Network Ports Used by Key Microsoft Server Products
Network Ports Used by Key Microsoft Server Products
Introduction
Term Usage
Microsoft Server Product Ports
Ports and Protocols
For More Information
Related Topics
Introduction
https://msdn.microsoft.com/en-us/library/cc875824.aspx
This document discusses the network ports and protocols that are used by server products and their subcomponents in the Microsoft Windows Server System.The Windows Server System includes a comprehensive and integrated infrastructure that is designed to meet the requirements of developers and information technology (IT) professionals. This system is designed to run programs that information workers can use to obtain, analyze, and share information quickly and easily. These Microsoft server products use a variety of network ports and protocols to communicate with client and server systems. While dedicated firewalls, host-based firewalls, and Internet Protocol Security (IPSec) filters can be used to help secure your network, if these technologies are configured to block ports and protocols that are used by the Windows Server System, a server may not be able to respond to legitimate client requests. If a server is unable to respond to legitimate client requests, it may not function properly or at all.
Term Usage
The following list provides an overview of the information contained in this document:- The "Microsoft Server Product Ports" section of this document contains a brief description of each service, displays the logical name of that service, and indicates the ports and protocols required by each service for correct operation. Use this section to help identify the ports and protocols that a particular service uses.
- The "Ports and Protocols Table" section of this document includes a table that summarizes the information from the "System Services Ports" section. The table is sorted by port number instead of by the service name. Use this section to quickly determine which services listen on a particular port.
- System services: The Windows Server System includes many products, such as the Microsoft Windows Server 2003 family, Microsoft Exchange 2000 Server, and Microsoft SQL Server 2000. Each of these products includes many components; system services is one of those components. System services that are required by a computer are either started automatically by the operating system during startup or are started as required during typical operations. For example, some system services that are available on computers running Windows Server 2003, Enterprise Edition, include the Server service, the Print Spooler service, and the World Wide Web Publishing Service. Each system service has a friendly service name and a service name. The friendly service name is the name that appears in graphical management tools, such as the Services Microsoft Management Console (MMC) snap-in. The service name is the name that is used with command-line tools and with many scripting languages. Each system service may provide one or more network services.
- Application protocol: In the context of this document, an application protocol is a high-level network protocol that uses one or more TCP/IP protocols and ports. Examples of application protocols include HTTP, server message blocks (SMBs), and Simple Mail Transfer Protocol (SMTP).
- Protocol: Operating at a lower level than the application protocols, TCP/IP protocols are standard formats for communicating between devices on a network.
The TCP/IP suite of protocols includes TCP, User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
- Port: This is the network port that the system service listens on for incoming network traffic.
When you use RPC with TCP/IP or with UDP/IP as the transport, inbound ports are frequently dynamically assigned to system services as required; TCP/IP and UDP/IP ports that are higher than port 1024 are used. These are frequently informally referred to as "random RPC ports." In these cases, RPC clients rely on the RPC endpoint mapper to tell them which dynamic ports were assigned to the server. For some RPC-based services, you can configure a port instead of letting RPC assign one dynamically. You can also restrict the range of ports that RPC dynamically assigns to a small range, regardless of the service. For more information, see "Related Topics" later in this document.
This document includes information about the system services roles and the server roles for the Microsoft products that are listed in the "For More Information" section of this document. Although this information may also apply to Microsoft Windows XP and Microsoft Windows 2000 Professional, this document is intended to focus on server-class operating systems. Therefore, this document describes the ports that a service listens on instead of the ports that client programs use to connect to a remote system.
Microsoft Server Product Ports
This section provides a description of each system service, includes the logical name that corresponds to the system service, and displays the ports and the protocols required by each service.Application Layer Gateway (ALG) Service
This subcomponent of the Internet Connection Sharing (ICS)/Internet Connection Firewall (ICF) service provides support for plug-ins that allow network protocols to pass through the firewall and work behind ICS. Application Layer Gateway plug-ins have the power to open ports and change data (such as ports and IP addresses) embedded in packets. File Transfer Protocol (FTP) is the only network protocol with a plug-in that is released with Windows Server 2003, Standard Edition, and Windows Server 2003, Enterprise Edition.The ALG FTP plug-in is designed to support active FTP sessions through the network address translation (NAT) engine used by these components. The ALG FTP plug-in does this by redirecting all traffic passing through the NAT destined for port 21 to a private listening port in the 3000-5000 range on the loopback adapter. The ALG FTP plug-in then monitors and updates FTP control channel traffic so that the FTP plug-in can plumb port mappings through the NAT for the FTP data channels. The FTP plug-in will also update ports in the FTP control channel stream.
