Ports are virtual access points for software to communicate over a network and are a standard feature of every computer operating system. Software will often use ports on a computer to send information to other software on the same computer.
There are up to 65,535 ports in any operating system. Some of these are reserved for system use. The availability of ports is controlled by a firewall, which can be a piece of software installed on each computer or a piece of network hardware that controls what is sent or received on any port. Most operating systems deliberately do not block the use of available ports by default.
Any program and many services can communicate on a port, even if it does not specifically send anything over the Internet to other devices. Certain ports must be open to support normal business functions, email, secure web browsing, and finding printers or other computers on a local company network.
While it is highly unlikely that a company will have no ports open anywhere, the fewer ports that are exposed to the Internet, the fewer opportunities there are for attack. Learn more about the Open Ports risk vector.
Frequently Asked Questions
What is the difference between a Detected Service and a Typical Service?
- Typical Services
- The most likely service to be running on a specific port number. Many resources are used to determine the typical service running on a port, including the IANA Service Name and Transport Protocol Port Number Registry.
- Detected Services
- Determined using information returned by a port itself. We analyze the header returned from the server and look for attributes that identify the service.
What does “Pending classification” mean?
Certain ports are either unassigned by IANA or have assigned services that have mostly fallen out of use. In these cases, Bitsight cannot confidently determine the service associated with this port. Once specific services are detected running on this port, this annotation is updated to reflect that.