Windows 7 Port Assignments

There are many services associated with the Windows 2000 operating system. These services might require more than one TCP or UDP port for the service to be functional. Table C.3 shows the default ports that are used by each service mentioned.

Table C.3 Default Port Assignments for Common Services

Service Name

UDP

TCP

Browsing datagram responses of NetBIOS over TCP/IP

138

Browsing requests of NetBIOS over TCP/IP

137

Client/Server Communication

135

Common Internet File System (CIFS)

445

139, 445

Content Replication Service

560

Cybercash Administration

8001

Cybercash Coin Gateway

8002

Cybercash Credit Gateway

8000

DCOM (SCM uses udp/tcp to dynamically assign ports for DCOM)

135

135

DHCP client

67

DHCP server

68

DHCP Manager

135

DNS Administration

139

DNS client to server lookup (varies)

53

53

Exchange Server 5.0

   Client Server Communication

   135

   Exchange Administrator

   135

   IMAP

   143

   IMAP (SSL)

   993

   LDAP

   389

   LDAP (SSL)

   636

   MTA - X.400 over TCP/IP

   102

   POP3

   110

   POP3 (SSL)

   995

   RPC

   135

   SMTP

   25

   NNTP

   119

   NNTP (SSL)

   563

File shares name lookup

137

File shares session

139

FTP

21

FTP-data

20

HTTP

80

HTTP-Secure Sockets Layer (SSL)

443

Internet Information Services (IIS)

80

IMAP

143

IMAP (SSL)

993

IKE (For more information, see Table C.4)

500

IPSec Authentication Header (AH) (For more information, see Table C.4)

IPSec Encapsulation Security Payload (ESP) (For more information, see Table C.4)

IRC

531

ISPMOD (SBS 2nd tier DNS registration wizard)

1234

Kerberos de-multiplexer

2053

Kerberos klogin

543

Kerberos kpasswd (v5)

464

464

Kerberos krb5

88

88

Kerberos kshell

544

L2TP

1701

LDAP

389

LDAP (SSL)

636

Login Sequence

137, 138

139

Macintosh, File Services (AFP/IP)

548

Membership DPA

568

Membership MSN

569

Microsoft Chat client to server

6667

Microsoft Chat server to server

6665

Microsoft Message Queue Server

1801

1801

Microsoft Message Queue Server

3527

135, 2101

Microsoft Message Queue Server

2103, 2105

MTA - X.400 over TCP/IP

102

NetBT datagrams

138

NetBT name lookups

137

NetBT service sessions

139

NetLogon

138

NetMeeting Audio Call Control

1731

NetMeeting H.323 call setup

1720

NetMeeting H.323 streaming RTP over UDP

Dynamic

NetMeeting Internet Locator Server ILS

389

NetMeeting RTP audio stream

Dynamic

NetMeeting T.120

1503

NetMeeting User Location Service

522

NetMeeting user location service ULS

522

Network Load Balancing

2504

NNTP

119

NNTP (SSL)

563

Outlook (see for ports)

Pass Through Verification

137, 138

139

POP3

110

POP3 (SSL)

995

PPTP control

1723

PPTP data (see Table C.4)

Printer sharing name lookup

137

Printer sharing session

139

Radius accounting (Routing and Remote Access)

1646 or 1813

Radius authentication (Routing and Remote Access)

1645 or 1812

Remote Install TFTP

69

RPC client fixed port session queries

1500

RPC client using a fixed port session replication

2500

RPC session ports

Dynamic

RPC user manager, service manager, port mapper

135

SCM used by DCOM

135

135

SMTP

25

SNMP

161

SNMP Trap

162

SQL Named Pipes encryption over other protocols name lookup

137

SQL RPC encryption over other protocols name lookup

137

SQL session

139

SQL session

1433

SQL session

1024 - 5000

SQL session mapper

135

SQL TCP client name lookup

53

53

Telnet

23

Terminal Server

3389

UNIX Printing

515

WINS Manager

135

WINS NetBios over TCP/IP name service

137

WINS Proxy

137

WINS Registration

137

WINS Replication

42

X400

102

Top Of Page

We deal with application and service issues on a daily basis.  Normally the problems relate to applications not performing as expected, hanging or crashing.  However, every so often someone will ask us what network port a service is using.  Unless we are talking about one of the well known services such as SMTP, FTP, HTTP, RDP, LDAP, basic RPC etc, the ports being used are potentially subject to change.  That does make life a little more challenging – but it’s nothing that we can’t figure out using some simple tools.

When considering network port numbers, the numbers are divided into three ranges: the Well Known ports, the Registered ports and the Dynamic (Private) ports.  The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the port assignments.  The Well Known port range is from 0 – 1023, Registered ports run from 1024 – 49151, and the Dynamic ports run from 49152 – 65535.

So how do we determine the port that a service is using?  Without using Network Monitor, Wireshark or a similar utility, there are a couple of very handy utilities provided with the operating system that we can use – NETSTAT.EXE and TASKLIST.EXE.  Most administrators are familiar with NETSTAT.EXE already, but for those who are not, you can use NETSTAT.EXE to identify what ports are being used by a particular process.  The syntax that we will be using for NETSTAT.EXE is as follows: netstat.exe –a –n –o.  The switches we are using provide the following:

  • -a: listing of all connections and listening ports
  • -n: display address and port numbers in numerical form
  • -o: display the owning PID associated with each connection

When the command is run, you will see output similar to what is below.  Something to keep in mind is that in the Proto column, the protocol may be TCP or UDP.

 

If there is a specific port in use that we want to examine, we need the PID of the owning process, and TASKLIST.EXE.  Turning our attention to TASKLIST.EXE, we covered some of the functionality in our post, Getting Started with SVCHOST.EXE Troubleshooting.  The command that we use to dump out all of the processes and their PID’s is simply tasklist.exe.  When I run this command, this is what the output looks like:

So, looking at the output from these two utilities, I can take the port number, and then map the PID to a specific process.  If the process that you are looking at is an instance of SVCHOST.EXE – let’s use PID 4784 as our example, then you will need to use slightly different switches for TASKLIST.EXE as shown below:

And thus I can tell exactly what services are running in that instance of SVCHOST.EXE.

And with that, we’ve reached the end of our post.  Until next time …

Additional Resources:

– CC Hameed

Back to
top

One thought on “Windows 7 Port Assignments

Leave a Reply

Your email address will not be published. Required fields are marked *