Skip to content
Contact us
  • There are no suggestions because the search field is empty.

UpGuard Port Scanning Services Index

UpGuard scans for ports to identify open ports and services running on those ports.

Written by Caitlin Postal


UpGuard identifies and monitors many services that can be exposed by open ports. We scan for open ports and, if an open port is found, attempt to identify the service that is running on that port. If we are unable to identify a service, a risk is reported as an exposed unknown service.

While open ports aren't necessarily dangerous, they can expose vulnerable services that are misconfigured, unpatched, vulnerable to exploits, or feature poor network security.

Navigate to the appropriate alphabetical section below to see whether a specific service is identified by UpGuard’s port scanning. You can also use CTRL+F (or ⌘+F on Mac) to search for a specific name or phrase.

Note: This list is not exhaustive. If you have questions about a service not included in this list, please contact the Customer Success team.

0 - D

  • 3CX Phone System: Software-based Private Branch Exchange (PBX) phone system offering a complete Unified Communications suite with voice, video conferencing, and live chat for businesses.
  • Allegro RomPager: Widely used embedded web server toolkit designed for Internet of Things (IoT) devices, enabling them to be managed via a web browser.

  • AMQP: Advanced Message Queue Protocol provides access to a queue of data.

  • AndroMouse: Android mouse and keyboard interface.

  • Apache CouchDB: an open-source NoSQL database.
  • Apache Dubbo: Java-based remote procedure call (RPC) framework used for developing microservices-based and distributed systems.
  • Apache Kafka: a real-time data streaming platform 
  • Apple AirPlay: Proprietary wireless protocol that allows streaming of multimedia content such as audio, video, and photos between compatible devices over a Wi-Fi network. 

  • Apple Airport: AirPort Wifi support service.

  • Apple RemoteDesktop: remote management for Apple products.

  • Apple RemoteDesktop VNC: remote management for Apple products using the VNC protocol.

  • Ares RAT C&C: a remote access tool with Command & Control functionality.
  • ASUS Router Web Interface: The web-based graphical user interface (GUI) for an ASUS wireless router, which allows administrators to configure network settings, monitor traffic, and update the device's firmware.

  • Azure WebApps: a Microsoft cloud computing platform.

  • BACnet: a communications protocol for Building Automation and Control (BAC) networks.

  • Beanstalk Daemon: a worker queue for AWS.

  • BGP: Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information.

  • Bitcoin Daemon: runs on a Bitcoin node.

  • Blackshades C&C: a malicious remote access trojan (RAT).

  • Bozok RAT C&C: a malicious remote access trojan (RAT).

  • CassandraDB: a free and open-source, distributed, wide column store, NoSQL database management system from Apache.

  • CheckPoint Firewall: retrieves hostnames for the CheckPoint firewall and management station
  • Chromecast: Media streaming adapter from Google that allows users to play online content such as videos and music on a digital television from their mobile device or computer.
  • Cisco Install: an access point for the Cisco Smart Install feature.
  • Cisco IOS: The web-based configuration interface for Cisco IOS, the operating system used on many Cisco routers and switches.

  • Citrix ICA: a proprietary protocol for an application server system from Citrix

  • ClamAV: an open-source antivirus engine for detecting trojans, viruses, malware, and other malicious threats.
  • ClickHouse: Column-oriented SQL database management system (DBMS) designed for online analytical processing (OLAP)

  • CoAP: Constrained Application Protocol (CoAP) is a service layer protocol allowing nodes on a constrained network to be accessed over the internet.

  • Coffee Status: a smart coffee machine.

  • Coffee Machine: a coffee machine or kettle.

  • ConsulDiscovery: Consul is a service discovery solution.

  • Crestron SSN: Crestron is a control system for building management.
  • Dahua NVR/DVR: Network Video Recorder used to manage and store video footage from IP surveillance cameras.

  • DarkComet Trojan: a malicious remote access trojan (RAT).

  • DarkTrack RAT: another malicious RAT.

  • DB2: IBM Db2 database server.

  • DHCP: the Dynamic Host Configuration Protocol (DHCP) server interface.

  • DHT Peer List: allows peer discovery using a distributed hash table.

  • DiCOM: an interface for handling, storing, and receiving medical imaging data.

