = 11.
19 Chargen This is a service that only sends characters. The UDP version will respond to the package containing the spam after receiving the UDP package. When the TCP connection is connected, the data stream containing the spam will be sent to the connection to close. Hacker uses IP spoof to launch a DOS attack. Forged two UDP packages between two Chargen servers. Since the server attempts to respond to unlimited round-trip data communication between the two servers A Chargen and Echo will cause the server to overload. The same Fraggle DOS attack is broadcast to this port of the target address with a packet with counterfeit victim IP, and the victim is overloaded in order to respond to this data.
The most common attacker of FTP is used to find the method of opening "anonymous" FTP server. These servers have a readable and writable directory. Hackers or Crackers uses these servers as a node that transmits Warez (private programs) and PR0n (intentional tangle words).
22 SSH PCANYWHERE Establish TCP and this connection can be used to find SSH. This service has many weaknesses. If configured as specific modes, many have many vulnerabilities using the RSAREF library. (It is recommended to run SSH in other ports). It should also be noted that the SSH toolkit has a program called make-ssh-known-hosts. It scans the SSH host of the entire domain. You sometimes be used in unintentional scanning. UDP (rather than TCP) is connected to the 5632 port of the other means that there is a scanning of PCANywhere. 5632 (Hexadecimal 0x1600) After the interchange is 0x0016 (22).
TeLNet invaders are searching for remote login UNIX services. In most cases, the invaders scan this port is to find the operating system that is running. In addition, use other technologies, invaders will find a password. (Spammer) Finding the SMTP server is to deliver their spam. The invader's account is always turned off, and they need to dial to connect to the high-bandwidth E-mail server to pass simple information to different addresses. SMTP servers (especially Sendmail) are one of the most common methods of entering the system, as they must be completely exposed to the Internet and the route of mail is complex (exposed complex = weaknesses).
53 DNS HACKER or CRACKERS may be trying to perform regional delivery (TCP), deceive DNS (UDP) or hidden other communications. Therefore, the firewall often filters or records 53 ports. It should be noted that you often see the 53 port as the UDP source port. Unstable firewalls typically allow this communication and assume that this is a reply to DNS queries. Hacker often uses this method to penetrate the firewall.
67 & 68 Bootp and Bootp / DHCP on DHCP UDP: The firewall that is often sent to the broadcast address 255.255.255.255 via DSL and Cable-Modem often see data from the broadcast address 255.255.255.255. These machines request an address assignment to the DHCP server. Hacker often enters them allocated an address to initiate a large number of "man-in-middle) attacks as partial routers. The client is configured to the 68-port (Bootps) broadcast request, and the server responds to the 67-port (Bootpc) broadcast. This response uses broadcast because the client still does not know the IP address that can be sent.
69 TFTP (UDP) Many servers provide this service with BOOTP to facilitate downloading startup code from the system. But they often configure any files from the system, such as password files. They can also be used to write files to the system.
79 Finger Hacker is used to obtain user information, query the operating system, and detect known buffer overflow errors, responding to the machine to other machine finger scans.
80 Web site default 80 is the service port, using TCP or UDP protocol.
98 LinuxConf This program provides simple management of Linux Boxen. Provide a web-based service in the 98 port by integrated HTTP servers. It has found many security issues. Some versions setuid root, trust local area network, build Internet accessible files, and the LANG environment variable has buffer overflow. Also because it contains integrated servers, many typical HTTP vulnerabilities may exist (buffer overflow, over the directory, etc.)
109 POP2 is not called POP3, but many servers provide two services (backward compatibility). The vulnerability of POP3 on the same server exists in POP2.
110 POP3 is used for the client access to the server side mail service. POP3 services have many recognized weaknesses. There are at least 20 weaknesses overflow over the username and password switching buffer (this means that Hacker can enter the system before logging in). There are other buffers overflow errors after successfully logging in.
111 SunRPC Portmap RpcBind Sun RPC Portmapper / Rpcbind. Access Portmapper is the first step for the scanning system to view which RPC services allowed. Common RPC services include: rpc.mountd, nfs, rpc.statd, rpc.csmd, rpc.ttybd, AMD, etc. The invader found that the allowed RPC service will turn to the specific port test vulnerability of the service. Remember to record Daemon, IDS, or Sniffer in the line, and you can find what program access to the invader is to find what happened. 113 Ident Auth This is a multi-machine running protocol for identifying TCP connections. This service using standard can obtain information of many machines (will be utilized by Hacker). But it can serve as many services, especially those such as FTP, POP, IMAP, SMTP, and IRC. Usually if you have many customers access these services through the firewall, you will see the connection requests for this port. Remember, if you block this port client feels slow connection with the E-mail server on the other side of the firewall. Many firewalls support back RST during the blocking of TCP connections, and will stop this slow connection back.
