LiveChat 
Support 
Port 22 and the Common Network Ports Every Admin Should Know
When you SSH into a server, you are connecting to port 22. When you load a website, you hit port 80 or 443. When your mail client sends an email, it talks to port 25, 465, or 587. Every one of these services lives on the same machine, often behind the same single IP address, and the thing that keeps them from colliding is the port number. A network port is the addressing layer that turns one computer into dozens of independently reachable services.
This guide explains what a network port actually is, how the port ranges are organized, and gives you the big reference table of common ports you will reach for again and again. We will pay special attention to port 22, because it is the door you use to administer your server, and we will close with how ports and firewalls work together to keep that server secure. This is a supporting article in a larger series; for the full picture of how traffic finds your machine, start with the parent guide on networking and DNS for hosting.
Key Takeaways
• A port is a numbered endpoint within an IP address that lets one server run many services at once. The IP gets the packet to the machine; the port decides which program receives it.
• Port 22 is the standard port for SSH and SFTP — your primary channel for remote server administration.
• Ports fall into three ranges: well-known (0–1023), registered (1024–49151), and dynamic/ephemeral (49152–65535).
• Common service ports you must know include 21 (FTP), 25/465/587 (SMTP email), 53 (DNS), 80/443 (web), 3306 (MySQL), and 3389 (RDP).
• Every open port is an exposed service. The core firewall rule is to open only the ports you actively use and close everything else.
What is a network port and why does one server need so many?
A network port is a 16-bit number that identifies a specific service or process on a networked machine. Because the number is 16 bits, valid ports run from 0 to 65535 — that is 65,536 possible endpoints on every single IP address.
Think of it this way. An IP address is like the street address of an apartment building. It gets a delivery to the right building, but it does not tell the courier which unit to knock on. The port number is the apartment or suite number inside that building. When a packet arrives at your server’s IP, the operating system reads the destination port and hands the packet to whichever program is listening there: port 80 goes to the web server, port 22 goes to the SSH daemon, port 3306 goes to the database.
This is why a single server with one IP can simultaneously be a web server, a mail server, an SSH host, and a database server. Each service “binds” to its own port and waits for connections. Without ports, a machine could effectively run only one network service at a time. Ports are also half of a socket — the combination of an IP address and a port (for example `203.0.113.10:443`) is what uniquely identifies one end of a network connection. If you want the foundational concept first, see .
Ports are used by the transport layer protocols, primarily TCP and UDP. TCP is connection-oriented and reliable (it is what HTTP, SSH, and SMTP ride on), while UDP is connectionless and lightweight (used by DNS queries, DHCP, and TFTP). The same port number can be assigned to both TCP and UDP independently, which is why port 53, for instance, is used on both. For a deeper comparison, see .
How are the port ranges organized?
The Internet Assigned Numbers Authority (IANA) divides the full 0–65535 range into three categories. Knowing which range a port falls into tells you a lot about how it is meant to be used.
| Range | Name | Numbers | Purpose |
|---|---|---|---|
| 0–1023 | Well-known ports | Low | Reserved for core, standardized services (HTTP, SSH, SMTP, DNS). On Unix-like systems, binding to these usually requires root/administrator privileges. |
| 1024–49151 | Registered ports | Mid | Assigned by IANA to specific applications and vendors (MySQL on 3306, RDP on 3389). Less strictly controlled than well-known ports. |
| 49152–65535 | Dynamic / ephemeral ports | High | Temporary ports the OS assigns automatically to the client side of a connection. Not reserved for any service. |
The well-known ports (0–1023) are the ones you will memorize over time because they map to the internet’s foundational services. The requirement for elevated privileges to bind to them is a deliberate security feature: it means a random unprivileged process cannot hijack port 80 or port 22 and impersonate a critical service.
The ephemeral range is worth understanding because it explains the other side of every connection. When your browser connects to a website on port 443, your own machine opens a temporary high-numbered port (say 51324) as the source. The server replies to that ephemeral port. This is why outbound connections generally work even when a firewall blocks most inbound ports — the firewall tracks the connection state and allows the return traffic.
