端口的行规

下面的文章,解决了多年的一个疑惑,端口号的命名,真的有规律吗?

De Facto Ports

Most applications communicate over a TCP or UDP port. Ports 0-1023 are usually privileged and require administrator or superuser access to bind a network socket to an IP with the corresponding port. But anything over 1024 is up for grabs. IANA (Internet Assigned Numbers Authority) can “reserve” ports for specific applications — but this is only a formality; users and applications are free to use whatever port they wish.

So a look at some port numbers (1024+) and how they are used as default ports today, in 2023. There are many lists out there, but this aims to capture a list of protocols actually used in production (and leaves off many one-off ports used for specific games).

Some interesting patterns observed:

Odd-numbered and easy-to-remember ports are usually used for development servers. 3000, 5000, and 9000 are common in all-in-one web frameworks. Applications that have a related privileged application port (e.g., SMTP, DNS) sometimes use a repeated string (e.g., 5353 for Multicast DNS, 3535 for SMTP, or 8080 for a web server). Other than that, it seems like the strategy is to pick a number with low entropy (e.g., Jupyter on 8888) or a completely random one unlikely to cause conflicts (e.g., 25565 for Minecraft).

Odd-numbered and easy-to-remember ports are usually used for development servers. 3000, 5000, and 9000 are common in all-in-one web frameworks. Applications that have a related privileged application port (e.g., SMTP, DNS) sometimes use a repeated string (e.g., 5353 for Multicast DNS, 3535 for SMTP, or 8080 for a web server). Other than that, it seems like the strategy is to pick a number with low entropy (e.g., Jupyter on 8888) or a completely random one unlikely to cause conflicts (e.g., 25565 for Minecraft).

1080 — SOCK Proxy
2049 — Network File System (NFS)
2181 — Apache ZooKeeper
2375 — Docker REST API (HTTP)
2376 — Docker REST API (HTTPS)
3000 — “The Development Framework Port.” Ruby on Rails uses port 3000 as the default development port for its web server. Node frameworks use this port (e.g., Express.js, Meteor, Create React App, NextJS, SvelteJS, Astro, Remix).

3306 — MySQL

3478 — STUN, TURN (NAT Traversal)

4000 — Phoenix, Jekyll

4001 — etcd

4200 — AngularJS

4567 — Sinatra

5000 — “The Other Development Framework Port.” Flask (Python) uses 5000 as the default development port. As does ASP.NET Core.

5222 — XMPP (Extensible Messaging and Presence Protocol)

5349 — STUN, TURN over TLS

5353 — Multicast DNS — Follows the same pattern as SMTP, occasionally being run on port 3535. Duplicates the privileged port (DNS uses 53).

5432 — PostgreSQL

5900 — VNC (using a remote frame buffer, RFB)

6000 — X11 (over the network). Common to take the display number and add it to 6000 (e.g., DISPLAY 6 would be served over 6006).

6379 — Redis

6660 — IRC (Internet Relay Chat)

6881 — BitTorrent

8000 — “Python Development Framework Port.” Includes Django and Python 3’s http.server.

8080 — “The HTTP web server port.” Like 5353 (Multicast DNS) and 3535 (SMTP), an unprivileged port to run an HTTP webserver.

8333 — Bitcoin

8888 — Jupyter Notebook,

8983 — Apache Solr

9000 — Used by various applications, but no central theme or extremely well-known application.

25565 — Minecraft

27017 — MongoDB

51820 — WireGuard

Leave a Reply

Your email address will not be published. Required fields are marked *