System / Well Known Ports: 0 through 1023User / Registered Ports: 1024 through 49151 <===> These are ports that can be registered by companies and developers for a particular service.Dynamic/Private: 49152 through 65535 <===> These is client-side ports that are free to use. These are ports that your computer assigns temporarily to itself during a session
prvni dva typy pouzivaji servery.. treti Dynamic/Private pouziva klient tedy nas PC.. Muze se ale stat, ze na svem pctake bezi servr, tudiz tam muze vlatne bezet i prvni dva typy System Porty a User Porty
20 FTP <===> ports used during a classic FTP connection between client and server.21 FTP <===> ports used during a classic FTP connection between client and server.22 SSH <===> OpenSSH server port used by default on most Unix/Linux installations.23 Telnet <===> is dedicated to the Telnet application server that receives connections from any Telnet client.
25 SMTP <===> is dedicated to relaying messages between MTAs (mail transfer agents).
53 DOMAIN <===> is where the DNS server runs, and one of the most famous daemons that uses this port is Bind. // DNS (domain name service) - resolves hostnames to ip addresses.
67 DHCP <===> port 67 is used for the DHCP server,
68 DHCP <===> UDP port 68 for the DHCP client.
80 HTTP <===> port assigned to web servers and directly associated with the Hypertext Transfer Protocol.
110 POP3 <===> the Post Office Protocol, one of the most traditional protocols used by email clients to retrieve data from remote email servers.
111 RPCBIND <===> Portmap je služba, která dynamicky přiřazuje porty. Využívá ji například NFS. Představuje však širokou zranitelnost, a to kvůli nízké úrovni autentifikačního mechanismu a možnosti přidělit široký rozsah portů službám, které ovládá. // The RPC Portmapper (also called portmap or rpcbind) is a service which makes sure that the client ends up at the right port, which means that it maps the client RPC requests to the correct services
123 NTP <===> Network Time Protocol (NTP) - used for time synchronization
135 MSRPC <===> Remote Procedure Call (RPC) port 135 is used in client/server applications (might be on a single machine) such as Exchange clients, the recently exploited messenger service, as well as other Windows NT/2K/XP software. If you have remote users who VPN into your network, you might need to open this port on the firewall to allow access to the Exchange server.
139 NETBIOS-SSN <===> SAMBA -- NetBIOS is a protocol used for File and Print Sharing under all current versions of Windows. While this in itself is not a problem, the way that the protocol is implemented can be. There are a number of vulnerabilities associated with leaving this port open.
143 IMAP <===> default IMAP port for non-encrypted connections.
161 SNMP <===> Simple Network Management Protocol (SNMP) je součástí sady internetových protokolů. Standardně využívá UDP port 161. Slouží potřebám správy sítí. Umožňuje průběžný sběr nejrůznějších dat pro potřeby správy sítě, a jejich následné vyhodnocování. Na tomto protokolu je dnes založena většina prostředků a nástrojů pro správu sítě. /**/ UDP Simple network management protocol (SNMP). Used by various devices and applications (including firewalls and routers) to communicate logging and management information with remote monitoring applications. Typically, SNMP agents listen on UDP port 161, asynchronous traps are received on port 162.
199 SMUX <===> ??
443 HTTPS <===> port used to serve all SSL-based requests on any website.
445 microsoft-ds <===> SAMBA -- TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer. The SMB (Server Message Block) protocol is used for file sharing in Windows NT/2K/XP and later. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139 and 138/udp). In Windows 2K/XP and later, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra NetBT layer, for this they use TCP port 445.
587 submission <===> ??
631 IPP <===> Internet Printing Protocol (IPP) (official)
995 pop3s <===> ??
1025 NFS-or-IIS <===> ??
1723 pptp <===> ??
1900 SSDP <===> Simple Service Discovery Protocol. síťový protokol založený na sadě internetových protokolů používaných k propagaci a objevování síťových služeb. Multicastová addresa je 239.255.255.250 v protokolu IPv4.
3306 mysql <===> ??
3389 ms-wbt-server <===> Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software (from here).
5000 UPnP <===> UPNP (universal plug and play) - This is a network discovery protocol which allows devices to find and configure other network devices. // Universal Plug and Play (UPnP) uses two ports, 5000 TCP and 1900 UDP. UPnP is a set of networking protocols that allows for networked and mobile devices to seamlessly discover each others' presence on the network and communicate.
5353 teamviewer <===> TeamViewer remote desktop protocol uses port 5353/UDP
5900 VNC <===> VNC (Virtual Network Computing) - remote control programs. VNC typically also uses ports 5800+ and 5900+ for additional machines.
5938 teamviewer <===> TeamViewer remote desktop protocol uses port 5938/TCP
5939 teamviewer <===> TeamViewer remote desktop protocol uses port 5939/TCP
6010 x11 <===> X Window System ?? TalkSwitch uses ports 6010-6016 // When I ssh -X to a server, I will be assigned a $DISPLAY value, usually localhost:x.0 where x is the lowest number unused by all the users starting from 10. (e.g., if no other user uses $DISPLAY, then it is 10. If some user is already using 10, then it will be 11, etc)
7070 realserver <===> AnyDesk Remote
7071 realserver <===> AnyDesk Remote
8080 http-proxy <===> ??
8888 sun-answerbook <===> ??
9993 palace-2 <===> Zerotier
pokud chci zjistit zda je na nejake IP adrese otevreny port, pouziji webcanyouseeme.org
An open port is for maintaining a service to which outsiders can connect. If you are a "pure client" (in your words, "only using it for browsing the Internet"),
then there should be no reason to have any open port at all.
You do not say how you obtained the report on open ports you are quoting; if you ran nmap from your desktop system, then you did not obtain the actual
open ports: you got the ports which are accessible from your desktop machine whereas you were interested in the ports which are accessible from the Internet at large.
It is expected and reasonable that the router maintains a few ports open on the local network side, e.g. the port 80, because that's how you can configure the router.
What you want is to test that the router is answering to no connection attempt which comes from the outside. To test that, you need to run a port scanner from another
system which is not part of your home network.
