Skill Gallery
Back to list
zebbern

network-ports-reference

by zebbern

A Collection of penetration testing and Linux administration commands in PDFs. Include's detailed guides on tools like Nmap, Sqlmap, Hydra, and Linux system management etc..

13🍴 3📅 Jan 22, 2026
ai-knowledge-algorithmsbuffer-overflowbugbountyburp-suitecloudcloud-pentestingcross-site-scriptingcsrf
View on GitHubRun in Manus

SKILL.md

name: Network Ports Reference description: | The assistant provides comprehensive network port and protocol reference information for security assessments and penetration testing. Activate when users ask about "port numbers," "common ports," "service ports," "TCP/UDP ports," "what runs on port X," or "protocol identification." version: "1.0.0" tags:

  • networking
  • ports
  • protocols
  • reconnaissance
  • enumeration

Network Ports Reference

Purpose

Provide quick reference for TCP/UDP port numbers and their associated protocols during reconnaissance, enumeration, and security assessments. Enable rapid identification of services running on target systems and support port-based attack surface mapping.

Inputs/Prerequisites

  • Target IP address or hostname for port scanning
  • Network access to the target system
  • Port scanning tools (nmap, masscan, netcat)
  • Basic understanding of TCP/IP networking

Outputs/Deliverables

  • Identified open ports and associated services
  • Protocol-specific enumeration data
  • Service version information
  • Attack surface documentation
  • Port-to-vulnerability mapping

Core Workflow

1. Identify Common Service Ports

Reference these critical ports during reconnaissance:

PortProtocolService
20TCPFTP Data Transfer
21TCPFTP Control
22TCPSSH
23TCPTelnet
25TCPSMTP
53TCP/UDPDNS
67-68UDPDHCP
69UDPTFTP
80TCPHTTP
88TCPKerberos
110TCPPOP3
111TCP/UDPRPC Portmapper
119TCPNNTP
123UDPNTP
135TCPMS RPC
137-139TCP/UDPNetBIOS
143TCPIMAP
161-162UDPSNMP
389TCPLDAP
443TCPHTTPS
445TCPSMB/CIFS
465TCPSMTPS
500UDPIKE/IPSec
514UDPSyslog
587TCPSMTP Submission
636TCPLDAPS
993TCPIMAPS
995TCPPOP3S
1433TCPMS SQL
1521TCPOracle DB
2049TCPNFS
3306TCPMySQL
3389TCPRDP
5432TCPPostgreSQL
5900TCPVNC
6379TCPRedis
8080TCPHTTP Proxy
8443TCPHTTPS Alt

2. Perform Port Discovery

Scan for open ports on target systems:

# Quick TCP SYN scan of common ports
nmap -sS -T4 192.168.1.1

# Comprehensive port scan (all 65535 ports)
nmap -p- -sS -T4 192.168.1.1

# UDP port scan
nmap -sU -T4 --top-ports 100 192.168.1.1

# Service version detection
nmap -sV -sC 192.168.1.1

# Fast scan with masscan
masscan -p1-65535 192.168.1.0/24 --rate=1000

# Check specific port with netcat
nc -zv 192.168.1.1 22

3. Enumerate Services by Port

Perform targeted enumeration based on discovered ports:

# FTP (21) - Check anonymous access
ftp 192.168.1.1
nmap --script ftp-anon 192.168.1.1

# SSH (22) - Grab banner and check versions
ssh -v 192.168.1.1
nmap --script ssh-hostkey 192.168.1.1

# SMTP (25) - Enumerate users
nmap --script smtp-enum-users 192.168.1.1

# DNS (53) - Zone transfer
dig axfr @192.168.1.1 domain.com

# HTTP (80/443) - Web enumeration
nikto -h http://192.168.1.1
gobuster dir -u http://192.168.1.1 -w /usr/share/wordlists/dirb/common.txt

# SMB (445) - Share enumeration
smbclient -L //192.168.1.1 -N
enum4linux -a 192.168.1.1

# SNMP (161) - Community string discovery
snmpwalk -c public -v1 192.168.1.1
onesixtyone 192.168.1.1 public

# LDAP (389) - Query directory
ldapsearch -x -h 192.168.1.1 -s base

# MySQL (3306) - Database enumeration
nmap --script mysql-enum 192.168.1.1

4. Map Attack Surface

Document findings for exploitation:

# Generate port scan report
nmap -sV -sC -oA scan_results 192.168.1.1

# Create service inventory
nmap -sV 192.168.1.1 -oG - | grep open

Quick Reference

High-Value Target Ports

PortWhy It Matters
21Anonymous FTP access, file upload
22SSH brute force, key-based auth bypass
23Telnet cleartext credentials
25Mail relay, user enumeration
53DNS zone transfer, cache poisoning
80/443Web vulnerabilities (SQLi, XSS, RCE)
135/445SMB exploits (EternalBlue)
139NetBIOS enumeration
161SNMP default communities
389/636LDAP injection, AD enumeration
1433/3306Database access, SQL injection
3389RDP brute force, BlueKeep
5985/5986WinRM remote execution
6379Redis unauthenticated access

Database Ports

PortDatabase
1433Microsoft SQL Server
1521Oracle
3306MySQL/MariaDB
5432PostgreSQL
5984CouchDB
6379Redis
27017MongoDB

Remote Access Ports

PortService
22SSH
23Telnet
3389RDP
5900VNC
5985/5986WinRM

Constraints

  • Always verify port assignments as services can run on non-standard ports
  • Some ports are registered but rarely used in practice
  • Firewalls may filter or redirect traffic
  • NAT and port forwarding can obscure actual service locations
  • Service banners can be spoofed for deception

Examples

Example 1: Quick Web Server Identification

# Scan common web ports
nmap -p 80,443,8080,8443 192.168.1.0/24

# Get HTTP headers
curl -I http://192.168.1.1

Example 2: Database Discovery

# Scan for common database ports
nmap -p 1433,1521,3306,5432,27017 192.168.1.0/24 -sV

# Test MySQL connection
mysql -h 192.168.1.1 -u root -p

Example 3: Full Port Audit

# Comprehensive scan with service detection
nmap -p- -sV -sC -A 192.168.1.1 -oA full_audit

Troubleshooting

IssueSolution
Ports appear filteredTry different scan techniques (-sA, -sW)
Service detection failsUse more aggressive version probing (-sV --version-all)
UDP scan too slowReduce port range or increase timing (-T5)
False positivesVerify with manual connection (nc, telnet)
Firewall blocking scansUse fragmentation (-f) or decoys (-D)
Service on non-standard portAlways perform full port scans (-p-)

Score

Total Score

65/100

Based on repository quality metrics

SKILL.md

SKILL.mdファイルが含まれている

+20
LICENSE

ライセンスが設定されている

0/10
説明文

100文字以上の説明がある

+10
人気

GitHub Stars 100以上

0/15
最近の活動

1ヶ月以内に更新

+10
フォーク

10回以上フォークされている

0/5
Issue管理

オープンIssueが50未満

+5
言語

プログラミング言語が設定されている

+5
タグ

1つ以上のタグが設定されている

+5

Reviews

💬

Reviews coming soon