As a seasoned sysadmin, I know first-hand that ports are the doorway to server resources. Managing ports securely and efficiently is an essential duty. But with so many defaults across various apps and services, it becomes challenging to track relevant port numbers.
In this comprehensive guide designed specifically for hands-on sysadmins, I‘ll share the most useful default TCP and UDP ports to commit to memory. I‘ll break things down by common categories, share port troubleshooting tips, and provide need-to-know security guidance.
Consider this your go-to handbook for connecting to, securing, and managing access through those critical port gateways. Let‘s open some doors…
Why Ports Matter for Sysadmin Success
Before diving into the specifics, let‘s revisit why paying attention to ports should be on every sysadmin‘s radar.
Ports enable communication to apps and services. Whether you‘re monitoring a database, accessing a web UI, or connecting via SSH, ports make those interactions possible. Familiarity with defaults jumps starts troubleshooting.
Security hinges on locking down ports. Unnecessary open ports allow attackers potential entry points intoSERVER_COMPUTER_NAME environments. Understanding usage helps identify needs versus risks.
Port management protects availability. With containers and microservices running across clouds, port collisions can quickly cause confusion and downtime. Careful planning and coordination is key.
Taking the time to learn most common ports, and document the specifics for your environment, will supercharge your effectiveness and minimize headaches down the road.
Web & Application Server Ports
Web and app platforms power many of the services we rely on as sysadmins. Here are the port numbers you‘ll likely encounter most:
HTTP Web Servers
- Apache – 80
- Nginx – 80
- IIS – 80
HTTPS Web Servers
- Apache – 443
- Nginx – 443
- IIS – 443
Tomcat
- HTTP connector – 8080
- HTTPS connector – 8443
- AJP connector – 8009
- Shutdown – 8005
JBoss
- HTTP admin – 8080
- HTTPS admin – 8443
- Management – 9990
WebLogic
- Admin console – 7001
WebSphere
- HTTP admin – 9080
- HTTPS admin – 9043
And there are certainly many more web and app server platforms with default ports to note as you work with new environments:
- Wildfly admin – 9990
- Jetty HTTP – 8080
- Glassfish HTTP – 8080
- Payara HTTP – 8080
Database Default Ports
Databases sit at the core of most modern application architectures. Getting access to store and retrieve data relies on knowing these common database ports:
SQL Databases
- MySQL – 3306
- PostgreSQL – 5432
- Microsoft SQL – 1433
- Oracle (listener) 1521
NoSQL Databases
- MongoDB – 27017
- Cassandra – 9042
- CouchDB – 5984
Search Platforms
- Elasticsearch – 9200 (HTTP), 9300 (node communication)
- Solr – 8983
In-Memory Data Stores
- Redis – 6379
- Memcached – 11211
And while cloud-managed database services often allocate dynamic ports, familiarity with defaults provides context should issues ever need troubleshooting.
Messaging & Queueing Ports
As distributed platforms continue proliferating, middleware plays an integrating role. Queue and broker ports include:
- Kafka – 9092 (client)
- RabbitMQ – 5672, 15672 (management)
- ActiveMQ – 61616, 8161 (web admin)
- ZeroMQ – Common range 10000-20000
In container environments, care should be taken to coordinate port mapping to avoid collisions.
Virtualization & Cloud Ports
From hypervisors to public cloud, running workloads virtually brings network considerations. Usual listening ports include:
Hypervisors
- VMWare ESXi – 443 (HTTPS)
- Hyper-V – 2179
- KVM – 5900-6923 (VNC consoles)
Cloud
- AWS – 22 (SSH bastions), 3389 (RDP bastions)
- Azure – 22 (SSH bastions), 3389 (RDP bastions)
- Google Cloud – 22 (SSH bastions)
In addition to securing management interfaces, sysadmins interacting with virtual systems should understand networking concepts like VPCs, VLANs, and port forwarding in depth.
Network Protocols & Services
Beyond specific applications, having networking protocol details handy helps immensely with infrastructure troubleshooting. Common examples include:
SSH – 22
DHCP
- Server – 67
- Client – 68
DNS – 53
FTP
- Control – 21
- Data – 20
NTP – 123
SMTP – 25
SNMP – 161
Syslog – 514 (UDP)
Protocols form the foundation for how systems communicate and exchange data. Internalizing defaults speeds problem diagnosis significantly.
Security & Monitoring Ports
Maintaining visibility into system and network activity via logs and metrics is tablestakes for sysadmins. Usual security and monitoring system ports include:
Splunk
- Admin web UI – 8000
- Data ingest – 9997
Nagios
- Web UI – 80
Zabbix
- Web UI – 80
- Server – 10051
SNMP – 161
Graylog – 12201
Proactively opening appropriate ports for observation tools prevents scramble during incidents.
Sysadmin Port Troubleshooting Tips
Beyond memorizing default ports, applying that knowledge to debug network issues and outages is key. Here are several go-to techniques I lean on regularly:
Check listening ports – Use netstat -tunlp or ss -tulpn to validate known ports are open versus closed.
Review logs – Logs may indicate a service crashed, failed to start, or couldn‘t bind to a socket.
Confirm connectivity – Try connecting to a port via telnet, nc, or curl to isolate networking issues.
Check filtering – Review infrastructure firewalls, security groups, etc. to make sure expected ports aren‘t blocked.
Reproduce locally – Spin up docker containers or processes using standard ports to rule out app misconfigurations.
Process monitor – Resource monitors like htop can indicate a service is down or experiencing threads/connections issues.
While not always straightforward, methodically ruling out variables with port troubleshooting steps avoids prolonged outages.
Securing Ports Properly Matters
Beyond enabling availability, properly securing ports also minimizes risk:
- Close unused ports immediately
- Limit access to management interfaces
- Authenticate REST APIs properly
- Use SSH keys over passwords
- Never leave defaults open to the Internet
- Schedule regular port scans to catch oddities
Implementing fundamental security around the services relying on various ports will pay dividends through less incidents.
Conclusion & Recommendations
In closing, I hope this sysadmin port manifesto gives you confidence connecting to the key infrastructure making environments tick. My advice:
Bookmark essentials – Save this for reference to speed troubleshooting.
Customize details – Populate with your own environment‘s specifics.
Extend as needed – Add newly encountered ports during projects.
Share with peers – Port knowledge helps the whole team.
And when stumped by port predicaments, don‘t hesitate to reach out! Connecting services to power infrastructure is central to what sysadmins do daily. Here‘s to more open doors and less headaches.