119 NNTP News News Group Transmission Protocol to carry USENET communication. When you link to such as:
News: //comp.security.firewalls/. This port is usually used. The connection at this port is usually looking for a USENET server. Most ISP limits only their customers can access their newsgroup servers. Open the newsgroup server will allow / read anyone's post, access the restricted newsgroup server, post anonymous to post or send a spam.
135 OC-SERV MS RPC End-Point Mapper Microsoft runs DCE RPC End-Point Mapper for this port for its DCOM service. This is similar to the functionality of UNIX 111 ports. Use DCOM and / or RPC services to register their location using end-point mapper on your machine. When remote customers are connected to the machine, they queries end-point mapper to find the location of the service. The same HACKER scanning machine is to find Exchange Server on this machine? What version is it? This port can also be used for direct attacks in addition to query services (such as using EPDUMP). There are some DOS attacks directly for this port.
137 Netbios Name Service NBTSTAT (UDP) This is the most common information of the firewall administrator.
139 NetBIOS File and Print Sharing Attempts to get NetBIOS / SMB services via this port. This protocol is used for Windows file and printer sharing and Samba. Sharing your own hard drive on the Internet is the most common problem. A large number of ports were started at 1999, and later became less. In 2000, there was a rebound. Some VBS (IE5 VisualBasic scripting) starts copying themselves to this port and trying to breed this port.
143 IMAP and the security of POP3 above, many IMAP servers have buffer overflow vulnerabilities running in the login process. Remember: A Linux worm (ADMW0RM) will reproduce this port, so many of this port scans from uninformed users who are infected. These vulnerabilities become popular when Radhat allows IMAP by default in their Linux release versions. This is also a widely spread worm after Morris worm. This port is also used in IMAP2, but it is not popular. Some reports have found that some 0 to 143 ports have stem from script.
161 SNMP (UDP) invaders often detect ports. SNMP allows remote management devices. All configurations and running information are stored in the database and are available through SNMP guests. Many administrator error configurations are exposed to the Internet. Crackers will try to use the default password "public" "private" access system. They may test all possible combinations. The SNMP package may be incorrect to point to your network. The Windows machine often uses SNMP for the HP JetDirect Remote Management software because the error configuration. HP Object Identifier will receive an SNMP package. The new version of Win98 uses SNMP to resolve domain names, you will see this package in subnet broadcast (Cable Modem, DSL) query sysname and other information. 162 SNMP TRAP may be due to error configuration
177 XDMCP Many Hacker access to the X-Windows console, which needs to open the 6000 port at the same time.
513 RWHO may be broadcast from UNIX machines from the subnet using Cable Modem or DSL. These people provide very interesting information for Hacker into their system.
553 CORBA IIOP (UDP) If you use Cable Modem or DSL VLAN, you will see the broadcast of this port. CORBA is an object-oriented RPC (Remote Procedure Call) system. Hacker will use this information to enter the system.
600 PCServer Backdoor Please see the 1524 port.
Some children who play Script think they have completely broken the system through the modification of the Ingreslock and the PCServer file - Alan J. Rosenthal.
635 mountd Linux's MountD bug. This is a popular bug that people scan. Most of this port scan is UDP based, but TCP-based mountD has increased (MountD runs on two ports). Remember, MountD can run in any port (which port is in the end, you need to do a portmap query at the port 111), just Linux defaults to 635 port, just like NFS usually runs on the 2049 port.
1024 Many people ask what this port is dry. It is the beginning of a dynamic port. Many programs do not care which port connection network, they request operating systems to assign them "next idle port". Based on this allocation starts from port 1024. This means that the first program that requests the dynamic port to the system will be assigned port 1024. To verify this, you can restart the machine, open Telnet, open a window to run "natstat -a", you will see Telnet assigned 1024 port. The more programs requested, the more dynamic ports. The port assigned by the operating system will gradually become large. Come again, when you browse the web page, use "NetStat" to view, each web page requires a new port.
1025, 1026 See 1024
1080 SOCKS This protocol passes through the firewall by pipeline, allowing many people behind the firewall to access the Internet through an IP address. In theory it should only allow the internal communication to reach the Internet. However, due to the wrong configuration, it allows the HACKER / CRACKER to pass an attack outside the firewall through the firewall. Or simply respond to a computer located on the Internet, enabling them to attack your direct attack. Wingate is a common Windows personal firewall that often occurs the above error configuration. This will often see this when joining the IRC chat room.
1114 SQL system itself rarely scans this port, but is often part of the SSCAN script.
1243 SUB-7 Trojans (TCP)
1124 Ingreslock back door Many attack scripts will install a backdoor shell at this port (especially those for Sendmail and RPC service vulnerabilities in the Sun system, such as Statd, TTDBServer, and CMSD). If you just installed your firewall, you see the connection at this port, which is probably the above reasons. You can try Telnet to this port on your machine to see if it will give you a shell. This issue is also available to 600 / PCServer. The2049 NFS NFS program is often running on this port. It usually needs to access portmapper query which port is running, but most of the case is installed after installation, and Hacker / Cracker can pass the portmapper directly to test this port.
3128 Squid This is the default port of the Squid HTTP proxy server. The attacker scans this port is to search for an anonymous access to the Internet. You will also see the ports of other proxy servers: 8000/8001/8080/8888. Another reason for scan this port is that users are entering the chat room. Other users (or server itself) also verify this port to determine if the user's machine supports the agent.
5632 Pcanywere you will see a lot of this port, depending on your location. When the user opens PCAnyWere, it automatically scans the local area network C-class network to find the possible agent (the translator: refers to Agent instead of proxy). Hacker / Cracker will also find a machine that open this service, so you should check the source address of this scan. Some scanning of PCANYWERE often contains the UDP packet of port 22.
6776 SUB-7 Artifact This port is a port for transmitting data from the Sub-7 main port. For example, when the controller controls another machine through the telephone line, you will see this when the controlled machine is hung up. Therefore, when another person is dial in this IP, they will see continuous, attempting at this port. (Translator: That is to see the connection attempt of the firewall report, do not mean that you have been controlled by SUB-7.)
6970 Reaudio ReaSuDio receives audio data streams from the UDP port of the server's 6970-7170. This is set by the TCP7070 port externally control connection.
13223 Powwow Powwow is a Tribal Voice chat program. It allows users to open private chats at this port. This process is very "offensive" for establishing a connection. It will "station" waiting for response in this TCP port. This causes a connection attempt to a heartbeat interval. If you are a dial user, "inherit" from another chat, this is what the IP address is: It seems that many different people are testing this port. This protocol uses "OPNG" as the first four bytes of its connection attempt.
11027 Conducent This is an outgoing connection. This is because someone has a shared software with Conducent "ADBOT" inside the company. Conducent "Adbot" is an advertising service for shared software. A popular software using this service is pkware. Some people test: Blocking this external connection does not have any problems, but the IP address itself will cause the ADBOTS to try to connect multiple times in each second:
The machine will continue to analyze DNS name -ads.conducent.com, ie IP address 216.33.210.40; 216.33.199.77; 216.33.199.80; 216.33.199.81; 216.33.210.41. (Translator: I don't know if Netants used in Radiate also has this phenomenon)
27374 SUB-7 Trojan (TCP)
30100 NetSphere Trojan (TCP) usually this port scan is to find NetSphere Trojans. 31337 Back Orification "Elite" HACKER 31337 Read "Elite" / Ei'li: T / (Translator: French, translated as backbone, essence. That is, 3 = E, 1 = L, 7 = T). So many rear door programs are running on this port. The most famous is Back Orific. This is the most common scan on the Internet for a while. Now it's getting less and less, other Trojans are increasingly popular.
31789 HACK-A-TACK This port UDP communication is usually due to the "HACK-A-TACK" remote access to Trojan (RAT, Remote Access Trojan). This Trojan includes a built-in 31790 port scanner, so any 31789 port to 317890 port means that this invasion is already. (31789 port is control connection, 317890 port is file transfer connection)
32770 ~ 32900 RPC Services Sun Solaris RPC service is within this range. Detailed: Early versions of Solaris (2.5.1) placed portmapper in this range even if the low port was closed by the firewall, still allowed Hacker / Cracker to access this port. Scanning this range is not to find portmapper, just to find known RPC services that can be attacked.