  • Dictionary: a server using the DICT protocol.

  • Digi Realport: an internet-of-things (IoT) wifi interface service.

  • DMARC: an email authentication protocol for Domain-based Message, Authentication, and Conformance.

  • DNP3: a set of communications protocols used between components in process automation systems.

  • DNS: Domain Name System that provides communication routing for the internet.

  • Door Controller: a networked access controller for door access from VertX/Edge.

  • Dovecot Pigeonhole: support for the Sieve language (RFC 5228) and the ManageSieve protocol (RFC 5804) to the Dovecot Secure IMAP server.
  • DrayTek Router: Networking device used by small and home offices to provide secure network access, firewall capabilities, and VPN connectivity.

  • DVR SerialNo: interface for a Dahua DVR device.

E - J

  • ElasticSearch: a search engine based on the Lucene library that provides a distributed, multitenant-capable, full-text search engine with an HTTP web interface and schema-free JSON documents.
  • Emby Media Server: Personal media server designed to organize, play, and stream a user's audio, video, and photos to a wide variety of client devices.

  • Erlang: a concurrent programming language and a garbage-collected runtime system.

  • ETCD: a distributed key-value store for the most critical data of a distributed system.

  • Ethereum: a cryptocurrency and a decentralized computing platform.

  • Ethernet/IP: an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet.
  • Firebird RDBMS: Open-source SQL relational database management system (RDBMS) that runs on various platforms, including Linux, Windows, and macO
  • Flux LED State: control interface for a Flux LED lightbulb.
  • FRITZ!Box: Series of residential gateway devices that combine the functions of a DSL modem, router, Wi-Fi access point, and VoIP telephone system.

  • FTP: The File Transfer Protocol (FTP) is a standard network protocol used for data transfer.

  • FTP (Anonymous): Anonymous FTP allows remote uses to use an FTP server without user credentials.

  • Ganglia XML Grid monitor: a scalable, distributed monitoring tool for high-performance computing systems, clusters, and networks.

  • Gardasoft Controller: a high-intensity LED lighting controller.

  • Gearman queue: an open-source application framework designed to distribute appropriate computer tasks to multiple computers.

  • GE SRTP Status: GESRTP DAServer provides access to data within the GE Fanuc family of PLCs.

  • Gh0st RAT: a malicious remote access trojan (RAT).

  • git: a distributed version control system.
  • Grafana: Open-source analytics and interactive visualization web application used for monitoring application and infrastructure performance

  • GRPS Tunnel: a group of IP-based communications protocols that carry general packet radio service (GPRS) within GSM, UMTS, and LTE networks.

  • HARTIP: allows HART automation device data to be accessed over IP networks.

  • HBaseDB: random, realtime read/write access to your big data from Apache.

  • HDD Temp: hard drive statistics information.

  • HiFly Lighting Control: the control interface of a HiFly LED lighting system.
  • Hikvision IP Camera: Network-connected video surveillance devices used for security monitoring in residential, commercial, and governmental applications.
  • Home Assistant: Open-source home automation platform that acts as a central control system for smart home devices from a wide variety of manufacturers.
  • HP iLO: Server daemon for the Remote Shell protocol (remsh or rsh), a legacy service used to execute non-interactive shell commands on a remote system.

  • HTTP: standard internet HTTP protocol.

  • HTTPS: standard, encrypted internet HTTPS protocol.

  • HSTS: a strict policy to enforce HTTPS.

  • IBM/Toshiba 4690 POS: a service for remote management of the IBM / Toshiba 4690.

  • IDENTD: an internet protocol that helps identify the user of a particular TCP connection.

  • iDevice Property List: retrieves property data from an iDevice.
  • InfluxDB: open-source time-series database (TSDB) developed by InfluxData
  • InterMapper Network Monitor: network monitoring and mapping software that provides real-time visibility into the performance and status of network devices like routers, switches, and server

  • IEC-104: a standard for telecontrol equipment and systems with coded bit serial data transmission in TCP/IP.

  • IEC-61850: an object-oriented control system protocol.
  • Istio Service Mesh: Open-source service mesh that provides a dedicated infrastructure layer to manage, secure, and observe microservice communications

  • IKE VPN: a VPN implementation based on IKE (Internet Key Exchange).

