Port IDs
This reference provides information about default port IDs used by JSA.
The application
identifications are limited to the port-based mappings defined in
the /opt/qradar/conf/appid_map.conf file.
The following table lists the default common ports:
Port | Protocol | Protocol description |
|---|---|---|
7 | Echo | |
9 | Discard | |
13 | Daytime | |
15 | netstat | |
17 | QOTD | Quote of the Day |
18 | MSP | Message Send Protocol |
20 | FTP | File Transfer Protocol |
21 | FTP | File Transfer Protocol |
22 | SSH | Secure Shell |
23 | Telnet | |
24 | xfer | XFER Utility |
25 | SMTP | Send Mail Transfer Protocol |
26 | AltaVista Firewall97 | |
27 | AltaVista Firewall97 | |
28 | AltaVista Firewall97 | |
29 | MSG ICP | |
31 | MSG Authentication | |
33 | DSP | Display Support Protocol |
35 | pcanywhere | any private printer server |
37 | Time | |
38 | RAP | Route Access Protocol |
39 | RLP | Resource Location Protocol |
42 | name | Host Name Server |
43 | whois | Who Is |
45 | mpm | MPM FLAGS Protocol |
46 | mpm | MPM FLAGS Protocol |
47 | NI FTP | |
49 | TACACS | Login Host Protocol |
50 | Remote Mail Checking Protocol | |
52 | tacacs | |
53 | DNS | Domain Name Service |
54 | XNS Clearinghouse | |
56 | XNS Authentication | |
57 | mtp | |
58 | mtp | |
59 | any private file service | |
61 | mtp | |
63 | whois++ | |
65 | TACACS-Database Service | |
66 | netcp | |
67 | bootps | Bootstrap Protocol Server |
68 | bootps | Bootstrap Protocol Server |
69 | TFTP | Trivial File Transfer |
70 - 75 | Gopher | |
79 | Finger | |
80 | HTTP | HyperText Transfer Protocol |
81 | HTTP | HyperText Transfer Protocol |
82 | xfer | XFER Utility |
83 | MIT ML Device | |
84 | ctf | Common Trace Facility |
85 | MIT ML Device | |
86 | MFCOBOL | Micro Focus Cobol |
87 | ctf | Common Trace Facility |
88 | Kerberos | |
89 | MFCOBOL | Micro Focus Cobol |
90 | dnsix | DNSIX Securit Attribute Token Map |
91 | MFCOBOL | Micro Focus Cobol |
92 | npp | Network Printing Protocol |
93 | DCP | Device Control Protocol |
94 | objcall | Tivoli Object Dispatcher |
97 | xfer | XFER Utility |
98 | linuxconf | |
99 | metagram | Metagram Relay |
101 | hostname | NIC Host Name Server |
102 | hostname | |
107 | rtelnet | Remote Telnet Service |
108 | snagas | SNA Gateway Access Server |
109 | POP2 | Post Office Protocol - version 2 |
110 | POP3 | Post Office Protocol - version 3 |
111 | sunrpc | SUN Remote Procedure Call |
119 | NNTP News | Network New Transfer Protocol |
123 | NTP | Network Time Protocol |
135 | DCOM | Distributed Component Object Model |
137 | NetBIOS | Network Basic Input/Output System |
138 | WindowsFileSharing | |
139 | WindowsFileSharing | |
143 | IMAP | Internet Message Access Protocol |
150 | netcp | |
161 | SNMP | Simple Network Management Protocol |
162 - 164 | SNMP trap | Simple Network Management Protocol trap |
201- 208 | npp | |
209 | qmtp | |
217 | dbase | |
259 - 261 | objcall | |
264 | bgmp | |
348 | objcall | |
359 | nsrmp | |
389 | LDAP | Lightweight Directory Access Protocol |
391 | NSRMP | Network Security Risk Management Protocol |
392 | NSRMP | Network Security Risk Management Protocol |
395 | netcp | |
443 | SecureWeb | |
445 | WindowsFileSharing | |
464 | Kerberos | |
500 | IPSec | Internet Protocol Security |
514 | Syslog | |
543 | Kerberos | |
544 | Kerberos | |
546 | DHCPv6 | |
547 | DHCPv6 | |
554 | StreamingAudio | |
636 | LDAP | Lightweight Directory Access Protocol |
666 | MDQS | |
1214 | Kazaa | |
1241 | Nessus | |
1344 | ICAP | |
1345 | NortonGhost | |
1346 | NortonGhost | |
1352 | LotusNotes | |
1433 | MSSQLServer | |
1494 | CitrixICA | |
1521 | Oracle | |
1525 | Oracle | |
1527 | tlisrv | |
1529 | Oracle | |
1571 | - | Oracle Remote Data Base |
1575 | oraclenames | |
1630 | oraclenet8cman | |
1645 | Radius | |
1646 | Radius | |
1748 | oraclenet8cman | |
1754 | oraclenet8cman | |
1755 | MicrosoftMediaServer | |
1808 | oraclenet8cman | |
1809 | oraclenet8cman | |
1812 | Radius | |
1813 | Radius | |
1830 | oraclenet8cman | |
1863 | MSN | |
1900 | MiscApp | |
2005 | Oracle | |
2049 | NFS | Network File System |
2055 | cflow | |
2481 | giop | |
2482 | giop | |
2483 | ttc | |
2484 | ttc | |
2598 | CitrixICA | |
2967 | NortonAntiVirus | |
3128 | Squid | |
3200 | ttc | |
3264 | ccmail | |
3300 | SAP Gateway Server | |
3389 | MSTerminalServices | |
3531 | PeerEnabler | |
3600 | ttc | |
4500 | IPSec | Internet Protocol Security |
4662 | eDonkey2000 | |
5000 | Intellex | |
5001 | Intellex | |
5002 | Intellex | |
5050 | Yahoo | |
5190 | ICQ | |
5222 | Jabber | |
5432 | PostgreSQL | |
5900 | VNC | |
6050 | ARCserverBackup | |
6343 | sflow | |
6346 | Gnutella | |
6667 | IRC | |
6699 | OpenNap | |
6881 | BitTorrent | |
6989 | BitTorrent | |
7777 | ttc | |
7778 | ttc | |
8000 | StreamingAudio | |
8080 | HTTP | |
9555 | netflow | |
9800 | packeteer | |
9991 | jflow | |
9995 | netflow | |
10000 | Webmin | |
32000 | Flow Processor | |
40000 | Flowproc | |
41170 | Blubster | |
41524 | ARCserverBackup | |
45000 | UpdateDaemon | |
65301 | pcanywhere | |
32000-33999 | InnerSystem |