33434 ~ 33600 Traceroute If you see the UDP packet within this port (and within this range), it may be due to TraceRoute. See the relevant part of this site
Port Encyclopedia (english) 0 = Reserved1 = tcpmux2 = compressnet3 = compressnet4 = Unassigned5 = Remote Job Entr6 = Unassigned7 = Echo8 = Unassigned9 = Discard10 = Unassigned11 = Active Users12 = Unassigned13 = Daytime14 = Unassigned15 = Unassigned16 = Unassigned17 = Quote of the Day18 = Message Send Protocol19 = Character Generator20 = FTP (Data) 21 = FTP (Control) 22 = Unassigned23 = Telnet24 = Private mail-system25 = SMTP26 = Unassigned27 = NSW User System FE28 = Unassigned29 = MSG ICP30 = Unassigned31 = MSG Authentication32 = Unassigned33 = Display Support Protocol34 = Unassigned35 = Private printer server36 = Unassigned37 = Time38 = Route Access Protocol39 = Resource Location Protocol40 = Unassigned41 = Graphics42 = Host Name Server43 = Who Is44 = MPM FLAGS Protocol45 = Message Processing Module (recv) 46 = mpm-snd, MPM (default send) 47 = ni-ftp48 = Digital Audit Daemon49 = login, Login Host Protocol50 = re-mail-ck, Remote mail Checking Protocol51 = IMP Logical Address Maintenance52 = xns-time, XNS Time Protocol53 = domain, Domain Name Server54 = xns- CH, xns clearinghouse55 = ISI graphics language56 = xns aut hentication57 = Private terminal access58 = XNS Mail59 = Private file service60 = Unassigned61 = NI MAIL62 = ACA Services63 = Unassigned64 = Communications Integrator (CI) 65 = TACACS-Database Service66 = Oracle SQL * NET67 = Bootstrap Protocol Server68 = Bootstrap Protocol Client69 = Trivial File TRANSFER70 = Gophergopher71 = Remote Job Service72 = Remote Job Service73 = Remote Job Service74 = Remote Job Service75 = Any Private Dial Out Service76 =
Distributed External Object Store77 = any private RJE service78 = vettcpvettcp79 = Finger server80 = HTTP81 = HOSTS2 Name Server82 = XFER Utility83 = MIT ML Device84 = Common Trace Facility85 = MIT ML Device86 = Micro Focus Cobol87 = Private terminal link88 = Kerberos89 = SU / MIT Telnet Gateway90 = DNSIX Securit Attribute Token Map91 = MIT Dover Spooler92 = Network Printing Protocol93 = Device Control Protocol94 = Tivoli Object Dispatcher95 = SUPDUPsupdup96 = DIXIE Protocol Specification97 = Swift Remote Vitural File Protocol98 = TAC Newstacnews99 = metagram Relay100 = newacct [unauthorized use] 101 = NIC Host Name Server102 = ISO-TSAP103 = Genesis Point-to-Point Trans Net104 = ACR-NEMA Digital Imag. & Comm. 300105 = Mailbox Name Nameserver106 = 3COM-TSMUX3com-tsmux107 = Remote Telnet Service108 = SNA Gateway Access Server109 = Post Office Protocol - Version 2110 = Post Office Protocol - Version 3111 = SUN RPC112 = McIDAS Data Transmission Protocol113 = Authentication Service114 = Audio News Multicast115 = Simple File Transfer Protocol116 = ANSA REX Notify117 = UUCP P ath Service118 = SQL Servicessqlserv119 = Network News Transfer Protocol120 = CFDPTKTcfdptkt121 = Encore Expedited Remote Pro.Call122 = SMAKYNETsmakynet123 = Network Time Protocol124 = ANSA REX Trader125 = Locus PC-Interface Net Map Ser126 = Unisys Unitary Login127 = Locus PC-Interface Conn Server128 = GSS X License Verification129 = Password Generator Protocol130 = cisco FNATIVE131 = cisco TNATIVE132 = cisco SYSMAINT133 = Statistics Service134 = INGRES-NET Service135 = Location Service136 = PROFILE Naming System137 =