System Service Name ALG
Application protocol | Protocol | Port |
---|---|---|
FTP control | TCP | 21 |
ASP.NET State Service
The ASP.NET State service provides support for ASP.NET out-of-process session states. The ASP.NET State service stores session data out-of-process. The service communicates with ASP.NET running on a Web server using sockets.System Service Name aspnet_state
Application protocol | Protocol | Port |
---|---|---|
ASP.Net Session State | TCP | 42424 |
Certificate Services
Certificate Services is part of the core operating system that enables a business to act as its own certification authority (CA). In this way, the business can issue and manage digital certificates for applications and protocols such as Secure/Multipurpose Internet Mail Extensions (S/MIME), Secure Sockets Layer (SSL), Encrypting File System (EFS), IPSec, and smart card log on. Certificate Services relies on RPC and DCOM to communicate with clients using random TCP ports greater than 1024.System Service Name CertSvc
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Cluster Service
The Cluster service controls server cluster operations and manages the cluster database. A cluster is a collection of independent computers that is as easy to use as a single computer. Managers, programmers, and users see the cluster as a single system. The software distributes data among the nodes of the cluster. If a node fails, other nodes provide the services and data formerly provided by the missing node. When a node is added or repaired, the cluster software migrates some data to that node.System Service Name ClusSvc
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Cluster Services | UDP | 3343 |
Computer Browser
The Computer Browser system service maintains an up-to-date list of computers on your network and supplies the list to programs that request it. The Computer Browser service is used by Windows-based computers enabled to view network domains and resources. Computers designated as browsers maintain browse lists, which contain all shared resources used on the network. Earlier versions of Windows applications, such as My Network Places, the NET VIEW command, and Microsoft Windows NT Explorer, all require browsing capability. For example, opening My Network Places on a computer running Windows XP displays a list of domains and computers, which is accomplished by the computer obtaining a copy of the browse list from a computer designated as a browser.System Service Name Browser
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Datagram Service | UDP | 138 |
NetBIOS Name Resolution | UDP | 137 |
NetBIOS Session Service | TCP | 139 |
DHCP Server
Using the Dynamic Host Configuration Protocol (DHCP), the DHCP Server service automatically allocates IP addresses and enables advanced configuration of network settings, such as Domain Name System (DNS) servers and Windows Internet Name Service (WINS) servers to DHCP clients. The network administrator establishes one or more DHCP servers that maintain TCP/IP configuration information and provide it to clients.System Service Name DHCPServer
Application protocol | Protocol | Port |
---|---|---|
DHCP Server | UDP | 67 |
MADCAP | UDP | 2535 |
Distributed File System
The Distributed File System (DFS) service manages logical volumes distributed across a local or wide area network (LAN or WAN) and is required for the Microsoft Active Directory SYSVOL share. DFS is a distributed service that integrates disparate file shares into a single logical namespace.System Service Name Dfs
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Datagram Service | UDP | 138 |
NetBIOS Session Service | TCP | 139 |
LDAP Server | TCP | 389 |
LDAP Server | UDP | 389 |
SMB | TCP | 445 |
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
NetBIOS Datagram Service | UDP | 138 |
Distributed Link Tracking Server
The Distributed Link Tracking Server system service stores information so that files moved between volumes can be tracked to each volume in the domain. The Distributed Link Tracking Server service runs on each domain controller in a domain. This service enables the Distributed Link Tracking Server Client service to track linked documents that have been moved to a location in another NTFS file system volume in the same domain.System Service Name TrkSvr
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Distributed Transaction Coordinator
The Distributed Transaction Coordinator (DTC) system service is responsible for coordinating transactions that are distributed across multiple computer systems and resource managers, such as databases, message queues, file systems, or other transaction-protected resource managers. The DTC system service is necessary if transactional components will be configured through COM+. It is also required for transactional queues in Message Queuing (MSMQ) and SQL Server operations that span multiple systems.System Service Name MSDTC
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
DNS Server
The DNS Server system service enables DNS name resolution by answering queries and update requests for DNS names. The presence of DNS servers is crucial for locating devices and services identified using DNS names and domain controllers in the Active Directory directory service.System Service Name DNS
Application protocol | Protocol | Port |
---|---|---|
DNS | UDP | 53 |
DNS | TCP | 53 |
Event Log
This system service logs event messages issued by programs and the Windows operating system. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer. The Event Log service writes events sent by applications, services, and the operating system to log files. The events contain diagnostic information in addition to errors specific to the source application, service, or component. The logs can be viewed programmatically through the Event Log application programming interfaces (APIs) or through the Event Viewer in an MMC (Microsoft Management Console) snap-in.System Service Name Eventlog
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Exchange Server
Microsoft Exchange Server includes several system services. When a MAPI client such as Microsoft Outlook connects to an Exchange server, the client first connects to the RPC endpoint mapper (the RPC Locator Service) on TCP port 135. The RPC endpoint mapper tells the client which ports to use to connect to the Exchange Server service, which are dynamically assigned. Exchange Server 5.5 uses two ports, one each for the information store and the directory. Microsoft Exchange 2000 Server and Exchange Server 2003 use three ports, one for the information store and two for the system attendant, respectively. Alternatively, Microsoft Outlook 2003 can use RPC over HTTP to connect to servers running Exchange Server 2003. Exchange can also provide support for other protocols, such as SMTP, POP3, and IMAP.Application protocol | Protocol | Port |
