Well-Known Ports (0-1023)

Without ports, every machine could only run one network service. Your web server would be your entire server.

Ports solve this. They let a single IP address host dozens of independent services—web, email, file transfer, remote access—each listening on its own number, each reachable without interfering with the others. And the first 1024 of these numbers? They're reserved. Standardized. The well-known ports.

Why Standardization Matters

When you type a web address, your browser doesn't ask "what port is your web server on?" It assumes port 80 for HTTP, port 443 for HTTPS. When your email server delivers a message, it doesn't negotiate—it connects to port 25 on the recipient's mail server.

This works because everyone agreed. The Internet Assigned Numbers Authority (IANA) maintains the registry, assigning port numbers so that port 80 means HTTP in Tokyo, São Paulo, and everywhere else.

The alternative—every service on arbitrary ports, every connection requiring prior negotiation—would make the Internet barely functional.

The Ports That Run the Internet

Ports 20–21: FTP

File Transfer Protocol uses two ports, and this reveals something about early protocol design. Port 21 handles commands: list this directory, delete that file. Port 20 handles the actual data. Control and data, separated.

This pattern influenced protocols that came later, though FTP itself has largely been replaced by SFTP (which tunnels through SSH on port 22) and HTTPS uploads. You'll still find FTP in legacy systems and automated batch transfers.

Port 22: SSH

Secure Shell changed everything about remote server administration. Before SSH, you'd use Telnet—sending your password in plain text across the network, readable by anyone watching.

Port 22 is now synonymous with secure access. Managing a web server, pushing code to a repository, tunneling other protocols through an encrypted connection—it all happens here. The security SSH provides made it the obvious choice for anything requiring authenticated remote access.

Port 23: Telnet

Telnet still has a well-known port assignment, but using it for anything sensitive is negligence. Every keystroke, including passwords, transmits unencrypted. Its modern use is limited to troubleshooting network connectivity or accessing ancient equipment that predates SSH.

Port 25: SMTP

Email between servers travels on port 25. Your mail client probably connects to your server on port 587 (the submission port), but when your server delivers that message to the recipient's server, it's port 25.

This port has become a battleground. ISPs block it from residential networks because compromised home computers were sending spam directly, cutting out the middleman in the worst possible way. The port that delivers your email is also the port spammers covet most.

Port 53: DNS

Every domain name lookup—every time you type a URL—sends a query to port 53. Without it, you'd navigate the Internet by IP address alone.

DNS uses both UDP and TCP on this port. UDP handles normal queries (faster, no connection overhead). TCP handles large responses and zone transfers between DNS servers.

Port 80: HTTP

When you type a URL without specifying "https://", your browser assumes port 80 and unencrypted HTTP.

Port 80 still sees enormous traffic, often as the initial connection before redirecting to HTTPS. But the Internet has been steadily treating it as the insecure option it is.

Port 443: HTTPS

HTTP wrapped in TLS encryption. Port 443 is now the default for web traffic—banking, shopping, casual browsing, everything. Modern browsers warn users when connecting to unencrypted sites, pushing the web toward universal encryption.

Why These Ports Require Privilege

On Unix-like systems, you need root access to bind to ports below 1024. This isn't arbitrary—it's a security boundary.

Imagine if any user on a shared system could start a program listening on port 80. They could intercept web traffic intended for the legitimate server. They could harvest credentials. The privilege requirement prevents unprivileged users from impersonating critical services.

This creates a pattern: services start with elevated privileges to bind their port, then drop those privileges for normal operation. The nginx web server starts as root, binds to port 80 or 443, then spawns worker processes running as an unprivileged user. The port is claimed; the risk is contained.

The Three-Tier System

The well-known ports (0–1023) are just the first tier. IANA's full scheme:

• Well-known ports (0–1023): Reserved for essential services. Require privilege to bind.
• Registered ports (1024–49151): Available for registration by applications. MySQL uses 3306, PostgreSQL uses 5432.
• Dynamic ports (49152–65535): Ephemeral ports for client-side connections. When your browser connects to a web server, it picks a random port from this range for the return traffic.

This hierarchy balances standardization with flexibility. Critical services get reserved slots. Everything else negotiates from the remaining space.

The Security Trade-Off

Standardization makes the Internet work—and makes it attackable. Port 80 is easy to find for legitimate users and for attackers. Port scanners routinely probe well-known ports looking for vulnerable services.

The ports that make the Internet convenient are the ports that receive the most attacks. Knowing which ports your systems expose, and what answers on them, is the first step in securing them.