Port IDs
This reference provides information about default port IDs used by QRadar®.
The application identifications are limited to the port-based mappings defined in the /opt/qradar/conf/appid_map.conf file.
The following table lists the default common ports:
Port IDs
Port |
Protocol |
Protocol description |
|---|---|---|
|
7 |
Echo |
|
|
9 |
Discard |
|
|
13 |
Daytime |
|
|
15 |
netstat |
|
|
17 |
QOTD |
Quote of the Day |
|
18 |
MSP |
Message Send Protocol |
20 |
FTP |
File Transfer Protocol |
21 |
FTP |
File Transfer Protocol |
22 |
SSH |
Secure Shell |
23 |
Telnet |
|
|
24 |
xfer |
XFER Utility |
25 |
SMTP |
Send Mail Transfer Protocol |
| 26 |
AltaVista Firewall97 |
|
| 27 |
AltaVista Firewall97 |
|
| 28 |
AltaVista Firewall97 |
|
| 29 |
MSG ICP |
|
| 31 |
MSG Authentication |
|
| 33 |
DSP |
Display Support Protocol |
| 35 |
pcanywhere |
any private printer server |
| 37 |
Time |
|
| 38 |
RAP |
Route Access Protocol |
| 39 |
RLP |
Resource Location Protocol |
| 42 |
name |
Host Name Server |
| 43 |
whois |
Who Is |
| 45 |
mpm |
MPM FLAGS Protocol |
| 46 |
mpm |
MPM FLAGS Protocol |
| 47 |
NI FTP |
|
| 49 |
TACACS |
Login Host Protocol |
| 50 |
Remote Mail Checking Protocol |
|
| 52 |
tacacs |
|
53 |
DNS |
Domain Name Service |
|
54 |
XNS Clearinghouse |
|
|
56 |
XNS Authentication |
|
|
57 |
mtp |
|
|
58 |
mtp |
|
|
59 |
any private file service |
|
|
61 |
mtp |
|
|
63 |
whois++ |
|
|
65 |
TACACS-Database Service |
|
|
66 |
netcp | |
|
67 |
bootps |
Bootstrap Protocol Server |
|
68 |
bootps |
Bootstrap Protocol Server |
|
69 |
TFTP |
Trivial File Transfer |
|
70 - 75 |
Gopher |
|
|
79 |
Finger |
|
80 |
HTTP |
HyperText Transfer Protocol |
81 |
HTTP |
HyperText Transfer Protocol |
|
82 |
xfer |
XFER Utility |
|
83 |
MIT ML Device |
|
|
84 |
ctf |
Common Trace Facility |
|
85 |
MIT ML Device |
|
|
86 |
MFCOBOL |
Micro Focus Cobol |
|
87 |
ctf |
Common Trace Facility |
|
88 |
Kerberos |
|
|
89 |
MFCOBOL |
Micro Focus Cobol |
|
90 |
dnsix |
DNSIX Securit Attribute Token Map |
|
91 |
MFCOBOL |
Micro Focus Cobol |
|
92 |
npp |
Network Printing Protocol |
|
93 |
DCP |
Device Control Protocol |
|
94 |
objcall |
Tivoli Object Dispatcher |
|
97 |
xfer |
XFER Utility |
|
98 |
linuxconf |
|
|
99 |
metagram |
Metagram Relay |
|
101 |
hostname |
NIC Host Name Server |
|
102 |
hostname |
|
|
107 |
rtelnet |
Remote Telnet Service |
|
108 |
snagas |
SNA Gateway Access Server |
|
109 |
POP2 |
Post Office Protocol - version 2 |
110 |
POP3 |
Post Office Protocol - version 3 |
|
111 |
sunrpc |
SUN Remote Procedure Call |
119 |
NNTP News |
Network New Transfer Protocol |
123 |
NTP |
Network Time Protocol |
|
135 |
DCOM |
Distributed Component Object Model |
|
