"Well known" TCP and UDP ports used by Apple software products
Symptoms
Learn more about TCP and UDP ports used by Apple products, such as Mac OS X, Mac OS X Server, AppleShare IP, Network Assistant, Apple Remote Desktop, Macintosh Manager, and MobileMe. Many of these are referred to as "well known" industry standard ports.
Note: Mac OS X v10.5 Leopard includes a new technology called the Application Firewall which is different from a port-based firewall.
Products Affected
Xserve, Internet, Mac OS, MobileMe
Resolution
About this table
The Service or Protocol Name column lists services registered with the Internet Assigned Numbers Authority (http://www.iana.org/), except where noted as "unregistered use." The names of Apple products that use these services or protocols appear in the Used By/Additional Information column.
The RFC column lists the number of the Request For Comment document that defines the particular service or protocol, which may be used for reference. RFC documents are maintained by RFC Editor (http://www.rfc-editor.org/). If multiple RFCs define a protocol, there may only be one listed here.
This article is updated periodically and contains information that is available at time of publication. This document is intended as a quick reference and should not be regarded as comprehensive. Apple products listed in the table are the most commonly used examples, not a comprehensive list. For more information, review the Notes below the table.
Tip: Some services may use two or more ports. It is recommend that once you've found an instance of a product in this list, search on the name (Command-F) and then repeat (Command-G) to locate all occurrences of the product. For example, VPN service may use up to four different UDP ports: 500, 1701, 1723, and 4500.
Tip: Some firewalls allow selective configuration of UDP or TCP ports with the same number, so it can be important to note which type of port is to be configured. For example, NFS may use either or both TCP 2049 and UDP 2049 ports. If your firewall doesn't allow you to specify, making changes to a port probably affects both.
| Port | TCP or UDP | Service or Protocol Name | RFC | Used by / Additional information |
| 7 | TCP/UDP | echo | 792 | - |
| 20 | TCP | File Transport Protocol (FTP) | 959 | - |
| 21 | TCP | FTP control | 959 | - |
| 22 | TCP | Secure Shell (SSH) | - | - |
| 23 | TCP | Telnet | 854 | - |
| 25 | TCP | Simple Mail Transport Protocol (SMTP) | 5321 |
Mail (for sending email); MobileMe Mail (sending) |
| 53 | TCP/UDP | Domain Name System (DNS) | 1034 | MacDNS |
| 67 | UDP | Bootstrap Protocol Server (BootP, bootps) | 951 | NetBoot via DHCP |
| 68 | UDP | Bootstrap Protocol Client (bootpc) | 951 | NetBoot via DHCP |
| 69 | UDP | Trivial File Transfer Protocol (TFTP) | 1350 | - |
| 79 | TCP | Finger | 1288 | - |
| 80 | TCP | Hypertext Transfer Protocol (HTTP) | 2616 | World Wide Web, MobileMe, Sherlock, QuickTime Installer, iTunes Store and Radio, Software Update, RAID Admin, Backup, iCal calendar publishing, iWeb, MobileMe Web Gallery Publishing, WebDAV (iDisk), Final Cut Server |
| 88 | TCP | Kerberos | 4120 | - |
| 106 | TCP | Password Server (Unregistered Use) |
- | Mac OS X Server Password Server |
| 110 | TCP | Post Office Protocol (POP3) Authenticated Post Office Protocol (APOP) |
1939 | Mail (for receiving email) |
| 111 | TCP/UDP | Remote Procedure Call (RPC) | 1057, 1831 | Portmap (sunrpc) |
| 113 | TCP | Identification Protocol | 1413 | - |
| 115 | TCP | Secure File Transfer Program (SFTP) | 913 | Note: Some authorities reference a "Simple File Transport Protocol" or "Secured File Transport Protocol" on this port. |
| 119 | TCP | Network News Transfer Protocol (NNTP) | 3977 | Used by applications that read newsgroups. |
| 123 | TCP/UDP | Network Time Protocol (NTP) | 1305 | Date & Time preferences. Used for network time server synchronization. |
| 137 | UDP | Windows Internet Naming Service (WINS) | - | - |
| 138 | UDP | NETBIOS Datagram Service | - | Windows Datagram Service, Windows Network Neighborhood |
| 139 | TCP | Server Message Block (SMB) | - | Used by Microsoft Windows file and print services, such as Windows Sharing in Mac OS X. |