  • IMAP: Internet Message Access Protocol (IMAP) mail service.

  • IOTA: a quantum-resistant distributed ledger protocol and digital currency.

  • IPMI: defines a set of interfaces for out-of-band management of computer systems and operations monitoring.

  • ISCSI: allows SCSI commands to be sent over TCP/IP.
  • Ivanti Endpoint Manager Mobile (EPMM): mobile device management (MDM) solution used by enterprises to manage and secure employee mobile devices, applications, and content
  • Java Debug Wire Protocol: Protocol used for communication between a Java Virtual Machine (JVM) and a debugger.
  • Java Decompiler: Tool used to reverse-engineer compiled Java bytecode (.class files) back into human-readable source co
  • Java Message Service (JMS): Java API standard for message-oriented middleware used to create, send, and receive messages between software components
  • Java RMI: Java's Remote Method Invocation interface.
  • Jellyfin: Open-source media server that allows users to organize, manage, and stream their personal media collections like movies, TV shows, and music to various devices.

K - O

  • Kerberos: a ticket-based node identity protocol for mutual authentication.

  • KilerRAT C&C: a malicious remote access trojan (RAT).

  • KNX: a manufacturer-independent protocol for networking home and building system technologies.
  • Kubernetes: Open-source platform for managing and orchestrating containerized applications, automating their deployment, scaling, and operations.
  • LANCOM Server: Networking equipment including routers, firewalls, switches, and access points, managed via a web interface or the LANCOM Management Cloud for full network configuration and monitoring.

  • Lantronix Setup: an IoT management tool that uses serial tunneling to enables comms.

  • LDAP: a TCP/IP based directory service.

  • LDAP SSL: a TCP/IP based directory service.
  • Legalis Intranet: Platform that provides access to legal documents, including commentaries, manuals, and journals.
  • LG webOS TV: Linux kernel-based multitasking operating system for smart devices such as smart TVs.

  • LibreOffice Impress: allows remote control for an Impress slideshow from a mobile device.

  • Lotus Notes: various ports for Lotus Notes servers.

  • Matrikon OPC: a mechanism for reading industrial device configuration data over TCP/IP.

  • MDNS: multicast DNS service.

  • memcached: a distributed memory object caching system.

  • Meta/Facebook Pixel: a user tracking technology for Meta products.
  • Microsoft Message Queuing: Messaging protocol that enables applications to communicate reliably across networks, even when systems are temporarily offline.
  • Microsoft RPC Endpoint Mapper: Core Windows service on TCP port 135 that directs client applications to the dynamic ports of other network services.
  • Microsoft Windows RPC: Microsoft RPC (Microsoft Remote Procedure Call) is a modified version of Distributed Computing Environment / Remote Procedure Calls.
  • Mikrotik Bandwidth Test: Built-in RouterOS tool for measuring maximum data throughput between MikroTik routers, helping admins test speeds, identify bottlenecks, and troubleshoot performance.
  • MikroTik HTTP Proxy: ervice on MikroTik's RouterOS that acts as an intermediary for HTTP traffic, primarily used for web content caching, filtering, and access control within a network.
  • MikroTik Winbox: Graphical User Interface (GUI) tool for administering MikroTik RouterOS devices, offering full configuration, management, and network monitoring capabilities.

  • Minecraft: running a Minecraft server.

  • Mitsubishi EQ PLC: a programmable logic controller used for industrial automation.

  • Modbus: a serial communications protocol for use with its programmable logic controllers (PLCs).

  • Monero: is a decentralized cryptocurrency operated by a network of users.

  • MongoDB: a document-oriented NoSQL database.

  • Moxa Nport: a serial device server providing a TCP/IP interface to one or more serial devices.

  • MQTT Broker: a server that receives MQTT messages from clients and then routes the messages to appropriate destinations.

  • MSA Outlook: Microsoft Outlook email service.

  • Munin Node: an open-source computer system monitoring, network monitoring, and infrastructure monitoring software application.

  • Mumble: a voice-over-IP application.

  • MySQL: an open-source relational database.

  • NanoCore RAT: a malicious remote access trojan (RAT).