---|---|---|
IMAP | TCP | 143 |
IMAP over SSL | TCP | 993 |
POP3 | TCP | 110 |
POP3 over SSL | TCP | 995 |
Randomly allocated high TCP ports | TCP | RANDOM |
RPC | TCP | 135 |
RPC over HTTP | TCP | 593 |
SMTP | TCP | 25 |
SMTP | UDP | 25 |
Fax Service
The Fax service, a Telephony Application Programming Interface (TAPI)-compliant system service, provides fax capabilities from your computer. The Fax service allows users to send and receive faxes from their desktop applications using either a local fax device or a shared network fax device.System Service Name Fax
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
NetBIOS Session Service | TCP | 139 |
SMB | TCP | 445 |
File Replication
The File Replication system service allows files to be automatically copied and maintained simultaneously on multiple servers. File Replication service (FRS) is the automatic file replication service in Windows 2000 and the Microsoft Windows Server 2003 family. Its function is to replicate the Sysvol on all domain controllers. In addition, FRS can be configured to replicate files among alternate targets associated with the fault-tolerant DFS.System Service Name NtFrs
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
File Server for Macintosh
The File Server for Macintosh system service enables Macintosh computer users to store and access files on a computer running Windows Server 2003. If this service is turned off or blocked, Macintosh clients cannot access or store files on your computer.System Service Name MacFile
Application protocol | Protocol | Port |
---|---|---|
File Server for Macintosh | TCP | 548 |
FTP Publishing Service
The File Transfer Protocol (FTP) Publishing service provides FTP connectivity. The FTP control port is 21 by default, but you can configure this system service through the Internet Information Services (IIS) Manager (a snap-in). The default data port (used for active mode FTP) is automatically set to one less than the control port, so if you configure the control port to 4131, the default data port will be 4130. Most FTP clients use passive mode, which means that the client initially connects to the FTP server through the control port; the FTP server assigns a high TCP port between 1025 and 5000; and the client opens a second connection to the FTP server for transferring data. The range of high ports can be configured through the IIS metabase.System Service Name MSFtpsvc
Application protocol | Protocol | Port |
---|---|---|
FTP control | TCP | 21 |
FTP default data | TCP | 20 |
Randomly allocated high TCP ports | TCP | RANDOM |
HTTP SSL
The HTTP SSL system service enables IIS to perform SSL functions. SSL is an open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, this service enables secure electronic financial transactions on the Web, although it is designed to work on other Internet services as well. You can configure the ports for this service through IIS Manager.System Service Name HTTPFilter
Application protocol | Protocol | Port |
---|---|---|
HTTPS | TCP | 443 |
Internet Authentication Service
The Internet Authentication Service (IAS) performs centralized authentication, authorization, auditing, and accounting of users connecting to a network - either LAN or remote - using VPN equipment, Remote Access Equipment (RAS), or 802.1X Wireless and Ethernet/Switch Access Points. IAS implements the Internet Engineering Task Force (IETF) standard RADIUS protocol, which enables heterogeneous network access equipment.System Service Name IAS
Application protocol | Protocol | Port |
---|---|---|
Legacy RADIUS | UDP | 1645 |
Legacy RADIUS | UDP | 1646 |
RADIUS Accounting | UDP | 1813 |
RADIUS Authentication | UDP | 1812 |
ICF/ICS
This system service provides NAT, addressing and name resolution services for all computers on your home or small-office network. When ICS is enabled, your computer becomes an "Internet gateway" on the network, enabling other client computers to share one connection to the Internet; such as a dial-up or broadband connection. This service provides basic DHCP and DNS services, but will work with the full-featured Windows DHCP or DNS services.When ICF/ICS is acting as a gateway for the rest of the computers on your network, it provides DHCP and DNS services to the private network on the internal network interface. It does not provide these services on the externally-facing interface.
System Service Name SharedAccess
Application protocol | Protocol | Port |
---|---|---|
DHCP Server | UDP | 67 |
DNS | UDP | 53 |
DNS | TCP | 53 |
Kerberos Key Distribution Center
The Kerberos Key Distribution Center (KDC) system service enables users to log on to the network using the Kerberos version 5 authentication protocol. As in other implementations of the Kerberos protocol, the KDC is a single process that provides two services: the Authentication Service, which issues ticket-granting tickets, and the Ticket-Granting Service, which issues tickets for connections to computers in its own domain.System Service Name Kdc
Application protocol | Protocol | Port |
---|---|---|
Kerberos | TCP | 88 |
Kerberos | UDP | 88 |
License Logging Service
License Logging Service (LLS) is a tool that was originally designed to help customers manage licenses for Microsoft server products that are licensed in the Server Client Access License (CAL) model. LLS was introduced with Windows NT Server 3.51. By default, LLS is disabled in Windows Server 2003. Because of original design constraints and evolving license terms and conditions, LLS cannot provide an accurate view of the total number of CALs that are purchased as compared to the total number of CALs that are used on a single server or across the enterprise. The CALs that are reported by LLS may conflict with the interpretation of the End User License Agreement (EULA) and with Product Usage Rights (PUR). LLS will not be included in future versions of the Windows operating system. (Only users of Small Business Server should enable this service on their servers.)System Service Name LicenseService
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Datagram Service | UDP | 138 |
NetBIOS Session Service | TCP | 139 |
SMB | TCP | 445 |
Local Security Authority
The Local Security Authority (LSASS) service provides core operating system security mechanisms. It uses random TCP ports assigned through the RPC service for domain controller replication.Although LSASS can use all of the following protocols, it may only use a subset of them. For example, if you are configuring a VPN gateway that lies behind a filtering router, you might use L2TP with IPSec. If so, then you must allow IPSec ESP (IP protocol 50), NAT-T (TCP on port 4500), and IPSec ISAKMP (TCP on port 500) through the router. Although IPSec ESP is required for L2TP, it is actually monitored by the Routing and Remote Access service.
