Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Registered Ports

Training Camp • Cybersecurity Glossary

What is Registered Ports?

TCP/UDP ports 1024–49151 that IANA assigns to vendor and application services—the middle range above well-known ports and below dynamic ports.

Glossary > Network Security > Registered Ports

Registered Ports — TCP/UDP ports 1024–49151 that IANA assigns to vendor and application services—the middle range above

Understanding Registered Ports

Registered ports are TCP and UDP port numbers 1024 through 49151, the middle range of the port space that IANA assigns to non-system applications from vendors and developers. They sit above the well-known ports (0–1023) and below the dynamic or ephemeral ports (49152–65535).

Unlike well-known ports, which are reserved for core system services, registered ports are allocated through a registration process so software vendors can claim a consistent number for their service. Assignments are documented in the IANA Service Name and Port Number Registry under the procedures of RFC 6335. On most operating systems, binding to a registered port does not require elevated privileges, so user-installed and third-party applications commonly use this range. Examples include 1433 for Microsoft SQL Server, 3306 for MySQL, and 3389 for Remote Desktop Protocol.

From a security perspective, registered ports are a frequent target and a useful monitoring signal, because malware and unauthorized applications often listen here. Knowing which registered ports legitimate business services use lets defenders write tight firewall rules, detect anomalous listeners, and spot command-and-control traffic. Leaving the entire range open invites lateral movement and data exfiltration through services administrators never intended to expose.

For example, an enterprise configures its firewall to deny all registered ports by default, then explicitly permits only the ports its applications need—3389 for managed Remote Desktop and 1433 for the database tier, each restricted to specific source subnets. Network monitoring alerts the security team when traffic appears on any other registered port, such as an unexpected listener on 4444, which would suggest a Metasploit payload or other unauthorized software running on a host.

Learn More About Registered Ports:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →