Well known TCP and UDP ports used by Apple software products

Well known TCP and UDP ports used by Apple software products

Learn more about TCP and UDP ports used by Apple products, such as OS X, OS X Server, Apple Remote Desktop, and iCloud. Many of these are referred to as "well known" industry standard ports.

Ports used by Apple products

The table below outlines TCP and UDP ports used by Apple products. Your network administrator may need this information to make sure your computer or device can connect to services such as automatic software updates, or the App Store. For an explanation of what a TCP or UDP port is, see the "IP Ports" section of "OS X: What Is a Port?"

Not all ports and services listed are used by all software products. Some applications require more than one port and are listed accordingly. Network administrators may also wish to use port-watching software in addition to the information in this article when making decisions about how to set up firewalls or similar access control schemes. Note that Mac OS X v10.5 and later include an Application Firewall, which is different than a port-based firewall.

This article is updated periodically and contains information that is available at time of publication. This document is intended as a quick reference and should not be regarded as comprehensive. Apple products listed in the table are the most commonly used examples, not a comprehensive list. 

Using this table

The Service or Protocol Name column lists services registered with the Internet Assigned Numbers Authority except where noted as "unregistered use". The names of Apple products that use these services or protocols appear in the Used By / Additional Information column.

The RFC column lists the number of the Request For Comment document that defines the particular service or protocol, which may be used for reference. RFC documents are maintained by RFC Editor. If multiple RFCs define a protocol, there may only be one listed here.

Some services may use two or more ports. It is recommend that once you've found an instance of a product in this list, search on the name (Command-F) and then repeat (Command-G) to locate all occurrences of the product. For example, VPN service may use up to four different ports: 500, 1701, 1723, and 4500.

Some firewalls allow selective configuration of UDP or TCP ports with the same number, so it can be important to note which type of port is to be configured. For example, NFS may use either or both TCP 2049 and UDP 2049 ports. If your firewall doesn't allow you to specify, making changes to a port probably affects both.

The output of Terminal commands may replace the port number with the label that is listed in /etc/services. Please refer to the Service Name column in the table to see what the associated label is.

 

7 TCP/UDP echo 792 echo -
20 TCP File Transport Protocol (FTP) 959 ftp-data -
21 TCP FTP control 959 ftp -
22 TCP Secure Shell (SSH) 4253 ssh Xcode Server (hosted and remote Git+SSH; remote SVN+SSH)
23 TCP Telnet 854 telnet -
25 TCP Simple Mail Transfer Protocol (SMTP) 5321 smtp

Mail (for sending email); iCloud Mail (sending)