System Service Name LSASS
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Global Catalog Server | TCP | 3269 |
Global Catalog Server | TCP | 3268 |
LDAP Server | TCP | 389 |
LDAP Server | UDP | 389 |
LDAP SSL | UDP | 636 |
LDAP SSL | TCP | 636 |
IPSec ISAKMP | UDP | 500 |
NAT-T | UDP | 4500 |
Message Queuing
The Message Queuing system service is a messaging infrastructure and development tool for creating distributed messaging applications for Windows. Such applications can communicate across heterogeneous networks and send messages between computers that may be temporarily unable to connect to each other. Message Queuing provides guaranteed message delivery, efficient routing, security, support for sending messages within transactions, and priority-based messaging.System Service Name msmq
Application protocol | Protocol | Port |
---|---|---|
MSMQ | UDP | 1801 |
MSMQ | TCP | 1801 |
MSMQ-DCs | TCP | 2101 |
MSMQ-Mgmt | TCP | 2107 |
MSMQ-Ping | UDP | 3527 |
MSMQ-RPC | TCP | 2105 |
MSMQ-RPC | TCP | 2103 |
RPC | TCP | 135 |
Messenger
The Messenger system service sends messages to or receives messages from users and computers, administrators, and the Alerter service. This service is not related to Microsoft Windows Messenger or MSN Messenger. When this service is disabled, the NET SEND and NET NAME shell commands will no longer function. Messenger notifications sent to computers or users currently logged on the network will not be received.System Service Name Messenger
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Datagram Service | UDP | 138 |
Microsoft Exchange MTA Stacks
In Exchange 2000 Server and Exchange Server 2003, Message Transfer Agent (MTA Stacks) is frequently used to provide backward-compatible message transfer services between Exchange 2000 Server-based servers and Exchange Server 5.5-based servers in a mixed-mode environment.Application protocol | Protocol | Port |
---|---|---|
X.400 | TCP | 102 |
Microsoft Operations Manager 2000
Microsoft Operations Manager 2000 (MOM) delivers enterprise-class operations management by providing comprehensive event management, proactive monitoring and alerting, reporting, and trend analysis. After installing Service Pack 1, MOM will stop using the clear-text communications channel, and all traffic between the MOM agent and the MOM server will be encrypted over TCP port 1270. The MOM Administrator console uses DCOM to connect to the server. This means that administrators managing the MOM server over the network must have access to random high TCP ports, too.System Service Name one point
Application protocol | Protocol | Port |
---|---|---|
MOM-Clear | TCP | 51515 |
MOM-Encrypted | TCP | 1270 |
Microsoft POP3 Service
The Microsoft POP3 Service provides e-mail transfer and retrieval services. Administrators can use this service to store and manage e-mail accounts on the mail server. When you install Microsoft POP3 Service on the mail server, users can connect to the mail server and retrieve e-mail using an e-mail client that supports the POP3 protocol, such as Microsoft Outlook.System Service Name POP3SVC
Application protocol | Protocol | Port |
---|---|---|
POP3 | TCP | 110 |
Microsoft SQL Server
Microsoft SQL Server 2000 provides a powerful and comprehensive data management platform. The ports used by each instance of SQL Server can be configured through the Server Network Utility.System Service Name SQLSERVR
Application protocol | Protocol | Port |
---|---|---|
SQL over TCP | TCP | 1433 |
SQL Probe | UDP | 1434 |
MSSQL$UDDI
This system service installs during the installation of the Universal Description, Discovery, and Integration (UDDI) feature of the Windows Server 2003 family of operating systems, which provides UDDI capabilities within an enterprise. The SQL Server database engine is the core component of this feature.System Service Name SQLSERVR
Application protocol | Protocol | Port |
---|---|---|
SQL over TCP | TCP | 1433 |
SQL Probe | UDP | 1434 |
Net Logon
The Net Logon system service maintains a secure channel between your computer and the domain controller to authenticate users and services. It passes the user's credentials through a secure channel to a domain controller and returns the domain security identifiers and user rights for the user. This is commonly referred to as pass-through authentication. Net Logon starts automatically when the computer is a member of a domain. In the Windows 2000 Server and Windows 2003 Server families, the Net Logon service publishes service resource records in the DNS. Net Logon service is enabled only on computers that belong to a domain. When it is running, it relies on the Server and Local Security Authority services to listen for incoming requests. On domain member computers, it uses RPC over named pipes; on domain controllers, it uses RPC over named pipes, RPC over TCP/IP, mailslots, and LDAP.System Service Name Netlogon
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Datagram Service | UDP | 138 |
NetBIOS Name Resolution | UDP | 137 |
NetBIOS Session Service | TCP | 139 |
SMB | TCP | 445 |
NetMeeting Remote Desktop Sharing
The NetMeeting Remote Desktop Sharing system service allows authorized users to remotely access your Windows desktop from another personal computer over a corporate intranet by using Microsoft NetMeeting. You must explicitly enable this service in NetMeeting. You also can disable or shut down through an icon in the Windows notification area.System Service Name mnmsrvc
Application protocol | Protocol | Port |
---|---|---|
Terminal Services | TCP | 3389 |
Network News Transfer Protocol
The Network News Transfer Protocol (NNTP) system service allows computers running Windows Server 2003 to act as news servers. Clients can use a news client such as the Microsoft Outlook Express messaging client to retrieve newsgroups from the server and read headers or bodies of the articles in each newsgroup.System Service Name NntpSvc
Application protocol | Protocol | Port |
---|---|---|
NNTP | TCP | 119 |
NNTP over SSL | TCP | 563 |
Performance Logs and Alerts
The Performance Logs and Alerts system service collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. The Performance Logs and Alerts service starts and stops each named performance data collection based on the information contained in the named log collection setting. This service runs only if at least one performance data collection is scheduled.System Service Name SysmonLog
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Session Service | TCP | 139 |
Print Spooler
The Print Spooler system service manages all local and network print queues and controls all print jobs. The print spooler is the center of the Windows printing subsystem and controls all printing jobs. It manages the print queues on the system and communicates with printer drivers and input/output (I/O) components, for example, the USB port and the TCP/IP protocol suite.System Service Name Spooler
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Session Service | TCP | 139 |
SMB | TCP | 445 |
Remote Installation
The Remote Installation system service provides the ability to install Windows 2000, Windows XP, and Windows Server 2003 on Pre Execution Environment (PXE) remote boot-enabled client computers. The Boot Information Negotiation Layer (BINL) service, the primary component of Remote Installation Services (RIS), answers PXE client requests, checks Active Directory for client validation, and passes client information to and from the server. The BINL service is installed when you either add the RIS component from Add/Remove Windows Components, or select it when initially installing the operating system.System Service Name BINLSVC
Application protocol | Protocol | Port |
---|---|---|
BINL | UDP | 4011 |
Remote Procedure Call
The Microsoft Remote Procedure Call (RPC) system service is a secure inter-process communication (IPC) mechanism that enables data exchange and invocation of functionality residing in a different process. The different process can be on the same computer, on the LAN, or across the globe through a WAN or VPN connection. RPC service serves as the RPC endpoint mapper and Component Object Model (COM) Service Control Manager (SCM). Many services depend on the RPC service to start successfully.System Service Name RpcSs
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
RPC over HTTP | TCP | 593 |
Remote Procedure Call Locator
The Remote Procedure Call Locator system service enables RPC clients using the RpcNs family of application programming interfaces (APIs) to locate RPC servers and manages the RPC name service database. This service is turned off by default.System Service Name RpcLocator
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Session Service | TCP | 139 |
SMB | TCP | 445 |
Remote Storage Notification
The Remote Storage Notification system service notifies users when they read from or write to files that are available only from a secondary storage media. If this service is stopped, notification does not occur.System Service Name Remote_Storage_User_Link
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Remote Storage Server
The Remote Storage Server system service stores infrequently used files in a secondary storage medium. Stopping this service prevents users from moving or retrieving files from the secondary storage media.System Service Name Remote_Storage_Server
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Routing and Remote Access
The Routing and Remote Access (RRAS) system service provides multiprotocol LAN-to-LAN, LAN-to-WAN, VPN, and NAT routing services. In addition, the RRAS service also provides dial-up and VPN remote access services.Although RRAS can use all of the following protocols, typically it will only use a subset of them. For example, if you are configuring a VPN gateway that lies behind a filtering router, you will probably only use one technology. If you use L2TP with IPSec, then you must allow IPSec ESP (IP protocol 50), NAT-T (TCP on port 4500), and IPSec ISAKMP (TCP on port 500) through the router. Although NAT-T and IPSec ISAKMP are required for L2TP, these ports are actually monitored by the Local Security Authority. For more information, see "Related Topics" later in this document.