What are the most common network ports? (The reference table)
Here is the table to bookmark. These are the ports you will encounter constantly when managing servers, configuring firewalls, and troubleshooting connectivity. This is your common ports list of the well-known ports that matter most in day-to-day hosting work.
| Port | Service | TCP/UDP | Notes |
|---|---|---|---|
| 20 / 21 | FTP | TCP | File Transfer Protocol. Port 21 is the control channel, port 20 the data channel. Unencrypted — prefer SFTP. (This is IP port 21.) |
| 22 | SSH / SFTP | TCP | Secure Shell — encrypted remote administration and secure file transfer. The primary keyword of this guide; covered in detail below. |
| 23 | Telnet | TCP | Legacy remote shell. Unencrypted and insecure — superseded by SSH. Should be disabled. |
| 25 | SMTP | TCP | Simple Mail Transfer Protocol. Port 25 carries server-to-server mail relay. Often blocked outbound by providers to fight spam. |
| 53 | DNS | TCP & UDP | Domain Name System. UDP for standard lookups; TCP for large responses and zone transfers. |
| 67 / 68 | DHCP | UDP | Dynamic Host Configuration Protocol. Server uses 67, client uses 68. Assigns IP addresses automatically. |
| 69 | TFTP | UDP | Trivial File Transfer Protocol — a stripped-down, no-authentication file transfer used for network booting and device firmware. Port 69 runs over UDP, not TCP. |
| 80 | HTTP | TCP | Standard unencrypted web traffic. Usually redirected to HTTPS. |
| 110 | POP3 | TCP | Post Office Protocol v3. Downloads email and typically removes it from the server. |
| 143 | IMAP | TCP | Internet Message Access Protocol. Syncs email across devices, leaving it on the server. |
| 443 | HTTPS | TCP | Encrypted web traffic (HTTP over TLS). The default for all modern websites. |
| 465 | SMTPS | TCP | SMTP over implicit TLS for submitting outbound mail securely. |
| 587 | SMTP (submission) | TCP | The modern, recommended port for mail clients to submit outbound email with STARTTLS. |
| 993 | IMAPS | TCP | IMAP over TLS — encrypted email retrieval. |
| 995 | POP3S | TCP | POP3 over TLS — encrypted email download. |
| 3306 | MySQL | TCP | Default port for MySQL / MariaDB databases. Should rarely be exposed to the public internet. |
| 3389 | RDP | TCP | Remote Desktop Protocol for Windows graphical remote access. A frequent attack target. |
The reframe that makes ports click: a single server with one IP address can be a web server, a mail server, an SSH host, and a database server all at once because the IP only gets the packet to the machine — the *port number* decides which waiting program receives it. The IP is the building’s street address; the port is the apartment number. This same mental model rewrites how you think about firewall security. Every open port is an unlocked door to one specific service. So the security maxim “close every port you don’t use” is really “lock every door you’re not actively using.” Minimizing open ports is not abstract hardening — it is directly, literally shrinking the number of doors an attacker can try.
Which ports matter most for web hosting?
Out of the full list, a hosting environment really revolves around a small, predictable set. These are the ports you will deliberately keep open on a typical web server:
- Web: 80 and 443. HTTP and HTTPS. Port 443 carries virtually all real traffic; port 80 exists mainly to redirect visitors to the secure version.
- SSH: 22. Your administrative lifeline (more on this below).
- FTP / SFTP: 21 (and 22 for SFTP). File transfer. Modern setups prefer SFTP over SSH (port 22) rather than plain FTP on port 21, because FTP sends credentials in clear text.
- Email: 25, 465, 587, 993, 995. Port 25 for server-to-server relay; 465/587 for secure outbound submission; 993/995 for secure inbound retrieval (IMAPS/POP3S).
- Database: 3306 (MySQL). Critically, this should usually be bound to localhost only, so the application can reach the database but the public internet cannot.
The pattern to notice: web and email ports face the public because visitors and other mail servers must reach them. Administrative and database ports should be locked down, restricted by IP, or kept entirely internal.
Why does port 22 specifically matter so much?
Port 22 is the standard port for SSH (Secure Shell), the encrypted protocol you use to remotely administer a server. When you open a terminal and run a command on a server hundreds of miles away, that session almost always travels over port 22. SFTP — secure file transfer — also runs over SSH on the same port, which is why it is the recommended replacement for plain FTP.