53 TCP/UDP Domain Name System (DNS) 1034 domain MacDNS, FaceTime
67 UDP Bootstrap Protocol Server (BootP, bootps) 951 bootps NetBoot via DHCP
68 UDP Bootstrap Protocol Client (bootpc) 951 bootpc NetBoot via DHCP
69 UDP Trivial File Transfer Protocol (TFTP) 1350 tftp -
79 TCP Finger 1288 finger -
80 TCP Hypertext Transfer Protocol (HTTP) 2616 http World Wide Web, iCloud, QuickTime Installer, iTunes Store and Radio, OS X Software Update (OS X Lion and earlier), Mac App Store, RAID Admin, Backup, iCal calendar publishing, WebDAV, Final Cut Server, AirPlay, OS XInternet Recovery, Profile Manager, Xcode Server (Xcode app, hosted and remote Git HTTP, remote SVN HTTP).
88 TCP Kerberos 4120 kerberos -
106 TCP Password Server
(Unregistered Use)
- 3com-tsmux Mac OS X Server Password Server
110 TCP Post Office Protocol (POP3)
Authenticated Post Office Protocol (APOP)
1939 pop3 Mail (for receiving email)
111 TCP/UDP Remote Procedure Call (RPC) 1057, 1831 sunrpc Portmap (sunrpc)
113 TCP Identification Protocol 1413 ident -
115 TCP Simple File Transfer Protocol (SFTP) 913 sftp -
119 TCP Network News Transfer Protocol (NNTP) 3977 nntp Used by applications that read newsgroups.
123 TCP/UDP Network Time Protocol (NTP) 1305 ntp Date & Time preferences. Used for network time server synchronization, AppleTV Network Time Server Sync
137 UDP Windows Internet Naming Service (WINS) - netbios-ns -
138 UDP NETBIOS Datagram Service - netbios-dgm Windows Datagram Service, Windows Network Neighborhood
139 TCP Server Message Block (SMB) - netbios-ssn Used by Microsoft Windows file and print services, such as Windows Sharing in Mac OS X.
143 TCP Internet Message Access Protocol (IMAP) 3501 imap Mail (for receiving email)
161 UDP Simple Network Management Protocol (SNMP) 1157 snmp -
192 UDP OSU Network Monitoring System - osu-nms AirPort Base Station PPP status or discovery (certain configurations), AirPort Admin Utility, AirPort Express Assistant
311 TCP Secure server administration - asip-webadmin Server app, Server Admin, Workgroup Manager, Server Monitor, Xsan Admin.
312 TCP Xsan administration - vslmp Xsan Admin (OS X Mountain Lion v10.8 and later)
389 TCP Lightweight Directory Access Protocol (LDAP) 4511 ldap Used by applications that look up addresses, such as Mail and Address Book.
427 TCP/UDP Service Location Protocol (SLP) 2608 svrloc Network Browser
443 TCP Secure Sockets Layer (SSL, or "HTTPS") 2818 https TLS websites, iTunes Store,  OS X Software Update (Mountain Lion and later), Mac App Store, FaceTime, Game Center, iCloud authentication and DAV Services (Contacts, Calendars, and Bookmarks), iCloud backup and applications (Calendars, Contacts, Find My iPhone/Find My Friends, Mail,  Documents & Photo Stream), iCloud Key Value Store (KVS), iPhoto Journals, AirPlay, OS X Internet Recovery, Profile Manager, Back to My Mac, Dictation, Xcode Server (hosted and remote Git HTTPS, remote SVN HTTPS, Apple Developer registration).
445 TCP Microsoft SMB Domain Server - microsoft-ds -
464 TCP/UDP kpasswd 3244 kpasswd -
500 UDP ISAKMP/IKE 2408 isakmp OS X Server VPN service, Back to My Mac
514 TCP shell - shell -
514 UDP Syslog - syslog -