System Service Name RemoteAccess
Application protocol | Protocol | Port |
---|---|---|
GRE (IP protocol 47) | GRE | n/a |
IPSec AH (IP protocol 51) | AH | n/a |
IPSec ESP (IP protocol 50) | ESP | n/a |
L2TP | UDP | 1701 |
PPTP | TCP | 1723 |
Server
The Server system service provides RPC support, and file, print, and named pipe sharing over the network. The Server service allows the sharing of local resources, such as disks and printers, so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC. Named pipe communication is memory reserved for the output of one process to be used as input for another process. The input-accepting process does not have to be local to the computer.System Service Namelanmanserver
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Datagram Service | UDP | 138 |
NetBIOS Name Resolution | UDP | 137 |
NetBIOS Session Service | TCP | 139 |
SMB | TCP | 445 |
SharePoint Portal Server
The SharePoint Portal Server system service enables enterprises to develop an intelligent portal that seamlessly connects users, teams, and knowledge so that people can take advantage of relevant information across business processes to help them work more efficiently. Microsoft Office SharePoint Portal Server 2003 provides an enterprise business solution that integrates information from various systems into one solution through single sign-on and enterprise application integration capabilities, with flexible deployment options and management tools.Application protocol | Protocol | Port |
---|---|---|
HTTP | TCP | 80 |
HTTPS | TCP | 443 |
Simple Mail Transfer Protocol
The Simple Mail Transfer Protocol (SMTP) system service is an e-mail submission and relay agent. It can accept and queue e-mail for remote destinations and retry at specified intervals. Windows domain controllers use the SMTP service for intersite e-mail-based replication. The Collaboration Data Objects (CDO) for the Windows Server 2003 COM component can use the SMTP service to submit and queue outbound e-mail.System Service Name SMTPSVC
Application protocol | Protocol | Port |
---|---|---|
SMTP | TCP | 25 |
SMTP | UDP | 25 |
Simple TCP/IP Services
Simple TCP/IP Services implements support for the following protocols:- Echo, port 7, RFC 862
- Discard, port 9, RFC 863
- Character Generator, port 9, RFC 864
- Daytime, port 3, RFC 867
- Quote of the Day, port 17, RFC 865
Application protocol | Protocol | Port |
---|---|---|
Chargen | TCP | 19 |
Chargen | UDP | 19 |
Daytime | TCP | 13 |
Daytime | UDP | 13 |
Discard | TCP | 9 |
Discard | UDP | 9 |
Echo | UDP | 7 |
Echo | TCP | 7 |
Quotd | UDP | 17 |
Quotd | TCP | 17 |
SMS Remote Control Agent
Systems Management Server (SMS) 2003 provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively.Application protocol | Protocol | Port |
---|---|---|
SMS Remote Chat | UPD | 2703 |
SMS Remote Chat | TCP | 2703 |
SMS Remote Control (control) | UDP | 2701 |
SMS Remote Control (control) | TCP | 2701 |
SMS Remote Control (data) | TCP | 2702 |
SMS Remote Control (data) | UDP | 2702 |
SMS Remote File Transfer | UDP | 2704 |
SMS Remote File Transfer | TCP | 2704 |
SNMP Service
The SNMP Service system service allows incoming Simple Network Management Protocol (SNMP) requests to be serviced by the local computer. The SNMP service includes agents that monitor activity in network devices and report to the network console workstation. SNMP service provides a method of managing network hosts, such as workstation or server computers, routers, bridges, and hubs from a centrally-located computer running network management software. SNMP performs management services by using a distributed architecture of management systems and agents.System Service Name SNMP
Application protocol | Protocol | Port |
---|---|---|
SNMP | UDP | 161 |
SNMP Trap Service
The SNMP Trap Service receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on your computer. The SNMP Trap Service, when configured for an agent, generates trap messages if any specific events occur. These messages are sent to a trap destination. For example, an agent can be configured to initiate an authentication trap if an unrecognized management system sends a request for information. Trap destinations consist of the computer name, or the IP address, or IPX address of the management system. The trap destination must be a network-enabled host that is running SNMP management software.System Service Name SNMPTRAP
Application protocol | Protocol | Port |
---|---|---|
SNMP Traps Outbound | UDP | 162 |
SQL Analysis Server
The SQL Analysis Server system service is a component of SQL Server 2000. It can be used to create and manage OLAP cubes and data mining models. The analysis server may access local or remote data sources for the purposes of creating and storing cubes or data mining models.Application protocol | Protocol | Port |
---|---|---|
SQL Analysis Services | TCP | 2725 |
SQL Server: Downlevel OLAP Client Support
This system service is used by SQL Server 2000 when the SQL Analysis Server service must support connections from downlevel (OLAP Services 7.0) clients.Default Ports for OLAP Services Used by SQL Server 7.0
Application protocol | Protocol | Port |
---|---|---|
OLAP Services 7.0 | TCP | 2393 |
OLAP Services 7.0 | TCP | 2394 |
SSDP Discovery Service
The SSDP Discovery service implements the Simple Service Discovery Protocol (SSDP) as a Windows service. The SSDP Discovery service manages receipt of device presence announcements, updating its cache and passing these notifications along to clients with outstanding search requests. The SSDP Discovery service also accepts registration of event callbacks from clients, turns these into subscription requests, and monitors for event notifications, passing them along to the registered callbacks. This system service also provides hosted devices with periodic announcements.Currently, the SSDP event notification service uses TCP port 5000. In Windows XP Service Pack 2, it relies on TCP port 2869.