NETBIOS Name Service138 = NETBIOS Datagram Service139 = NETBIOS Session Service140 = EMFIS Data Service141 = EMFIS Control Service142 = Britton-Lee IDM143 = Interim Mail Access Protocol v2144 = NewSnews145 = UAAC Protocoluaac146 = ISO-IP0iso-tp0147 = ISO-IPiso-ip148 = CRONUS- SUPPORT149 = AED 512 Emulation Service150 = SQL-NETsql-net151 = HEMShems152 = Background File Transfer Program153 = SGMPsgmp154 = NETSCnetsc-prod155 = NETSCnetsc-dev156 = SQL Service157 = KNET / VM Command / Message Protocol158 = PCMail Serverpcmail-srv159 = NSS-Routingnss- routing160 = SGMP-TRAPSsgmp-traps161 = SNMP162 = SNMP TRAP163 = CMIP / TCP Manager164 = CMIP / TCP Agent165 = Xeroxxns-courier166 = Sirius Systems167 = NAMPnamp168 = RSVDrsvd169 = Send170 = Network Postscript170 = Network Postscript171 = Network Innovations Multiplex172 = Network Innovations CL / 1173 = Xyplexxyplex-mux174 = MAILQ175 = VMNET176 = GENRAD-MUXgenrad-mux177 = X Display Manager Control Protocol178 = NextStep Window Server179 = Border Gateway Protocol180 = Intergraphris181 = Unifyunify182 = Unisys Audit SITP183 = OCBinderocbinder184 = OCSe rverocserver185 = Remote-KIS186 = KIS Protocolkis187 = Application Communication Interface188 = Plus Five's MUMPS189 = Queued File Transport189 = Queued File Transport190 = Gateway Access Control Protocol190 = Gateway Access Control Protocol191 = Prospero Directory Service191 = Prospero Directory Service192 = OSU Network Monitoring System193 = srmp, Spider Remote Monitoring Protocol194 = IRC, Internet Relay Chat Protocl195 = DNSIX Network Level Module Audit196 = DNSIX SESSION MGT MGT MODIT Redir197 =
Directory Location Service198 = Directory Location Service Monitor199 = SMUX200 = IBM System Resource Controller201 = at-rtmp AppleTalk Routing Maintenance202 = at-nbp AppleTalk Name Binding203 = at-3 AppleTalk Unused204 = AppleTalk Echo205 = AppleTalk Unused206 = AppleTalk Zone Information207 = AppleTalk Unused208 = AppleTalk Unused209 = Trivial Authenticated Mail Protocol210 = ANSI Z39.50z39.50211 = Texas Instruments 914C / G Terminal212 = ATEXSSTRanet213 = IPX214 = VM PWSCSvmpwscs215 = Insignia Solutions216 = Access Technology License Server217 = dBASE Unix218 = Netix Message Posting Protocol219 = Unisys ARPsuarps220 = Interactive Mail Access Protocol v3221 = Berkeley rlogind with SPX auth222 = Berkeley rshd with SPX auth223 = Certificate Distribution Center224 = Reserved (224-241) 241 = Reserved (224-241) 242 = Unassigned # 243 = Survey Measurement244 = Unassigned # 245 = LINKlink246 = Display Systems Protocol247-255 reserved256-343 unassigned344 = prospero data access protocol345 = perf analyysis workbench346 = zebra serverzserv347 = Fatmen ServerfatServ348 = CABL etron Management Protocol349-370 Unassigned371 = Clearcaseclearcase372 = Unix Listservulistserv373 = Legent Corporation374 = Legent Corporation375 = Hasslehassle376 = Amiga Envoy Network Inquiry Proto377 = NEC Corporation378 = NEC Corporation379 = TIA / EIA / IS-99 modem client380 = TIA / EIA / IS-99 modem server381 = hp performance data collector382 = hp performance data managed node383 = hp performance data alarm manager384 = A Remote Network Server System385 = IBM Application386 = ASA Message Router Object Def.387 = Appletalk Update-Based Routing Pro.388 =
Unidata LDM Version 4389 = Lightweight Directory Access Protocol390 = UISuis391 = SynOptics SNMP Relay Port392 = SynOptics Port Broker Port393 = Data Interpretation System394 = EMBL Nucleic Data Transfer395 = NETscout Control Protocol396 = Novell Netware over IP397 = Multi Protocol Trans. Net.398 = Kryptolankryptolan399 = Unassigned # 400 = Workstation Solutions401 = Uninterruptible Power Supply402 = Genie Protocol403 = decapdecap404 = ncednced405 = ncldncld406 = Interactive Mail Support Protocol407 = Timbuktutimbuktu408 = Prospero Resource