What Is a Port in Networking?

    An IP address gets traffic to the right machine, but a single machine runs many network services at once — a web server, mail, SSH, a database. Ports are how traffic finds the right service on that machine: every connection targets not just an IP but a numbered port from 1 to 65535, and each service listens on its own number. If the IP address is a building's street address, ports are the numbered doors. Understanding them demystifies firewalls, port forwarding, and most "connection refused" errors.

    How ports work

    When your browser loads a website, it connects to the server's IP on port 443 (HTTPS). The server's operating system sees the port number and hands the connection to whatever program is listening there — the web server. Meanwhile the same machine can accept mail on port 25 and admin logins on port 22, with no interference between them. Your side of the connection uses a random high-numbered "ephemeral" port so that replies find their way back to the right browser tab among everything else your machine is doing.

    Ports come in three ranges: well-known ports (0–1023) are reserved for standard services and on most systems require administrator rights to listen on; registered ports (1024–49151) are used by specific applications; and dynamic ports (49152–65535) are the ephemeral range operating systems draw from for outgoing connections.

    The port numbers worth memorizing

    A handful of numbers cover most of what you'll ever encounter. Port 80 is HTTP and 443 is HTTPS — nearly all web traffic. Port 22 is SSH (secure shell and SFTP file transfer); 21 is legacy FTP. Mail uses several: 25 for server-to-server SMTP, 587 for authenticated mail submission, 993 for IMAP and 995 for POP3 (both TLS). Port 53 is DNS itself. On the database side, 3306 is MySQL and 5432 is PostgreSQL; 3389 is Windows Remote Desktop. Seeing any of these in a firewall rule or error message immediately tells you which service is involved.

    Open, closed, and filtered ports

    A port is open when a program is actively listening and accepting connections, closed when nothing listens there (the machine actively refuses), and filtered when a firewall silently drops the traffic so the sender can't even tell whether a service exists. Running a port scan against your own server or public IP shows which doors are answering — and each open port should map to a service you knowingly run.

    Ports and security: why open matters

    Every open port is a potential entry point, so the security rule is simple: expose only what you use. An internet-facing database port (3306, 5432) is a classic misconfiguration — databases should listen only to internal networks. Remote-access ports like 3389 and 22 are scanned constantly by bots trying default credentials; if you must expose them, use key-based authentication or a VPN. Home routers block unsolicited inbound traffic to every port by default, which is why hosting anything from home requires an explicit port-forwarding rule — and why you should audit those rules occasionally.

    Common port-related errors, decoded

    "Connection refused" means you reached the machine but the port is closed — the service is down or listening elsewhere. "Connection timed out" usually means a firewall is filtering the port, or the host is unreachable entirely. "Address already in use" when starting a server means another program already occupies that port — find it and stop it, or bind to a different port.

    Try the tools

    Frequently asked questions