Port 22 matters more than most ports for a simple reason: it is the door to *everything else*. A successful login over SSH typically grants a shell with the power to read files, change configurations, install software, and control every other service on the machine. That makes port 22 the single most security-sensitive port on a typical Linux server.
Because of this, port 22 is also one of the most relentlessly scanned and brute-forced ports on the internet. Automated bots constantly probe public IPs looking for an open port 22 with weak credentials. Sound hardening practices include:
- Disable password authentication and use SSH keys only.
- Disable direct root login over SSH.
- Restrict port 22 to known administrator IP addresses via the firewall where practical.
- Use tools like fail2ban to automatically ban IPs after repeated failed attempts.
Some administrators move SSH to a non-standard port to reduce automated noise in their logs. This is “security through obscurity” — it cuts down on drive-by scans but does not replace keys, fail2ban, and firewall rules. For a focused walkthrough, see .
How do ports and firewalls work together?
A firewall is, at its core, a set of rules about which ports are allowed to accept connections and from where. This is where the “lock every door you’re not using” principle becomes concrete policy.
The default posture should be “deny all, then allow specifically.” Rather than blocking known-bad ports, you close everything and open only the handful your services actually need. On a standard web server that often means allowing inbound 80, 443, and 22 (restricted to your admin IPs), and denying everything else inbound. Outbound traffic and the ephemeral return ports are handled by the firewall’s connection-state tracking.
This is why minimizing open ports directly shrinks your attack surface. Each open port is a service an attacker can probe for vulnerabilities. A database on 3306 exposed to the public internet, an old Telnet daemon on 23, or an unsecured RDP on 3389 are all classic entry points precisely because they were left open when they should have been closed or restricted. To go deeper on rule design, see .
How do you check which ports are open?
You will frequently need to confirm what is actually listening on a machine or whether a port is reachable. Three tools cover almost every case.
List ports your own machine is listening on with `ss` (the modern replacement for `netstat`):
“`bash
ss -tlnp
netstat -tlnp “`
Scan a remote host to see which ports respond, using `nmap`:
“`bash
nmap example.com
nmap -p 22 example.com “`
A quick `nmap -p 22 yourserver.com` is the fastest way to confirm whether port 22 is open and reachable before you troubleshoot a failed SSH connection. If the port shows as `filtered`, a firewall is likely dropping the traffic; if `closed`, nothing is listening there.
DarazHost manages the ports that matter so you don’t have to micromanage them. On every plan we keep the essential web (80/443), email, and FTP/SFTP ports correctly configured, with firewalls that keep unused ports closed by default — secure-by-default networking out of the box. On VPS and dedicated servers you get full root control to open exactly the ports your applications need, whether that is a custom app port, a database listener restricted to localhost, or SSH on port 22 locked to your office IP. And 24/7 support means if a port configuration is blocking your deployment, an engineer is a ticket away.
Frequently asked questions
What is port 22 used for? Port 22 is the default port for SSH (Secure Shell) and SFTP (SSH File Transfer Protocol). It is used for encrypted remote administration of servers and for secure file transfers. Because it grants shell access, it is the most security-sensitive port on a typical Linux server.
What is the difference between port 25, 465, and 587? All three handle outbound email via SMTP. Port 25 is for server-to-server mail relay and is often blocked on outbound by hosting providers to prevent spam. Port 465 uses implicit TLS for secure client submission, and port 587 is the modern recommended port for mail clients to submit outbound mail with STARTTLS encryption.
Is port 21 secure? No. Port 21 (FTP) transmits usernames, passwords, and data in plain text, so credentials can be intercepted. Use SFTP over SSH (port 22) or FTPS instead for any transfer involving sensitive data or login credentials.
What is port 69 used for? Port 69 runs TFTP (Trivial File Transfer Protocol) over UDP. TFTP is a minimal, no-authentication file transfer protocol typically used inside local networks for tasks like network booting (PXE) and pushing firmware to routers and switches. It is not suitable for use over the public internet.
What are the well-known ports? Well-known ports are the range 0–1023, reserved by IANA for core, standardized internet services such as HTTP (80), HTTPS (443), SSH (22), SMTP (25), and DNS (53). On Unix-like systems, binding a service to one of these ports usually requires administrator privileges.
