CyberPathBlogCompTIA Security+ Port Numbers Cheat Sheet: Every Port You Need to Know

Study Guide

Security+ Port Numbers Cheat Sheet: Every Port and Protocol for the SY0-701

Master all the port numbers required for the CompTIA Security+ exam. Includes ports grouped by protocol type, memory tricks, and practice questions.

CyberPath Team·2026-06-29·10 min

Ports Grouped by Protocol Type

File Transfer: FTP (20-data, 21-control — unencrypted), SFTP/FTPS (22 — encrypted FTP over SSH), TFTP (69 — simple, no authentication).

Remote Access: SSH (22 — encrypted remote shell), Telnet (23 — unencrypted remote shell, deprecated), RDP (3389 — Windows remote desktop).

Email: SMTP (25 — sending mail), POP3 (110 — receiving mail), IMAP4 (143 — receiving mail with server-side folders), SMTP with SSL (465), IMAPS (993), POP3S (995).

Web: HTTP (80), HTTPS (443), HTTP alternate (8080, 8443).

Directory Services: LDAP (389), LDAPS (636 — LDAP over SSL).

Authentication: Kerberos (88), RADIUS auth (1812), RADIUS accounting (1813), TACACS+ (49).

Database: MySQL (3306), MS SQL (1433), Oracle (1521).

Network Management: SNMP (161 — queries, 162 — traps), Syslog (514), NetFlow (2055).

Other: DNS (53), DHCP (67/68), NTP (123), SMB (445), SIP (5060/5061), L2TP (1701), PPTP (1723).

Memory Tricks for Port Numbers

SSH (22) — 2 is 'to', 2=go to, SSH is for going to remote systems. HTTPS (443) — 4-4-3 = think of 'SSL' as 'S-S-L' = 4-4-3 letters. RDP (3389) — 33-89, 33 is 'remote' reversed, 89 is end of 1989 when RDP was developed. DNS (53) — 5-3 = 'Domain' has 6 letters but DNS... close enough? Actually: 5+3=8, DNS has 3 letters. SMTP (25) — 25 = Christmas, you send mail at Christmas. FTP (21) — 21 = legal age, files are 'mature' data. LDAP (389) — 3+8+9=20, LDAP has 4 letters, 20/4=5... actually just remember 'port 389 is LDAP'. Actually, the best trick: make flashcards and drill them daily. There's no real shortcut.

Which Ports Appear Most Often on the Exam

High-frequency: 22 (SSH), 80 (HTTP), 443 (HTTPS), 3389 (RDP). Know these cold. Medium-frequency: 21 (FTP), 25 (SMTP), 53 (DNS), 110/143 (POP3/IMAP), 389 (LDAP), 1433 (MS SQL), 1812/1813 (RADIUS), 514 (Syslog). Low-frequency but still tested: 69 (TFTP), 88 (Kerberos), 123 (NTP), 161/162 (SNMP), 445 (SMB), 636 (LDAPS), 1701 (L2TP), 1723 (PPTP), 5060/5061 (SIP).