IP Address & Network

Port Number

About 5 min read

Last updated: 2026-04-05

What Is a Port Number

A port number is a numerical value ranging from 0 to 65535 used to identify applications and services in network communication. If an IP address is like a building's street address, a port number is like a room number within that building.

A single server can run multiple services simultaneously - such as a web server, mail server, and SSH server - because each uses a different port number to route traffic. When you visit https://example.com in your browser, a connection is made to port 443 behind the scenes.

Port Number Ranges

Port numbers are classified into three ranges by IANA (Internet Assigned Numbers Authority).

Well-Known Ports (0-1023)
Reserved for major protocols. Requires OS administrator privileges to use. Includes HTTP (80), HTTPS (443), SSH (22), SMTP (25), and DNS (53).
Registered Ports (1024-49151)
Used by specific applications registered with IANA. Common examples include MySQL (3306), PostgreSQL (5432), and Redis (6379).
Dynamic Ports (49152-65535)
Temporarily used by the client side. When a browser connects to a web server, a source port is randomly assigned from this range.

Port Scanning and Security Risks

Port scanning is the act of attempting connections to numerous ports on a target server or network device to discover which ports are open. While network administrators use it legitimately to check their own vulnerabilities, attackers also use it as reconnaissance to find entry points.

  • TCP SYN Scan: Sends only the first step of a connection (SYN packet) and determines port status from the response. Harder to detect since the connection is never completed.
  • TCP Connect Scan: Establishes a full TCP connection to verify. Reliable but more likely to appear in logs.
  • UDP Scan: Checks whether UDP ports are open. Interprets lack of response as "open," making it slow and less accurate.

Leaving unnecessary ports open creates potential entry points for attacks. The basic principle is to allow only required ports through your firewall and block everything else.

Firewall Port Control

The most fundamental function of a firewall is controlling whether to allow or deny traffic based on port numbers.

  • Inbound Rules: Control connections from outside to the server. For a web server, typically only ports 80 and 443 are allowed, while SSH (22) is restricted to administrator IP addresses.
  • Outbound Rules: Control connections from the server to the outside. Restricting unnecessary outbound traffic helps prevent malware from communicating with external C&C servers.

In cloud environments, AWS Security Groups and Azure NSGs serve this role. The principle of least privilege - opening only the minimum required ports - is a fundamental of network security.

Home routers using NAT block all incoming connections by default. Unless port forwarding is configured, external access to internal devices is not possible.

Key Takeaways for Practice

Here is a summary of particularly important practical knowledge about port numbers.

  • Migration from Port 80 to 443: Websites once used HTTP (port 80) as the standard, but now TLS encryption is required, making HTTPS (port 443) the default. Google Chrome displays a "Not Secure" warning for HTTP sites.
  • Using Non-Standard Ports: Changing SSH from the default port 22 to another port (e.g., 2222) can avoid most automated brute-force attacks. However, this is not a fundamental security measure - it merely reduces attack noise.
  • Port Conflicts: Multiple applications cannot use the same port number simultaneously. If you encounter an "Address already in use" error in your development environment, you need to identify and stop the process using that port.

Common Misconceptions

Changing the port number improves security
Changing to a non-standard port has some effect in avoiding automated scans, but it is not a fundamental security measure. Attackers can scan all ports, so strengthening authentication and properly configuring firewalls are the real countermeasures.
Closing ports makes you unhackable
Closing ports is an important measure, but some ports must remain open (such as port 443 for web servers). Applications running on open ports can still be exploited through vulnerabilities, so software updates and proper configuration are also essential.
You only need to know ports 80 and 443
Even web developers regularly work with multiple ports including SSH (22), DNS (53), and databases (3306, 5432). Without knowledge of port numbers, troubleshooting connection issues takes significantly longer.
Share

Related Terms

IP Address A unique identifier assigned to every device connected to the internet. There ar… Firewall A security mechanism placed at network boundaries that inspects and controls inc… NAT (Network Address Translation) A technology that translates between private and public IP addresses. Widely use… HTTP The foundational protocol for data exchange between web browsers and servers. HT… TLS/SSL Cryptographic protocols that encrypt internet communications to ensure confident… SSH (Secure Shell) An encrypted network protocol for securely connecting to remote computers. SSH e…

Related Articles

The Stories Behind Port Numbers - Why HTTP Is 80, HTTPS Is 443, and SSH Is 22 Learn why HTTP uses port 80, HTTPS uses 443, and SSH uses 22, the three categories of port numbers (… What Is a Firewall - Types, How It Works, and Configuration Guide Learn about firewall types (packet filtering, stateful, NGFW), how they work, Windows/Mac configurat… Firewall Basics: Your First Line of Network Defense Understand how firewalls work, the different types available, and practical network defense strategi…
← Glossary