  • NAT-PMP: a network protocol for establishing network address translation (NAT) settings and port forwarding configurations.
  • Netatalk: Open-source implementation of the Apple Filing Protocol (AFP), allowing Unix-like operating systems to act as a file server for macOS clients.
  • Netdata: Open-source tool for real-time performance and health monitoring of systems, applications, and containers.
  • NetBIOS: provides services allowing applications on separate computers to communicate over a local area network (LAN).
  • Netflix Ready Device: Service running on consumer devices like Smart TVs, streaming sticks, and game consoles.
  • Netgear Router: WiFi router that manages network traffic.

  • NetMobility: an LTE network monitoring product.

  • Network News: NNTP is the protocol used to connect to Usenet servers and transfer newsgroup articles between systems over the Internet.

  • NFS: Network File System (NFS) is a distributed file system protocol.

  • njRAT C&C: a malicious trojan also known as Bladabindi.
  • NOD32 Antivirus: Security product that provides protection against malware, ransomware, and other online threats.

  • NTP: Network Time Protocol (NTP) is a networking protocol for clock synchronization.

  • Nuclear RAT: a malicious remote access trojan (RAT).

  • Omron PLC: a programmable logic controller.

  • ONVIF Camera: a camera interface.

  • OPC UA: OPC Unified Architecture is a machine-to-machine communication protocol for industrial automation.
  • OpenFlow: Communication protocol that is a key enabler of Software-Defined Networking (SDN).

  • OpenVPN: an open-source commercial VPN software.

  • Oracle TNS Listener: Transport Network Substrate (TNS) is a protocol for connecting to Oracle databases.

  • Oracle WebLogic T3: a protocol used to transport information between WebLogic servers and other types of Java programs.
  • Osiris HIDS Agent: Host-based intrusion detection system (HIDS) that monitors hosts for changes to the file system, user lists, and kernel modules to detect potential compromises.

P - T

  • PCAnywhere Status: a remote control software from Symantec.

  • PC WORX: software for programming Phoenix Contact electronics devices.

  • PLC5: a programmable logic controller from Rockwell Automation.

  • PLC ProConOs: a protocol for programmable logic controllers.
  • Plex Media Server: Client-server software that allows users to organize and stream their personal collections of movies, TV shows, music, and photos to various devices.

  • Poison Ivy RAT: a malicious remote access trojan (RAT).

  • POP3: a client/server protocol for email.
  • Portainer: Lightweight management platform that provides a graphical user interface (GUI) to simplify the management of containerized environments like Docker and Kubernetes.

  • portmapper: returns a list of running processes and their ports on a node.

  • PostgreSQL: an open-source relational database.

  • Poppassd: a program that changes system passwords and enables users to change their mail passwords.

  • PPTP: Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks.

  • Printer: a networked printer.

  • Printer Status: a networked printer.
  • Prometheus Node Exporter: Agent for exposing a wide variety of hardware and kernel-related metrics from servers for collection by a Prometheus monitoring server.
  • QNAP: Manufactures Network Attached Storage (NAS) devices used for centralized file storage, sharing, and backups in home and business environments.
  • QRAT C&C: a botnet command and control server.
  • Quagga Routing Software: Network routing software suite that provides implementations of common routing protocols like OSPF, RIP, and BGP for Unix-like platforms.

  • Quasar RAT C&C: a malicious remote access trojan (RAT).

  • QUIC HTTP: a proposed replacement for TCP to improve the speed of HTTP traffic.
  • Quote of the Day: simple network protocol, defined in RFC 865, designed for testing and measurement purposes
  • Ralink Router: web-based administration interface for a Ralink-based router, a common component in consumer and small business networking hardware.
  • RDATE: Legacy network protocol used to get the date and time from a remote machine.
  • Realtek Device: Web-based management interface for a router or other network device using a Realtek System-on-a-Chip (SoC).

  • Redis: a key-value database.

  • Red Lion HMI: devices running CrimsonV3; Red Lion's HMI operator panels enable customers to control processes across a range of industries.

  • RemCos Pro RAT: a remote access and keylogger tool.

  • Remote Desktop: Microsoft's remote desktop protocol.
  • Remsh: Server daemon for the Remote Shell protocol (remsh or rsh), a legacy service used to execute non-interactive shell commands on a remote system.

  • Riak: a key-value database.

