A fundamental part of most security tests is to scan the in-scope network segment for available services. These services, also known as network daemons, are processes that run on networked systems and listen to incoming network traffic through the use of ports. The available range of port numbers goes from 0 to 65,535. Depending on the type of application, services can listen to incoming requests over TCP or UDP, and sometimes both.
A key factor is that many applications and services make use of predetermined, so-called well-known, port numbers. For example, web services primarily serve their content via port 80 over TCP. A full list of more or less well-established port numbers can be viewed at https://www.iana.org/ assignments/service-names-port-numbers/service-names-port-numbers.xhtml. Some commonly used protocols and port numbers:
Note: Any service can be configured to run on any port. The IANA list should only be used as a reference sheet. Any seasoned security tester will tell you that it’s possible to find services running nonstandard ports, such as an SSH server operating on port number 22222 instead of its standard port of 22.
Tags: #ports #network #securitytesting