Manager Sys. Man.409 = Prospero Resource Manager Node Man.410 = DECLadebug Remote Debug Protocol411 = Remote MT Protocol412 = Trap Convention Port413 = SMSPsmsp414 = InfoSeekinfoseek415 = BNetbnet416 = Silverplattersilverplatter417 = Onmuxonmux418 = Hyper-Ghyper-g419 = Arielariel1420 = SMPTEsmpte421 = Arielariel2422 = Arielariel3423 = IBM Operations Planning and Control Start424 = IBM Operations Planning and Control Track425 = ICADicad-el426 = smartsdpsmartsdp427 = Server location429 = = cMU430 = UTMPSDUTMPSD431 = UTMPCDUTMPCD432 = i ASDiasd433 = NNSPnnsp434 = MobileIP-Agent435 = MobilIP-MN436 = DNA-CMLdna-cml437 = comscmcomscm439 = dasp, Thomas Obermair440 = sgcpsgcp441 = decvms-sysmgtdecvms-sysmgt442 = cvc_hostdcvc_hostd443 = https444 = Simple Network Paging Protocol445 = Microsoft-DS446 = DDM-RDBddm- rdb447 = DDM-RFMddm-dfm448 = DDM-BYTEddm-byte449 = AS Server Mapper450 = TServertserver512 = exec, Remote process execution513 = login, remote login514 = cmd, exec with auto auth.514 = syslog515 = Printer spooler516 = Unassigned517 = talk519 =
unixtime520 = extended file name server521 = Unassigned522 = Unassigned523 = Unassigned524 = Unassigned526 = newdate530 = rpc courier531 = chatconference532 = readnewsnetnews533 = for emergency broadcasts539 = Apertus Technologies Load Determination540 = uucp541 = uucp-rlogin542 = Unassigned543 = klogin544 = kshell545 = Unassigned546 = Unassigned547 = Unassigned548 = Unassigned549 = Unassigned550 = new-who551 = Unassigned552 = Unassigned553 = Unassigned554 = Unassigned555 = dsf556 = remotefs557-559 = rmonitor560 = rmonitord561 = dmonitor562 = chcmd563 = Unassigned564 = plan 9 file service565 = whoami566-569 Unassigned570 = demonmeter571 = udemonmeter572-599 Unassigned ipc server600 = Sun IPC server607 = nqs606 = Cray Unified Resource Manager608 = Sender-Initiated / Unsolicited File Transfer609 = npmp-trapnpmp-trap610 = npmp-localnpmp-local611 = npmp-guinpmp-gui634 = ginadginad666 = Doom Id Software704 = errlog copy / server daemon709 = EntrustManager729 = IBM NetView DM / 6000 Server / Client730 = IBM NetView DM / 6000 Send / TCP731 = IBM NetView DM / 6000 Receive / TCP741 = NETGWNETGW742 = NetWork Based Rev. Cont. Sys.744 = Flexible License Manager747 = Fujitsu Device Control748 = Russell Info Sci Calendar Manager749 = kerberos administration751 = pump752 = qrh754 = send758 = nlogin759 = con760 = ns762 = quotad763 = cycleserv765 = webster767 = phonephonebook769 = vid771 = rtip772 = cycleserv2774 = acmaint_dbd775 = acmaint_transd780 = WPGS786 = ConcertConcert800 = mdbs_daemon996 = Central Point Software997 = maitd999 = puProuter1023 = reserved1024 = reserved1025 =
network blackjack1030 = BBN IAD1031 = BBN IAD1032 = BBN IAD1067 = Installation Bootstrap Proto. Serv.1068 = Installation Bootstrap Proto. Cli.1080 = SOCKS1083 = Anasoft License Manager1084 = Anasoft License Manager1155 = Network File Access1222 = SNI R & D network1248 = hermes1346 = Alta Analytics License Manager1347 = multi media conferencing1347 = multi media conferencing1348 = multi media conferencing1349 = Registration Network Protocol1350 = Registration Network Protocol1351 = Digital Tool Works (MIT) 1352 = / Lotus Notelotusnote1353 = Relief Consulting1354 = RightBrain Software1355 = Intuitive Edge1356 = CuillaMartin Company1357 = Electronic PegBoard1358 = CONNLCLIconnlcli1359 = FTSRVftsrv1360 = MIMERmimer1361 = LinX1362 = TimeFliestimeflies1363 = Network DataMover Requester1364 = Network DataMover Server1365 = Network Software Associates1366 = Novell NetWare Comm Service Platform1367 = DCSdcs1368 = ScreenCastscreencast1369 = GlobalView to Unix Shell1370 = Unix Shell to GlobalView1371 = Fujitsu Config Protocol1372 = Fujitsu Config Protocol1373 = Chromagrafxchroma grafx1374 = EPI Software Systems1375 = Bytexbytex1376 = IBM Person to Person Software1377 = Cichlid License Manager1378 = Elan License Manager1379 = Integrity Solutions1380 = Telesis Network License Manager1381 = Apple Network License Manager1382 = udt_os1383 = GW Hannaway Network License Manager1384 = Objective Solutions License Manager1385 = Atex Publishing License Manager1386 = Checksum license manager1387 = computer aided design Software inclm1388 = Objective Solutions database cache1389 = document manager1390 = storage controller1391 =
Storage Access Server1392 = Print Managericlpv-pm1393 = Network Log Server1394 = Network Log Client1395 = PC Workstation Manager software1396 = DVL Active Mail1397 = Audio Active Mail1398 = Video Active Mail1399 = Cadkey License Manager1400 = Cadkey Tablet Daemon1401 = Goldleaf License Manager1402 = Prospero Resource Manager1403 = prospero Resource Manager1404 = Infinite Graphics License Manager1405 = IBM Remote Execution Starter1406 = NetLabs License Manager1407 = DBSA License Manager1408 = Sophia License Manager1409 = Here License Manager1410 = HiQ License Manager1411 = AudioFileaf1412 = InnoSysinnosys1413 = Innosys-ACLinnosys-acl1414 = IBM MQSeriesibm-mqseries1415 = DBStardbstar1416 = Novell LU6.2novell-lu6.21417 = Timbuktu Service 1 Port1417 = Timbuktu Service 1 Port1418 = Timbuktu Service 2 Port1419 = Timbuktu Service 3 Port1420 = Timbuktu Service 4 Port1421 = Gandalf License Manager1422 = Autodesk License Manager1423 = Essbase Arbor Software1424 = Hybrid Encryption Protocol1425 = Zion Software license Manager1426 = Satellite-Data Acquisition System 1 1427 = mloadd monitoring tool1428 = Informatik License Manager1429 = Hypercom NMSnms1430 = Hypercom TPDUtpdu1431 = Reverse Gosip Transport1432 = Blueberry Software License Manager1433 = Microsoft-SQL-Server1434 = Microsoft-SQL-Monitor1435 = IBM CISCibm-cics1436 = Satellite-data Acquisition System 21437 = Tabulatabula1438 = Eicon Security Agent / Server1439 = Eicon X25 / SNA Gateway1440 = Eicon Service Location Protocol1441 = Cadis License Management1442 = Cadis License Management1443 = Integrated Engineering Software1444 = Marcam License Management1445 =
Proxima License Manager1446 = Optical Research Associates License Manager1447 = Applied Parallel Research LM1448 = OpenConnect License Manager1449 = PEportpeport1450 = Tandem Distributed Workbench Facility1451 = IBM Information Management1452 = GTE Government Systems License Man1453 = Genie License Manager1454 = interHDL License Manager1454 = interHDL License Manager1455 = ESL License Manager1456 = DCAdca1457 = Valisys License Manager1458 = Nichols Research Corp.1459 = Proshare Notebook Application1460 = Proshare Notebook Application1461 = IBM Wireless LAN1462 = World License Manager1463 = Nucleusnucleus1464 = MSL License Manager1465 = Pipes Platform1466 = Ocean Software License Manager1467 = CSDMBASEcsdmbase1468 = CSDMcsdm1469 = Active Analysis Limited License Manager1470 = Universal Analytics1471 = csdmbasecsdmbase1472 = csdmcsdm1473 = OpenMathopenmath1474 = Telefindertelefinder1475 = Taligent License Manager1476 = clvm-cfgclvm-cfg1477 = ms-sna-server1478 = ms-sna-base1479 = dberegisterdberegister1480 = PacerForumpacerforum1481 = AIRSairs1482 = Miteksys Lice nse Manager1483 = AFS License Manager1484 = Confluent License Manager1485 = LANSourcelansource1486 = nms_topo_serv1487 = LocalInfoSrvr1488 = DocStordocstor1489 = dmdocbrokerdmdocbroker1490 = insitu-confinsitu-conf1491 = anynetgateway1492 = stone-design-11493 = netmap_lmnetmap_lm1494 = icaica1495 = cvccvc1496 = liberty-lmliberty-lm1497 = rfx-lmrfx -LM1498 = watcom-sqlwatcom-SQL1499 = federico heinz consules1500 = VLSI license manager1501 = Satellite-data acquisition system 31502 = shivashivadiscovery1503 = DATABEAMIMTC-MCS1504 =
