← back to blog
4 min read
  • #security-plus
  • #ejpt
  • #networking
  • #studying

The ports and protocols actually worth memorizing

About twenty ports cover almost every Security+ and eJPT question. Here is the short list, the memory hooks that made them stick for me, and why understanding beats rote for the rest.


Every Security+ study guide dumps a table of forty-plus ports on you and says memorize all of it. That is how you burn a week of study time on numbers that never show up on the exam or in a real scan. I am studying SY0-701 and eJPT right now, and I cut that table down to a short list that actually earns its space in my head. The rest you can reason your way to.

The short list

These are the ports I drilled until they were automatic. If a Security+ question gives you a port number with no other context, it is almost always one of these.

Memorize cold:

  • 22 - SSH. Encrypted remote shell. SFTP rides on it too.
  • 53 - DNS. Names to IP addresses. UDP for queries, TCP for zone transfers.
  • 80 and 443 - HTTP and HTTPS. You already know these.
  • 25 - SMTP. Mail moving between servers.
  • 445 - SMB. Windows file sharing. The port behind WannaCry.
  • 3389 - RDP. Remote desktop, and a favorite target for ransomware crews.

Second tier, still worth drilling:

  • 21 - FTP and 23 - Telnet. Both plaintext. Know them so you can spot them and recommend shutting them off.
  • 110 and 143 - POP3 and IMAP. Their secure versions are 995 and 993.
  • 587 - SMTP submission, the authenticated way mail clients send.
  • 67 and 68 - DHCP.
  • 123 - NTP.
  • 161 - SNMP, with 162 for traps.
  • 389 and 636 - LDAP and LDAPS.

That is about twenty numbers, not forty. Twenty is a deck you can actually keep fresh.

Memory hooks that actually stick

Plain flashcards alone did not do it for me. What worked was attaching each number to something with weight:

  • Pairs beat singles. Learn insecure and secure together. Telnet at 23 lives next door to SSH at 22. HTTP 80 maps to HTTPS 443. LDAP 389 maps to LDAPS 636. POP3 110 to 995, IMAP 143 to 993. One hook stores two facts.
  • Stories beat mnemonics. 445 stuck the day I read how WannaCry spread over SMB and shut down hospitals. I never had to drill it again. 3389 stuck when I learned how much ransomware starts as exposed RDP with a weak password.
  • Small daily reps beat cramming. I answer one port question a day as part of my study streak. Five minutes a day for a month holds better than a weekend binge, at least for me.

Cute mnemonics, like sentences where the word lengths spell the digits, never worked for me. If one works for you, use it. The exam does not care how the number got into your head.

Understand the rest, do not memorize it

Here is the part most guides skip. Once you understand what a protocol is for, half the trivia stops being trivia:

  • DNS uses UDP 53 for lookups because queries are tiny and speed matters. It uses TCP 53 for zone transfers because those are big and need reliability. You do not memorize that. You derive it.
  • FTP uses 21 for commands and 20 for data because it splits the control channel from the data channel. That one fact explains why passive mode exists and why FTP fights with firewalls.
  • Anything designed before roughly 1995 is probably plaintext and probably has a secure replacement on a different port. That single rule covers Telnet, FTP, HTTP, POP3, IMAP, and early SNMP.

For eJPT the raw numbers matter even less, because nmap prints the port and usually the service right in front of you. The skill is knowing what to do next. Open 445 means enumerate SMB shares. Open 3389 means check for weak credentials. The port number is a doorbell label. Understanding is knowing what lives behind the door.

One honest limit: memorized defaults are a guess, not a fact. Admins move SSH to 2222 all the time, and malware talks to its command server over 443 exactly because everyone trusts 443. A port number tells you what is usually there. A banner grab or nmap -sV tells you what is actually there. My list is also biased toward the two exams I am studying. If you are working toward CCNA or something network-heavy, your short list will look different.

I have not passed either exam yet, so take this as field notes from the middle of the climb, not advice from the top. But the short list plus daily reps turned ports from my weakest category into free points. I built the same drills into Aldo's Toolkit, free on both stores, no ads, with Security+ SY0-701 and eJPT flashcards, quizzes, and a daily question with streaks. It is at /app if you want the reps without building your own deck.

$ share

community rating

$ ls ./comments

sign in or create an account to rate and comment.

no comments yet, be first.