137 |
NetBIOS |
Network Basic Input/Output System |
|
138 |
WindowsFileSharing |
|
|
139 |
WindowsFileSharing |
|
143 |
IMAP |
Internet Message Access Protocol |
|
150 |
netcp |
|
161 |
SNMP |
Simple Network Management Protocol |
162 - 164 |
SNMP trap |
Simple Network Management Protocol trap |
|
201 - 208 |
npp |
|
|
209 |
qmtp |
|
|
217 |
dbase |
|
|
259 - 261 |
objcall |
|
|
264 |
bgmp |
|
|
348 |
objcall |
|
|
359 |
nsrmp |
|
389 |
LDAP |
Lightweight Directory Access Protocol |
391 |
NSRMP |
Network Security Risk Management Protocol |
392 |
NSRMP |
Network Security Risk Management Protocol |
|
395 |
netcp |
|
443 |
SecureWeb |
|
|
445 |
WindowsFileSharing |
|
|
464 |
Kerberos |
|
500 |
IPSec |
Internet Protocol Security |
|
514 |
Syslog |
|
|
543 |
Kerberos |
|
|
544 |
Kerberos |
|
|
546 |
DHCPv6 |
|
|
547 |
DHCPv6 |
|
|
554 |
StreamingAudio |
|
636 |
LDAP |
Lightweight Directory Access Protocol |
|
666 |
MDQS |
|
|
1214 |
Kazaa |
|
|
1241 |
Nessus |
|
|
1344 |
ICAP |
|
|
1345 |
NortonGhost |
|
|
1346 |
NortonGhost |
|
|
1352 |
LotusNotes |
|
|
1433 |
MSSQLServer |
|
|
1494 |
CitrixICA |
|
|
1521 |
Oracle |
|
|
1525 |
Oracle |
|
|
1527 |
tlisrv |
|
|
1529 |
Oracle |
|
|
1571 |
- | Oracle Remote Data Base |
|
1575 |
oraclenames |
|
|
1630 |
oraclenet8cman |
|
|
1645 |
Radius |
|
|
1646 |
Radius |
|
|
1748 |
oraclenet8cman |
|
|
1754 |
oraclenet8cman |
|
|
1755 |
MicrosoftMediaServer |
|
|
1808 |
oraclenet8cman |
|
|
1809 |
oraclenet8cman |
|
|
1812 |
Radius |
|
|
1813 |
Radius |
|
|
1830 |
oraclenet8cman |
|
|
1863 |
MSN |
|
|
1900 |
MiscApp |
|
2005 |
Oracle |
|
2049 |
NFS |
Network File System |
|
2055 |
cflow |
|
|
2481 |
giop |
|
|
2482 |
giop |
|
|
2483 |
ttc |
|
|
2484 |
ttc |
|
|
2598 |
CitrixICA |
|
|
2967 |
NortonAntiVirus |
|
|
3128 |
Squid |
|
|
3200 |
ttc |
|
|
3264 |
ccmail |
|
|
3300 |
SAP Gateway Server |
|
|
3389 |
MSTerminalServices |
|
|
3531 |
PeerEnabler |
|
|
3600 |
ttc | |
4500 |
IPSec |
Internet Protocol Security |
|
4662 |
eDonkey2000 |
|
|
5000 |
Intellex |
|
|
5001 |
Intellex |
|
|
5002 |
Intellex |
|
|
5050 |
Yahoo |
|
|
5190 |
ICQ |
|
|
5222 |
Jabber |
|
5432 |
PostgreSQL |
|
|
5900 |
VNC |
|
|
6050 |
ARCserverBackup |
|
|
6343 |
sflow |
|
|
6346 |
Gnutella |
|
|
6667 |
IRC |
|
|
6699 |
OpenNap |
|
|
6881 |
BitTorrent |
|
|
6969 |
BitTorrent |
|
|
7777 |
ttc |
|
|
7778 |
ttc |
|
|
8000 |
StreamingAudio |
|
8080 |
HTTP |
|
|
9555 |
netflow |
|
|
9800 |
packeteer |
|
|
9991 |
jflow |
|
|
9995 |
netflow |
|
|
10000 |
Webmin |
|
|
32000 |
QRadar Flow Collector |
|
|
40000 |
Flowproc |
|
|
41170 |
Blubster |
|
|
41524 |
ARCserverBackup |
|
|
45000 |
UpdateDaemon |
|
|
65301 |
pcanywhere |
|
|
32000-33999 |
InnerSystem |