EVB Software Engineering License Manager1505 = Funk Software, Inc.1524 = ingres1525 = oracle1525 = Prospero Directory Service non-priv1526 = Prospero Data Access Prot non-priv1527 = oracletlisrv1529 = oraclecoauthor1600 = issd1651 = proshare conf audio1652 = proshare conf video1653 = proshare conf data1654 = proshare conf request1655 = proshare conf notify1661 = netview-aix-1netview-aix-11662 = netview-aix-2netview-aix-21663 = netview-aix-3netview-aix-31664 = netview-aix-4netview-aix-41665 = netview- aix-5netview-aix-51666 = netview-aix-6netview-aix-61986 = cisco license management1987 = cisco RSRB Priority 1 port1988 = cisco RSRB Priority 2 port1989 = cisco RSRB Priority 3 port1989 = MHSnet systemmshnet1990 = cisco STUN Priority 1 port1991 = cisco STUN Priority 2 port1992 = cisco STUN Priority 3 port1992 = IPsendmsgipsendmsg1993 = cisco SNMP TCP port1994 = cisco serial tunnel port1995 = cisco perf port1996 = cisco Remote SRB port1997 = cisco Gateway Discovery Protocol1998 = cisco X.25 service (XOT) 1999 = cisco identification port2009 = Whoscopeockami2010 = PIPE_ server2011 = raid2012 = raid-ac2013 = rad-am2015 = raid-cs2016 = bootserver2017 = terminaldb2018 = rellpack2019 = about2019 = xinupageserver2020 = xinupageserver2021 = xinuexpansion12021 = down2022 = xinuexpansion22023 = xinuexpansion32023 = xinuexpansion42024 = xinuexpansion42025 = xribs2026 = scrabble2027 = shadowserver2028 = submitserver2039 = device22032 = Blackboard2033 = glogger2034 = scoremgr2035 = IMSLDOC2038 = ObjectManager2040 = lam2041 = interbase2042 = ISIS2043 = ISIS-BCAST2044 = PriMSL2045 = cdfunc2047 = DLS2048 =
dls-monitor2065 = Data Link Switch Read Port Number2067 = Data Link Switch Write Port Number2201 = Advanced Training System Program2500 = Resource Tracking system server2501 = Resource Tracking system client2564 = HP 3000 NS / VT block mode telnet2784 = world wide web - development3049 = ccmail3264 = ccmail, cc: mail / lotus3333 = dec-notes3984 = MAPPER network node manager3985 = MAPPER TCP / IP server3986 = MAPPER workstation server3421 = Bull Apprise portmapper3900 = Unidata UDT OS4132 = NUTS Daemonnuts_dem4133 = NUTS Bootp Server4343 = UNICALL4444 = KRB5244672 = remote file access server5002 = radio free ethernet5010 = TelepathStarttelelpathstart5011 = TelepathAttack5050 = multimedia conference control tool5145 = rmonitor_secure5190 = aol, America-Online5300 = HA cluster heartbeat5301 = hacl-gs # HA cluster general services5302 = HA cluster configuration5303 = hacl-probe HA cluster probing5305 = hacl-test6000- 6063 = x11 x window system6111 = Sub-process HP Softbench Sub-Process Control6141 / = Meta-Corp Meta Corporation license Manager6142 = aspentec-lm Aspen Technology License Manager6143 = watershed-lm Watershed License Manager6144 = statsci1-lm StatSci License Manager - 16145 = statsci2-lm StatSci License Manager - 26146 = lonewolf-lm Lone Wolf Systems License Manager6147 = montage-lm Montage License Manager7000 = afs3-fileserver file server itself7001 = afs3-callback callbacks to cache managers7002 = afs3-prserver users & groups database7003 = afs3-vlserver volume location database7004 = afs3-kaserver AFS / Kerberos authentication service7005 = afs3-volser volume managment server7006 =