| 143 | TCP | Internet Message Access Protocol (IMAP) | 3501 | Mail (for receiving email); MobileMe Mail (IMAP) |
| 161 | UDP | Simple Network Management Protocol (SNMP) | 1157 | - |
| 192 | UDP | - | - | AirPort Base Station PPP status or discovery (certain configurations), AirPort Admin Utility, AirPort Express Assistant |
| 311 | TCP | Server Admin, Workgroup Manager, Server Monitor, Xsan Admin | - | Remote server administration |
| 389 | TCP | Lightweight Directory Access Protocol (LDAP) | 4511 | Used by applications that look up addresses, such as Mail and Address Book. |
| 427 | TCP/UDP | Service Location Protocol (SLP) | 2608 | Network Browser |
| 443 | TCP | Secure Sockets Layer (SSL, or "HTTPS") | - | Secured websites, iTunes Store, MobileMe (authentication and MobileMe Sync) |
| 445 | TCP | Microsoft SMB Domain Server | - | - |
| 497 | TCP/UDP | Dantz Retrospect | - | - |
| 500 | UDP | ISAKMP/IKE | - | Mac OS X Server VPN service |
| 514 | TCP | shell | - | - |
| 514 | UDP | Syslog | - | - |
| 515 | TCP | Line Printer (LPR), Line Printer Daemon (LPD) | - | Used for printing to a network printer, Printer Sharing in Mac OS X. |
| 532 | TCP | netnews | - | - |
| 548 | TCP | Apple Filing Protocol (AFP) over TCP | - | AppleShare, Personal File Sharing, Apple File Service |
| 554 | TCP/UDP | Real Time Streaming Protocol (RTSP) | 2326 | QuickTime Streaming Server (QTSS), streaming media players |
| 587 | TCP | Message Submission for Mail (Authenticated SMTP) | 4409 | Mail (for sending mail), MobileMe Mail (SMTP authentication) |
| 600-1023 | TCP/UDP | Mac OS X RPC-based services | - | Used by NetInfo, for example. |
| 623 | UDP | Lights-Out-Monitoring | - | Used by Intel Xserves' Lights-Out-Monitoring (LOM) feature; used by Server Monitor |
| 625 | TCP | Directory Service Proxy (DSProxy) (Unregistered Use) | - | DirectoryService, Open Directory Assistant, Workgroup Manager. Note: This port is registered to DEC DLM. |
| 626 | TCP | AppleShare Imap Admin (ASIA) | - | IMAP Administration (Mac OS X Server 10.2.8 or earlier, AppleShare IP 6) |
| 626 | UDP | serialnumberd (Unregistered Use) | - | Server serial number registration (Xsan, ARD, Mac OS X Server 10.3 and later) |
| 631 | TCP | Internet Printing Protocol (IPP) | 2910 | Mac OS X Printer Sharing |
| 636 | TCP | Secure LDAP | - | - |
| 660 | TCP | MacOS Server Admin | - | Server Admin (both AppleShare IP and Mac OS X Server), Server Settings |
| 687 | TCP | Add server Admin to uses | - | - |
| 749 | TCP/UDP | Kerberos 5 admin/changepw | - | - |
| 985 | TCP | NetInfo Static Port | - | - |
| 993 | TCP | Mail IMAP SSL | - | MobileMe Mail (SSL IMAP) |
| 995 | TCP/UDP | Mail POP SSL | - | - |
| 1085 | TCP/UDP | WebObjects | - | - |
| 1099 & 8043 | TCP | Remote RMI and IIOP Acess to JBOSS | - | - |
| 1220 | TCP | QT Server Admin | - | Used for administration of QuickTime Streaming Server. |
| 1649 | TCP | IP Failover | - | - |
| 1701 | UDP | L2TP | - | Mac OS X Server VPN service |
| 1723 | TCP | PPTP | - | Mac OS X Server VPN service |
| 2049 | TCP/UDP | Network File System (NFS) (version 3) | 1094 | - |
| 2236 | TCP | Macintosh Manager (Unregistered Use) | - | Macintosh Manager |
| 2336 | TCP | Portable Home Directories | - | |
| 3004 | TCP | iSync | - | - |
| 3031 | TCP/UDP | Remote AppleEvents | - | Program Linking, Remote Apple Events |
| 3283 | TCP/UDP | Net Assistant | - | Apple Remote Desktop 2.0 or later (Reporting feature) |
| 3306 | TCP | MySQL | - | - |
| 3632 | TCP | Distributed compiler | - | - |
| 3659 | TCP/UDP | Simple Authentication and Security Layer (SASL) | - | Mac OS X Server Password Server |
| 3689 | TCP | Digital Audio Access Protocol (DAAP) | - | iTunes Music Sharing |
| 4111 | TCP | XGrid | - | - |
| 4500 | UDP | IKE NAT Traversal | - | Mac OS X Server VPN service, Back to My Mac (MobileMe, Mac OS X 10.5 or later) |
| 49152-65535 | TCP | Xsan | - | Xsan Filesystem Access |
| 5003 | TCP | FileMaker - name binding and transport | - | - |
| 5009 | TCP | (Unregistered Use) | - | AirPort Admin Utility, AirPort Express Assistant |
| 5060 | UDP | Session Initiation Protocol (SIP) | 3261 | iChat AV |
| 5100 | TCP | - | - | Mac OS X camera and scanner sharing |
| 5190 | TCP/UDP | America Online (AOL) | - | iChat and AOL Instant Messenger, file transfer |