515 TCP Line Printer (LPR), Line Printer Daemon (LPD) - printer Used for printing to a network printer, Printer Sharing in Mac OS X
532 TCP netnews - netnews -
548 TCP Apple Filing Protocol (AFP) over TCP - afpovertcp AppleShare, Personal File Sharing, Apple File Service
554 TCP/UDP Real Time Streaming Protocol (RTSP) 2326 rtsp QuickTime Streaming Server (QTSS), streaming media players, AirPlay
587 TCP Message Submission for Mail (Authenticated SMTP) 4409 submission Mail (for sending mail), iCloud Mail (SMTP authentication)
600-1023 TCP/UDP Mac OS X RPC-based services - ipcserver Used by NetInfo, for example
623 UDP Lights-Out-Monitoring - asf-rmcp Used by Intel Xserves' Lights-Out-Monitoring (LOM) feature; used by Server Monitor
625 TCP Open Directory Proxy (ODProxy) (Unregistered Use) - dec_dlm Open Directory, Server app, Workgroup Manager; DirectoryServices in OS X Lion and earlier. Note: This port is registered to DEC DLM.
626 TCP AppleShare Imap Admin (ASIA) - asia IMAP Administration (Mac OS X Server v10.2.8 or earlier)
626 UDP serialnumberd (Unregistered Use) - asia Server serial number registration (Xsan, Mac OS X Server v10.3 - v10.6)
631 TCP Internet Printing Protocol (IPP) 2910 ipp Mac OS X Printer Sharing, Printing to many common printers
636 TCP Secure LDAP - ldaps -
660 TCP Server administration - mac-srvr-admin Server administration tools for Mac OS X Server v10.4 and earlier, including AppleShare IP.
687 TCP Server administration - asipregistry Server administration tools for Mac OS X Server v10.6 and earlier, including AppleShare IP.
749 TCP/UDP Kerberos 5 admin/changepw - kerberos-adm -
985 TCP NetInfo Static Port - - -
993 TCP Mail IMAP SSL - imaps iCloud Mail (SSL IMAP)
995 TCP/UDP Mail POP SSL - pop3s -
1085 TCP/UDP WebObjects - webobjects -
1099 & 8043 TCP Remote RMI and IIOP Acess to JBOSS - rmiregistry -
1220 TCP QT Server Admin - qt-serveradmin Used for administration of QuickTime Streaming Server.
1640 TCP Certificate Enrollment Server - cert-responder Profile Manager, SCEP
1649 TCP IP Failover - kermit -
1701 UDP L2TP - l2f Mac OS X Server VPN service
1723 TCP PPTP - pptp Mac OS X Server VPN service
1900 UDP SSDP - ssdp Bonjour, Back to My Mac
2049 TCP/UDP Network File System (NFS) (version 3 and 4) 3530 nfsd -
2195 TCP Apple Push Notification Service (APNS) - - Push notifications
2196 TCP Apple Push Notification Service (APNS) - - Feedback service
2336 TCP Mobile account sync - appleugcontrol Home directory synchronization
3004 TCP iSync - csoftragent -
3031 TCP/UDP Remote AppleEvents - eppc Program Linking, Remote Apple Events
3283 TCP/UDP Net Assistant - net-assistant Apple Remote Desktop 2.0 or later (Reporting feature)
3306 TCP MySQL - mysql -
3478-3497 UDP - - nat-stun-port - ipether232port FaceTime, Game Center
3632 TCP Distributed compiler - distcc -
3659 TCP/UDP Simple Authentication and Security Layer (SASL) - apple-sasl Mac OS X Server Password Server
3689 TCP Digital Audio Access Protocol (DAAP) - daap iTunes Music Sharing, AirPlay
3690 TCP/UDP Subversion - svn Xcode Server (anonymous remote SVN)
4111 TCP XGrid - xgrid -
4398 UDP - - - Game Center
4488 TCP Apple Wide Area Connectivity Service   awacs-ice Back To My Mac
4500 UDP IPsec NAT Traversal 4306 ipsec-msft

OS X Server VPN service, Back to My Mac.Note: Configuring Back to My Mac on an AirPort Base Station or Time Capsule in NAT mode will impede connectivity to an OS X Server VPN service behind that NAT.

5003 TCP FileMaker - name binding and transport - fmpro-internal -
5009 TCP (Unregistered Use) - winfs AirPort Utility, AirPort Express Assistant
5060 UDP Session Initiation Protocol (SIP) 3261 sip iChat
5100 TCP - - socalia Mac OS X camera and scanner sharing
5190 TCP/UDP America Online (AOL) - aol iChat and AOL Instant Messenger, file transfer
5222 TCP XMPP (Jabber) 3920 jabber-client iChat and Jabber messages
5223 TCP Apple Push Notification Service - - iCloud DAV Services (Contacts, Calendars, and Bookmarks), APNS, FaceTime, Game Center, Photo Stream, Back to My Mac
5269 TCP XMPP server-to-server communication 3920 jabber-server iChat Server
5297 TCP - - - iChat (local traffic)
5298 TCP/UDP - - - iChat (local traffic)
5350 UDP NAT Port Mapping Protocol Announcements - - Bonjour, Back to My Mac
5351 UDP NAT Port Mapping Protocol - nat-pmp Bonjour, Back to My Mac
5353 UDP Multicast DNS (MDNS) 3927 mdns Bonjour, AirPlay, Home Sharing, Printer Discovery, Back to My Mac
5432 TCP PostgreSQL - postgresql May be enabled manually on Lion Server. Previously enabled by default for ARD 2.0 Database.
5678 UDP SNATMAP server - rrac The SNATMAP service on port 5678 is used to determine the external Internet address of hosts so that connections between iChat users can properly function behind network address translation (NAT). The SNATMAP service simply communicates to clients the Internet address that connected to it. This service runs on an Apple server, but does not send personal information to Apple. When certain iChat AV features are used, this service will be contacted. Blocking this service may cause issues with iChat AV connections with hosts on networks that use NAT.
5897-5898 UDP (Unregistered Use) - - xrdiags
5900 TCP Virtual Network Computing (VNC)
(Unregistered Use)
- vnc-server Apple Remote Desktop 2.0 or later (Observe/Control feature)
Screen Sharing (Mac OS X 10.5 or later)
5988 TCP WBEM HTTP - wbem-http Apple Remote Desktop 2.x (seehttp://dmtf.org/standards/wbem)
6970-9999 UDP - - - QuickTime Streaming Server
7070 TCP RTSP (Unregistered Use)
Automatic Router Configuration Protocol (ARCP - Registered Use)
- arcp QuickTime Streaming Server (RTSP)
7070 UDP RTSP alternate - arcp QuickTime Streaming Server
7777 TCP iChat server file transfer proxy (unregistered use) - cbt -
8000-8999 TCP - - irdmi Web service, iTunes Radio streams
8005 TCP Tomcat remote shutdown - - -
8008 TCP iCal service - http-alt Mac OS X Server v10.5 and later
8080 TCP Alternate port for Apache web service - http-alt Also JBOSS HTTP in Mac OS X Server 10.4 and earlier
8085-8087 TCP Wiki service - - Mac OS X Server v10.5 and later
8088 TCP Software Update service - radan-http Mac OS X Server v10.4 and later
8089 TCP Web email rules - - Mac OS X Server v10.6 and later
8096 TCP Web Password Reset - - Mac OS X Server v10.6.3 and later
8170 TCP HTTPS (web service/site) - -

Podcast Capture/podcast CLI

8171 TCP HTTP (web service/site) - -

Podcast Capture/podcast CLI

8175 TCP Pcast Tunnel - - pcastagentd (for control operations, camera and so on)
8443 TCP iCal service (SSL) - pcsync-https Mac OS X Server v10.5 and later. Was JBOSS HTTPS in Mac OS X Server 10.4 and earlier.
8800 TCP Address Book service - sunwebadmin Mac OS X Server v10.6 and later
8843 TCP Address Book service (SSL) - - Mac OS X Server v10.6 and later
8821, 8826
TCP Stored - - Final Cut Server
8891 TCP ldsd - - Final Cut Server (data transfers)
9006 TCP Tomcat standalone - - Mac OS X Server v10.6 and earlier
9100 TCP Printing - - Used for printing to certain network printers
9418 TCP/UDP git pack transfer - git Xcode Server (remote git)
11211 - memcached (unregistered) - - iCal Server
16080 TCP - - - Web service with performance cache
16384-16403 UDP Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) - connected, - iChat AV (Audio RTP, RTCP; Video RTP, RTCP)
16384-16387 UDP Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) - connected, - FaceTime, Game Center
16393-16402 UDP Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) - - FaceTime, Game Center
16403-16472 UDP Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) - - Game Center
24000-24999 TCP - - med-ltp Web service with performance cache
42000-42999 TCP - - - iTunes Radio streams
49152-65535 TCP Xsan - - Xsan Filesystem Access
49152-65535 UDP - - - Back to My Mac
50003 - FileMaker server service - - -
50006 - FileMaker helper service - - -
Have more questions? Submit a request

0 Comments

Article is closed for comments.