System Service Name SSDPRSRV
Application protocol | Protocol | Port |
---|---|---|
SSDP | UDP | 1900 |
SSDP event notification | TCP | 2869 |
SSDP legacy event notification | TCP | 5000 |
Systems Management Server
Systems Management Server (SMS) 2003 provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively.Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
NetBIOS Datagram Service | UDP | 138 |
NetBIOS Name Resolution | UDP | 137 |
NetBIOS Session Service | TCP | 139 |
TCP/IP Print Server
The TCP/IP Print Server system service enables TCP/IP-based printing using the Line Printer Daemon protocol. The Line Printer Daemon Service (LPDSVC) on the server receives documents from native Line Printer Remote (LPR) utilities running on UNIX computers.System Service Name LPDSVC
Application protocol | Protocol | Port |
---|---|---|
LPD | TCP | 515 |
Telnet
The Telnet system service for Windows provides ASCII terminal sessions to Telnet clients. Telnet Server supports two types of authentication and supports four types of terminals: American National Standards Institute (ANSI), VT-100, VT-52, and VTNT.System Service Name TlntSvr
Application protocol | Protocol | Port |
---|---|---|
Telnet | TCP | 23 |
Terminal Services
Terminal Services provides a multisession environment that allows client devices to access a virtual Windows desktop session and Windows-based programs running on the server. Terminal Services allows multiple users to be connected interactively to a computer.System Service Name TermService
Application protocol | Protocol | Port |
---|---|---|
Terminal Services | TCP | 3389 |
Terminal Services Licensing
The Terminal Services Licensing system service installs a license server and provides registered client licenses when connecting to a Terminal Server. The Terminal Services Licensing service is a low-impact service that stores the client licenses that have been issued for a Terminal Server, and then tracks the licenses that have been issued to client computers or terminals.System Service NameTermServLicensing
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Terminal Services Session Directory
The Terminal Services Session Directory system service allows clusters of load-balanced Terminal Servers to route a user's connection request to the server where the user already has a session running. Users will be routed to the first-available Terminal Server, regardless of whether they've got a running session elsewhere in the cluster. Load Balancing pools the processing resources of several servers using the TCP/IP networking protocol. You can use this service with a cluster of terminal servers to scale the performance of a single terminal server by distributing sessions across multiple servers. Session Directory keeps track of disconnected sessions on the cluster, and ensures that users are reconnected to those sessions.System Service Name Tssdis
Application protocol | Protocol | Port |
---|---|---|
RPC | TCP | 135 |
Randomly allocated high TCP ports | TCP | RANDOM |
Trivial FTP Daemon Service
The Trivial FTP (TFTP) Daemon system service does not require a user name or password and is an integral part of the Remote Installation Services (RIS). The Trivial FTP Daemon service implements support for the TFTP protocol defined by the following RFCs:- RFC 350 - TFTP
- RFC 2347 - Option extension
- RFC 2348 - Block size option
- RFC 2349 - Timeout interval, and transfer size options
System Service Name tftpd
Application protocol | Protocol | Port |
---|---|---|
TFTP | UDP | 69 |
Universal Plug and Play Device Host
The UPnP Host discovery system service implements all of the components required for device registration, control, and responding to events for hosted devices. The information registered pertaining to a device (description, lifetimes, containers) are optionally persisted to disk and announced on the network after registration or on system restart. The service also includes the Web server, which serves the device, as well as service descriptions and a presentation page.System Service Name UPNPHost
Application protocol | Protocol | Port |
---|---|---|
UPNP | TCP | 2869 |
Windows Internet Name Service
The Windows Internet Name Service (WINS) enables NetBIOS name resolution. The presence of WINS servers is crucial for locating network resources that can be identified using NetBIOS names. WINS servers are required unless all domains have been upgraded to Active Directory, and all computers on the network are running Windows 2000 Server or later. WINS servers communicate with network clients using NetBIOS Name Resolution. WINS Replication is required between WINS servers only.System Service Name WINS
Application protocol | Protocol | Port |
---|---|---|
NetBIOS Name Resolution | UDP | 137 |
WINS Replication | TCP | 42 |
WINS Replication | UDP | 42 |
Windows Media Services
Windows Media Service in Windows Server 2003 replaces the four separate services that comprised Windows Media Services versions 4.0 and 4.1: Windows Media Monitor Service, Windows Media Program Service, Windows Media Station Service, and Windows Media Unicast Service.The Windows Media Service system service is now a single service that runs on Windows Server 2003, Standard Edition, Enterprise Edition, and Datacenter Edition. Its core components were developed using COM, creating a flexible architecture that is easily customized for specific applications. It supports a greater variety of control protocols, including Real Time Streaming Protocol (RTSP), Microsoft Media Server (MMS) protocol, and HTTP.
System Service Name WMServer
Application protocol | Protocol | Port |
---|---|---|
HTTP | TCP | 80 |
MMS | TCP | 1755 |
MMS | UDP | 1755 |
MS Theater | UDP | 2460 |
RTCP | UDP | 5005 |
RTP | UDP | 5004 |
RTSP | TCP | 554 |
Windows Time
For computers running Windows XP and Windows Server 2003, the Windows Time system service maintains date and time synchronization on all computers running on a Microsoft Windows network. The service uses the Network Time Protocol (NTP) to synchronize computer clocks so that an accurate clock value, or timestamp, is assigned for network validation and resource access requests.The implementation of NTP and the integration of time providers make Windows Time a reliable and scalable time service for enterprise administrators. For computers not joined to a domain, you can configure Windows Time to synchronize time with an external time source. If this service is turned off, the time setting for local computers will not be synchronized with any time service in the Windows domain, or an externally configured time service.
Windows Server 2003 uses NTP, which runs on UDP port 123. The Windows 2000 version of this service uses the Simple Network Time Protocol (SNTP), which also runs on UDP port 123.
System Service Name W32Time
Application protocol | Protocol | Port |
---|---|---|
NTP | UDP | 123 |
SNTP | UDP | 123 |
World Wide Web Publishing Service
The World Wide Web Publishing Service provides the infrastructure necessary to register, manage, monitor, and serve Web sites and applications registered with IIS. The system service contains a process manager and a configuration manager. The process manager controls the processes in which custom applications and Web sites reside. The configuration manager reads the stored system configuration for the W3SVC, and ensures that HTTP.sys is configured to route HTTP requests to the appropriate application pools or operating system processes. The ports used by this service can be configured through IIS Manager.If the administrative Web site is enabled, a virtual Web site will be created that uses HTTP traffic on TCP port 8098.
System Service Name W3SVC
Application protocol | Protocol | Port |
---|---|---|
HTTP | TCP | 80 |
HTTPS | TCP | 443 |
Ports and Protocols
The following table summarizes the information from the previous section, but it is sorted by port number rather than service name.Port | Protocol | Application protocol | System Service Name |
---|---|---|---|
n/a | GRE | GRE (IP protocol 47) | Routing and Remote Access |
n/a | ESP | IPSec ESP (IP protocol 50) | Routing and Remote Access |
n/a | AH | IPSec AH (IP protocol 51) | Routing and Remote Access |
7 | TCP | Echo | Simple TCP/IP Services |
7 | UDP | Echo | Simple TCP/IP Services |
9 | TCP | Discard | Simple TCP/IP Services |
9 | UDP | Discard | Simple TCP/IP Services |
13 | TCP | Daytime | Simple TCP/IP Services |
13 | UDP | Daytime | Simple TCP/IP Services |
17 | TCP | Quotd | Simple TCP/IP Services |
17 | UDP | Quotd | Simple TCP/IP Services |
19 | TCP | Chargen | Simple TCP/IP Services |
19 | UDP | Chargen | Simple TCP/IP Services |
20 | TCP | FTP default data | FTP Publishing Service |
21 | TCP | FTP control | FTP Publishing Service |
21 | TCP | FTP control | Application Layer Gateway Service |
23 | TCP | Telnet | Telnet |
25 | TCP | SMTP | Simple Mail Transfer Protocol |
25 | UDP | SMTP | Simple Mail Transfer Protocol |
25 | TCP | SMTP | Exchange Server |
25 | UDP | SMTP | Exchange Server |
42 | TCP | WINS Replication | Windows Internet Name Service |
42 | UDP | WINS Replication | Windows Internet Name Service |
53 | TCP | DNS | DNS Server |
53 | UDP | DNS | DNS Server |
53 | TCP | DNS | Internet Connection Firewall/Internet Connection Sharing |
67 | UDP | DHCP Server | DHCP Server |
67 | UDP | DHCP Server | Internet Connection Firewall/Internet Connection Sharing |
69 | UDP | TFTP | Trivial FTP Daemon Service |
80 | TCP | HTTP | Windows Media Services |
80 | TCP | HTTP | World Wide Web Publishing Service |
80 | TCP | HTTP | SharePoint Portal Server |
88 | TCP | Kerberos | Kerberos Key Distribution Center |
88 | UDP | Kerberos | Kerberos Key Distribution Center |
102 | TCP | X.400 | Microsoft Exchange MTA Stacks |
110 | TCP | POP3 | Microsoft POP3 Service |
110 | TCP | POP3 | Exchange Server |
119 | TCP | NNTP | Network News Transfer Protocol |
123 | UDP | NTP | Windows Time |
123 | UDP | SNTP | Windows Time |
135 | TCP | RPC | Message Queuing |
135 | TCP | RPC | Remote Procedure Call |
135 | TCP | RPC | Exchange Server |
135 | TCP | RPC | Certificate Services |
135 | TCP | RPC | Cluster Service |
135 | TCP | RPC | Distributed File System |
135 | TCP | RPC | Distributed Link Tracking |
135 | TCP | RPC | Distributed Transaction Coordinator |
135 | TCP | RPC | Event Log |
135 | TCP | RPC | Fax Service |
135 | TCP | RPC | File Replication |
135 | TCP | RPC | Local Security Authority |
135 | TCP | RPC | Remote Storage Notification |
135 | TCP | RPC | Remote Storage Server |
135 | TCP | RPC | Systems Management Server 2.0 |
135 | TCP | RPC | Terminal Services Licensing |
135 | TCP | RPC | Terminal Services Session Directory |
137 | UDP | NetBIOS Name Resolution | Computer Browser |