| 5222 | TCP | Jabber (Unregistered Use) |
- | iChat and Jabber messages (see Note 9) |
| 5223 | TCP | iChat server SSL/XMPP | - | MobileMe (Automatic sync notifications) |
| 5269 | TCP | iChat server-to-server communication | - | - |
| 5297 | TCP | - | - | iChat (local traffic), Bonjour |
| 5298 | TCP/UDP | - | - | iChat (local traffic), Bonjour |
| 5353 | UDP | Multicast DNS (MDNS) | - | Bonjour (mDNSResponder) |
| 5354 | TCP | Multicast DNS Responder | - | Back to My Mac |
| 5432 | TCP | ARD 2.0 Database | - | - |
| 5678 | UDP | SNATMAP server | - | The SNATMAP service on port 5678 is used to determine the external Internet address of hosts so that connections between iChat users can properly function behind network address translation (NAT). The SNATMAP service simply communicates to clients the Internet address that connected to it. This service runs on an Apple server, but does not send personal information to Apple. When certain iChat AV features are used, this service will be contacted. Blocking this service may cause issues with iChat AV connections with hosts on networks that use NAT. |
| 5897-5898 | UDP | (Unregistered Use) | - | xrdiags |
| 5900 | TCP | Virtual Network Computing (VNC) (Unregistered Use) |
- | Apple Remote Desktop 2.0 or later (Observe/Control feature) Screen Sharing (Mac OS X 10.5 or later) |
| 5988 | TCP | WBEM HTTP | - | Apple Remote Desktop 2.x (see http://www.dmtf.org/about/faq/wbem) |
| 6970-9999 | UDP | - | - | QuickTime Streaming Server |
| 7070 | TCP | RTSP (Unregistered Use) Automatic Router Configuration Protocol (ARCP - Registered Use) |
- | QuickTime Streaming Server (RTSP) |
| 7070 | UDP | RTSP alternate | - | QuickTime Streaming Server |
| 7777 | TCP | iChat server file transfer proxy | - | - |
| 8005 | TCP | Tomcat remote shutdown | - | - |
|
8080 |
TCP |
Alternate port for Apache |
- |
- |
| 8170 | TCP | HTTPS (web service/site) | - | Podcast Capture/podcast CLI |
| 8175 | TCP | Pcast Tunnel | - | pcastagentd (for control operations) |
| 8000-8999 | TCP | - | - | Web service, iTunes Radio streams |
| 8821 | TCP | Stored (store server to communicate with server) | - | Final Cut Server |
| 8891 | TCP | ldsd (data transfers) | - | Final Cut Server |
| 9006 & 8080 & 8443 | - | HTTP and HTTPS ports for Tomcat Standalone and JBOSS (J2EE) | - | - |
| 16080 | TCP | - | - | Web service with performance cache |
| 16384-16403 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | - | iChat AV (Audio RTP, RTCP; Video RTP, RTCP) |
| 24000-24999 | TCP | - | - | Web service with performance cache |
| 42000-42999 | TCP | - | - | iTunes Radio streams |
| 50003 | - | FileMaker server service | - | - |
| 50006 | - | FileMaker helper service | - | - |
Notes
- Not all ports and services listed are present in or used by all software products. Some applications, such as Workgroup Manager, require more than one port and are listed accordingly.
- Network administrators may wish to use port-watching software in addition to this information when making decisions about how to set up firewalls or similar access control schemes.
- For an explanation of what a TCP or UDP port is, see the "IP Ports" section of "Mac OS X: What Is a Port?"
- In Mac OS X Server 10.0.3 and later, some services that do not use well-known ports register with portmap. Use the rpcinfo -p command in Terminal to see what is registered with portmap.
- The NetInfo parent-child model has replaced Shared Users and Groups in Mac OS X Server 10.0.3 and later.
- With performance cache enabled in Mac OS X Server 10.0.3 and later, Apache is on port 16080 and cache is on port 80.
- This table includes features and ports used by Mac OS X v10.3 Panther. Earlier versions of Mac OS X do not have all the features listed here.
- For Mac OS X Server 10.3 VPN service: PPTP uses the IP-GRE protocol (IP protocol 47). L2TP/IPsec uses the IP-ESP protocol (IP protocol 50, ESP).
- This is for current Jabber authentication methods. The previous method also requires port 5223.
- servermgrd only listens on this port in Mac OS X v10.3.9 and earlier. With Mac OS X v10.4 or later, it listens only on 311.
Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.
Rate this article: