What ports do SSH, HTTP, HTTPS, DNS, RDP, and SMB use, and why do they matter?
Short answer
SSH is TCP 22, HTTP is TCP 80, HTTPS is TCP 443, DNS is 53 (UDP and TCP), RDP is TCP 3389, and SMB is TCP 445. Knowing the well-known ports lets you read scan output, write firewall rules, and triage alerts quickly — a service on its expected port versus an unexpected one is an immediate signal.
Ports are the transport-layer addresses that let one host run many services at once. Memorizing the common ones isn't trivia — it's the fast path to reading a scan, writing a firewall rule, or judging whether traffic is normal.
The ports to know cold
- SSH — TCP 22. Encrypted remote shell and file transfer.
- HTTP — TCP 80. Plaintext web.
- HTTPS — TCP 443. TLS-encrypted web (and increasingly QUIC over UDP 443).
- DNS — 53, both UDP and TCP. UDP for normal queries, TCP for large responses and zone transfers.
- RDP — TCP 3389. Windows Remote Desktop.
- SMB — TCP 445. Windows file sharing (the modern direct-host port; legacy NetBIOS used 137–139).
Why these matter operationally
Ports fall into ranges: well-known (0–1023) for core services, registered (1024–49151), and ephemeral/dynamic (49152–65535) used as the client side of connections. A port and protocol reference is handy when a scan turns up a number you don't recognize. When you scan a host and see 22, 80, and 443 open, you instantly know its likely role. A service on an unexpected port — say, a shell on 4444 — is a red flag worth investigating.
The security stakes
RDP (3389) and SMB (445) exposed to the internet are perennial breach causes: RDP for brute-force and exploited vulnerabilities, SMB for worms like WannaCry (EternalBlue). They belong behind a VPN or firewall, never on the open internet. Running a service on a non-standard port offers mild obscurity but no real security — attackers scan all ports.
Interviewers want the six port numbers correct, the UDP/TCP note on DNS, and awareness that RDP and SMB should never face the internet.
Likely follow-ups
- Why is exposing RDP (3389) or SMB (445) to the internet so dangerous?
- What is the difference between well-known, registered, and ephemeral port ranges?
- How does running a service on a non-standard port affect attackers and defenders?