Port Numbers

CommonPortNumbers - service to get registered service names and transport protocols port numbers.

Service names and port numbers are used to distinguish between different services that run over transport protocols such as TCP, UDP, DCCP, and SCTP. Service names are assigned on a first-come, first-served process.

Port numbers are assigned in various ways, based on three ranges: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535);

Data is based on Internet Assigned Numbers Authority (IANA)

There are 65536 ports and the majority of them are not used.

Typically, protocols are associated with one or two ports. Like HTTPS is 443 and SMTP - 25.

Normally, this statistics is being backed up by empirical results and research using port scanners. There are a bunch of port scanners available in the wild.

The most used, and de facto standard, one is called the Network Mappper (NMAP).

And based on their research,which was conducted in 2008 - 80% of systems are using the same 122 TCP ports and 7,981 UDP ones.

Top 10 TCP ports

1. 80 - HTTP
2. 23 - Telnet
3. 443 - HTTPS
4. 21 - FTP
5. 22 - SSH
6. 25 - SMTP
7. 3389 - ms-term-server
8. 110 - POP3
9. 445 - Microsoft-DSl
10. 39 - NetBIOS-SSN

Top 10 UDP ports

1. 31 - IPP
2. 161 - SNMP
3. 137 - NETBIOS-NS
4. 123 - NTP
5. 138 - NETBIOS-DGM
6. 1434 - MS-SQL-DS
7. 445 - Microsoft-DS
8. 135 - MSRPC
9. 67 - BOOTP
10. 53 - DNS

As NMAP data is a bit outdated, let's also get some top ports usage from Shodan.io

References:

• https://nmap.org/book/performance-port-selection.html
• https://www.shodan.io/search/facet?query=22&facet=port