Port Number Lookup
Why This Matters
Every TCP connection you open is a four-tuple: source IP, source port, destination IP, destination port. The port is what lets a single server multiply conversations -- your HTTP request and your colleague's SSH session arrive at the same IP but land on different ports because the OS dispatcher reads the port number in the transport-layer header and routes the payload to the right socket buffer.
When debugging a firewall rule and traffic isn't flowing, the problem is usually on this layer: a mismatch between what the client targets and what the server is bound to. This tool gives you the authoritative port database without opening the standards website or grepping the services file.
How the Registry Works
The standards body divides the 16-bit port space (0-65535) into three blocks: 0-1023 well-known, 1024-49151 registered, 49152-65535 dynamic ephemeral. A port number alone is meaningless without transport protocol. TCP 53 and UDP 53 are different sockets -- one handles zone transfers, the other handles queries.
What the Tool Does
Type a number to see every assignment for that port, or type a name to search. The results table shows port, protocol, service name, and registration status. Each row expands to show the RFC reference and notes.
Filter tabs let you browse by block -- well-known, registered, dynamic. Protocol filter narrows to TCP or UDP. The export function dumps the filtered view as CSV.
Quick Reference
- 80 -- HTTP. Unencrypted traffic. Load balancer redirect.
- 443 -- HTTPS. Default for every modern web service.
- 22 -- SSH. Remote shell.
- 25 -- SMTP. Use 587 with STARTTLS for relay.
- 53 -- DNS. TCP and UDP.
- 3306 -- MySQL.
- 5432 -- PostgreSQL.
- 6379 -- Redis. No auth by default.
- 27017 -- MongoDB.
- 8080/8443 -- Dev proxy alternatives.
How to Use It
Run ss -tlnp or netstat -tlnp on the target host. Cross-reference against this lookup. Paste CSV exports into AWS Security Group or iptables rules via Terraform or firewall-cmd.
Common Gotchas
Privilege escalation: lower ports need root. Node on 80 without privilege = permission denied. Use reverse proxy or setcap. Ephemeral exhaustion: heavily-loaded proxy can exhaust the ephemeral port range. Deprecated entries carry a flag. Check notes.
FAQ
Q: Multiple service names for one port? A: Historical assignments. Q: What is the port assignment spec? A: The RFC that defines procedures for assignment. Q: Database auto-updated? A: CSV snapshot. Check repo for last sync.