Port IDs
This reference provides information about default port IDs used by JSA.
The application identifications are limited to the port-based mappings defined in the /opt/qradar/conf/appid_map.conf file.
The following table lists the default common ports:
Port |
Protocol |
Protocol description |
---|---|---|
7 |
Echo |
|
9 |
Discard |
|
13 |
Daytime |
|
15 |
netstat |
|
17 |
QOTD |
Quote of the Day |
18 |
MSP |
Message Send Protocol |
20 |
FTP |
File Transfer Protocol |
21 |
FTP |
File Transfer Protocol |
22 |
SSH |
Secure Shell |
23 |
Telnet |
|
24 |
xfer |
XFER Utility |
25 |
SMTP |
Send Mail Transfer Protocol |
26 |
AltaVista Firewall97 |
|
27 |
AltaVista Firewall97 |
|
28 |
AltaVista Firewall97 |
|
29 |
MSG ICP |
|
31 |
MSG Authentication |
|
33 |
DSP |
Display Support Protocol |
35 |
pcanywhere |
any private printer server |
37 |
Time |
|
38 |
RAP |
Route Access Protocol |
39 |
RLP |
Resource Location Protocol |
42 |
name |
Host Name Server |
43 |
whois |
Who Is |
45 |
mpm |
MPM FLAGS Protocol |
46 |
mpm |
MPM FLAGS Protocol |
47 |
NI FTP |
|
49 |
TACACS |
Login Host Protocol |
50 |
Remote Mail Checking Protocol |
|
52 |
tacacs |
|
53 |
DNS |
Domain Name Service |
54 |
XNS Clearinghouse |
|
56 |
XNS Authentication |
|
57 |
mtp |
|
58 |
mtp |
|
59 |
any private file service |
|
61 |
mtp |
|
63 |
whois++ |
|
65 |
TACACS-Database Service |
|
66 |
netcp |
|
67 |
bootps |
Bootstrap Protocol Server |
68 |
bootps |
Bootstrap Protocol Server |
69 |
TFTP |
Trivial File Transfer |
70 - 75 |
Gopher |
|
79 |
Finger |
|
80 |
HTTP |
HyperText Transfer Protocol |
81 |
HTTP |
HyperText Transfer Protocol |
82 |
xfer |
XFER Utility |
83 |
MIT ML Device |
|
84 |
ctf |
Common Trace Facility |
85 |
MIT ML Device |
|
86 |
MFCOBOL |
Micro Focus Cobol |
87 |
ctf |
Common Trace Facility |
88 |
Kerberos |
|
89 |
MFCOBOL |
Micro Focus Cobol |
90 |
dnsix |
DNSIX Securit Attribute Token Map |
91 |
MFCOBOL |
Micro Focus Cobol |
92 |
npp |
Network Printing Protocol |
93 |
DCP |
Device Control Protocol |
94 |
objcall |
Tivoli Object Dispatcher |
97 |
xfer |
XFER Utility |
98 |
linuxconf |
|
99 |
metagram |
Metagram Relay |
101 |
hostname |
NIC Host Name Server |
102 |
hostname |
|
107 |
rtelnet |
Remote Telnet Service |
108 |
snagas |
SNA Gateway Access Server |
109 |
POP2 |
Post Office Protocol - version 2 |
110 |
POP3 |
Post Office Protocol - version 3 |
111 |
sunrpc |
SUN Remote Procedure Call |
119 |
NNTP News |
Network New Transfer Protocol |
123 |
NTP |
Network Time Protocol |
135 |
DCOM |
Distributed Component Object Model |
137 |
NetBIOS |
Network Basic Input/Output System |
138 |
WindowsFileSharing |
|
139 |
WindowsFileSharing |
|
143 |
IMAP |
Internet Message Access Protocol |
150 |
netcp |
|
161 |
SNMP |
Simple Network Management Protocol |
162 - 164 |
SNMP trap |
Simple Network Management Protocol trap |
201- 208 |
npp |
|
209 |
qmtp |
|
217 |
dbase |
|
259 - 261 |
objcall |
|
264 |
bgmp |
|
348 |
objcall |
|
359 |
nsrmp |
|
389 |
LDAP |
Lightweight Directory Access Protocol |
391 |
NSRMP |
Network Security Risk Management Protocol |
392 |
NSRMP |
Network Security Risk Management Protocol |
395 |
netcp |
|
443 |
SecureWeb |
|
445 |
WindowsFileSharing |
|
464 |
Kerberos |
|
500 |
IPSec |
Internet Protocol Security |
514 |
Syslog |
|
543 |
Kerberos |
|
544 |
Kerberos |
|
546 |
DHCPv6 |
|
547 |
DHCPv6 |
|
554 |
StreamingAudio |
|
636 |
LDAP |
Lightweight Directory Access Protocol |
666 |
MDQS |
|
1214 |
Kazaa |
|
1241 |
Nessus |
|
1344 |
ICAP |
|
1345 |
NortonGhost |
|
1346 |
NortonGhost |
|
1352 |
LotusNotes |
|
1433 |
MSSQLServer |
|
1494 |
CitrixICA |
|
1521 |
Oracle |
|
1525 |
Oracle |
|
1527 |
tlisrv |
|
1529 |
Oracle |
|
1571 |
- |
Oracle Remote Data Base |
1575 |
oraclenames |
|
1630 |
oraclenet8cman |
|
1645 |
Radius |
|
1646 |
Radius |
|
1748 |
oraclenet8cman |
|
1754 |
oraclenet8cman |
|
1755 |
MicrosoftMediaServer |
|
1808 |
oraclenet8cman |
|
1809 |
oraclenet8cman |
|
1812 |
Radius |
|
1813 |
Radius |
|
1830 |
oraclenet8cman |
|
1863 |
MSN |
|
1900 |
MiscApp |
|
2005 |
Oracle |
|
2049 |
NFS |
Network File System |
2055 |
cflow |
|
2481 |
giop |
|
2482 |
giop |
|
2483 |
ttc |
|
2484 |
ttc |
|
2598 |
CitrixICA |
|
2967 |
NortonAntiVirus |
|
3128 |
Squid |
|
3200 |
ttc |
|
3264 |
ccmail |
|
3300 |
SAP Gateway Server |
|
3389 |
MSTerminalServices |
|
3531 |
PeerEnabler |
|
3600 |
ttc |
|
4500 |
IPSec |
Internet Protocol Security |
4662 |
eDonkey2000 |
|
5000 |
Intellex |
|
5001 |
Intellex |
|
5002 |
Intellex |
|
5050 |
Yahoo |
|
5190 |
ICQ |
|
5222 |
Jabber |
|
5432 |
PostgreSQL |
|
5900 |
VNC |
|
6050 |
ARCserverBackup |
|
6343 |
sflow |
|
6346 |
Gnutella |
|
6667 |
IRC |
|
6699 |
OpenNap |
|
6881 |
BitTorrent |
|
6989 |
BitTorrent |
|
7777 |
ttc |
|
7778 |
ttc |
|
8000 |
StreamingAudio |
|
8080 |
HTTP |
|
9555 |
netflow |
|
9800 |
packeteer |
|
9991 |
jflow |
|
9995 |
netflow |
|
10000 |
Webmin |
|
32000 |
Flow Processor |
|
40000 |
Flowproc |
|
41170 |
Blubster |
|
41524 |
ARCserverBackup |
|
45000 |
UpdateDaemon |
|
65301 |
pcanywhere |
|
32000-33999 |
InnerSystem |