137 | UDP | NetBIOS Name Resolution | Server |
137 | UDP | NetBIOS Name Resolution | Windows Internet Name Service |
137 | UDP | NetBIOS Name Resolution | Net Logon |
137 | UDP | NetBIOS Name Resolution | Systems Management Server 2.0 |
138 | UDP | NetBIOS Datagram Service | Computer Browser |
138 | UDP | NetBIOS Datagram Service | Messenger |
138 | UDP | NetBIOS Datagram Service | Server |
138 | UDP | NetBIOS Datagram Service | Net Logon |
138 | UDP | NetBIOS Datagram Service | Distributed File System |
138 | UDP | NetBIOS Datagram Service | Systems Management Server 2.0 |
138 | UDP | NetBIOS Datagram Service | License Logging Service |
139 | TCP | NetBIOS Session Service | Computer Browser |
139 | TCP | NetBIOS Session Service | Fax Service |
139 | TCP | NetBIOS Session Service | Performance Logs and Alerts |
139 | TCP | NetBIOS Session Service | Print Spooler |
139 | TCP | NetBIOS Session Service | Server |
139 | TCP | NetBIOS Session Service | Net Logon |
139 | TCP | NetBIOS Session Service | Remote Procedure Call Locator |
139 | TCP | NetBIOS Session Service | Distributed File System |
139 | TCP | NetBIOS Session Service | Systems Management Server 2.0 |
139 | TCP | NetBIOS Session Service | License Logging Service |
143 | TCP | IMAP | Exchange Server |
161 | UDP | SNMP | SNMP Service |
162 | UDP | SNMP Traps Outbound | SNMP Trap Service |
389 | TCP | LDAP Server | Local Security Authority |
389 | UDP | LDAP Server | Local Security Authority |
389 | TCP | LDAP Server | Distributed File System |
389 | UDP | LDAP Server | Distributed File System |
443 | TCP | HTTPS | HTTP SSL |
443 | TCP | HTTPS | World Wide Web Publishing Service |
443 | TCP | HTTPS | SharePoint Portal Server |
445 | TCP | SMB | Fax Service |
445 | TCP | SMB | Print Spooler |
445 | TCP | SMB | Server |
445 | TCP | SMB | Remote Procedure Call Locator |
445 | TCP | SMB | Distributed File System |
445 | TCP | SMB | License Logging Service |
445 | TCP | SMB | Net Logon |
500 | UDP | IPSec ISAKMP | Local Security Authority |
515 | TCP | LPD | TCP/IP Print Server |
548 | TCP | File Server for Macintosh | File Server for Macintosh |
554 | TCP | RTSP | Windows Media Services |
563 | TCP | NNTP over SSL | Network News Transfer Protocol |
593 | TCP | RPC over HTTP | Remote Procedure Call |
593 | TCP | RPC over HTTP | Exchange Server |
636 | TCP | LDAP SSL | Local Security Authority |
636 | UDP | LDAP SSL | Local Security Authority |
993 | TCP | IMAP over SSL | Exchange Server |
995 | TCP | POP3 over SSL | Exchange Server |
1270 | TCP | MOM-Encrypted | Microsoft Operations Manager 2000 |
1433 | TCP | SQL over TCP | Microsoft SQL Server |
1433 | TCP | SQL over TCP | MSSQL$UDDI |
1434 | UDP | SQL Probe | Microsoft SQL Server |
1434 | UDP | SQL Probe | MSSQL$UDDI |
1645 | UDP | Legacy RADIUS | Internet Authentication Service |
1646 | UDP | Legacy RADIUS | Internet Authentication Service |
1701 | UDP | L2TP | Routing and Remote Access |
1723 | TCP | PPTP | Routing and Remote Access |
1755 | TCP | MMS | Windows Media Services |
1755 | UDP | MMS | Windows Media Services |
1801 | TCP | MSMQ | Message Queuing |
1801 | UDP | MSMQ | Message Queuing |
1812 | UDP | RADIUS Authentication | Internet Authentication Service |
1813 | UDP | RADIUS Accounting | Internet Authentication Service |
1900 | UDP | SSDP | SSDP Discovery Service |
2101 | TCP | MSMQ-DCs | Message Queuing |
2103 | TCP | MSMQ-RPC | Message Queuing |
2105 | TCP | MSMQ-RPC | Message Queuing |
2107 | TCP | MSMQ-Mgmt | Message Queuing |
2393 | TCP | OLAP Services 7.0 | SQL Server: Downlevel OLAP Client Support |
2394 | TCP | OLAP Services 7.0 | SQL Server: Downlevel OLAP Client Support |
2460 | UDP | MS Theater | Windows Media Services |
2535 | UDP | MADCAP | DHCP Server |
2701 | TCP | SMS Remote Control (control) | SMS Remote Control Agent |
2701 | UDP | SMS Remote Control (control) | SMS Remote Control Agent |
2702 | TCP | SMS Remote Control (data) | SMS Remote Control Agent |
2702 | UDP | SMS Remote Control (data) | SMS Remote Control Agent |
2703 | TCP | SMS Remote Chat | SMS Remote Control Agent |
2703 | UPD | SMS Remote Chat | SMS Remote Control Agent |
2704 | TCP | SMS Remote File Transfer | SMS Remote Control Agent |
2704 | UDP | SMS Remote File Transfer | SMS Remote Control Agent |
2725 | TCP | SQL Analysis Services | SQL Analysis Server |
2869 | TCP | UPNP | UPNP Device Host |
2869 | TCP | SSDP event notification | SSDP Discovery Service |
3268 | TCP | Global Catalog Server | Local Security Authority |
3269 | TCP | Global Catalog Server | Local Security Authority |
3343 | UDP | Cluster Services | Cluster Service |
3389 | TCP | Terminal Services | NetMeeting Remote Desktop Sharing |
3389 | TCP | Terminal Services | Terminal Services |
3527 | UDP | MSMQ-Ping | Message Queuing |
4011 | UDP | BINL | Remote Installation |
4500 | UDP | NAT-T | Local Security Authority |
5000 | TCP | SSDP legacy event notification | SSDP Discovery Service |
5004 | UDP | RTP | Windows Media Services |
5005 | UDP | RTCP | Windows Media Services |
42424 | TCP | ASP.Net Session State | ASP.NET State Service |
51515 | TCP | MOM-Clear | Microsoft Operations Manager 2000 |
0 Response to "Network Ports Used by Key Microsoft Server Products"
Post a Comment