  • RIP: the Routing Information Protocol.
  • Rlogin: Legacy software utility for Unix-like computer operating systems that allows a user to log in on another host via a network, providing remote command-line access.
  • Roku SoundBridge: Discontinued network media player designed to stream digital audio, such as internet radio or music from a local network, to a stereo system.

  • rpcbind: lists active RPC services on a machine.

  • RSYNCD: a utility for synchronizing local and remote directories.

  • RTSP: the Real-Time Streaming Protocol (RTSP) to control multimedia streaming, such as from IP cameras or DVRs.

  • RTXP Ripple: a cryptocurrency.

  • S7: a proprietary protocol developed by Siemens for communicating with their Programmable Logic Controllers (PLCs).

  • Samba: an open-source implementation of the SMB protocol and Microsoft Active Directory for Unix systems and Linux distributions.

  • SAP Router: used to establish a remote connection between SAP and a customer's network.

  • SCPI: Standard Commands for Programmable Instruments (SCPI) is a protocol primarily used for communicating with lab equipment.

  • SIP: Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.

  • Smart Meter: Kamstrup Smart Meter for metering energy and water.

  • SMB: Server Message Block (SMB) is a protocol for shared access to files, printers, and serial ports between nodes on a network.

  • SMTP: Simple Mail Transfer Protocol (SMTP) is a protocol used for sending email.

  • SNMP: Simple Network Management Protocol (SNMP) is a protocol for collecting information from and configuring various types of networked devices.

  • Spotify Connect: Feature that allows users to stream music from Spotify's cloud servers to various compatible devices over a Wi-Fi network, such as smart speakers, TVs, and gaming console
  • SQL Server: Microsoft SQL Server is a relational database.
  • SQL Server Browser Service: Runs on servers with Microsoft SQL Server and responds to client requests with information about the SQL Server instances installed, such as their names, versions, and connection details.
  • SQL Server Monitor: Microsoft SQL Server is a relational database.

  • SSL/TLS: the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols for encrypted traffic.

  • SSH: Secure Shell (SSH) is a protocol for securely operating network devices.

  • StatsD: a daemon for collecting statistics.

  • Steam: a dedicated server for online gaming.
  • Stockfish Chess Engine: Open-source chess engine used to analyze chess positions and calculate optimal moves.

  • Subversion: a software versioning and distributed revision control system from Apache.

  • TACACS+ AAA: checks if a device supports TACACS+ AAA.

  • Tank Gauge

  • TC-B: TC-B services.
  • TeamSpeak: Proprietary voice-over-Internet Protocol (VoIP) application for audio communication between users on a chat channel.

  • TeamViewer: a service for remote support and remote access.

  • Telnet: an application protocol used on the internet or local area network (LAN) to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

  • Tibia: a service for the Tibia online video game.

  • TikTok Pixel: a user tracking technology for TikTok.

  • TOR Control: Tor Control service.

  • TOR OR: Tor Onion router.

  • Torrent Tracker: BitTorrent tracker service.

  • Tridium Fox: Fox protocol by Tridium.
  • Trivial File Transfer Protocol (TFTP): Simplified version of FTP used to transfer files, primarily for network booting or backing up network device configurations.

  • TUYA API: API service for Tuya IoT platform.

U - Z

  • Ubiquiti: a service for retrieving information about a Ubiquiti-powered access point.

  • Udpxy: an IPTV stream relay service.

  • Unitronics PLC PCOM: a service for collecting device information for Unitronics PLCs via PCOM protocol.

  • Unknown: an exposed unknown service.

  • Unidentified: an unidentifiable open port.

  • UPnP: a Universal Plug and Play (UPnP) service.

  • Ventrilo: a service for retrieving detailed status information from a Ventrilo server.

  • VMWare Authentication Daemon

  • VNC: Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol to control another computer remotely.

  • VoldemortDB: a distributed data store designed as a key-value system that is used by LinkedIn for highly-scalable storage.

  • VxWorks WDB agent: WDB agent (used for debugging) on a VxWorks device.

  • Web cache: a web cache (or HTTP cache) for the temporary storage (caching) of web documents, such as webpages, images, and other types of multimedia, to reduce server lag.

  • Wemo Link: a service for IoT Wemo LEO lighting.

  • WHOIS: the WHOIS service conducts query and response for internet resources.
  • WinRM: A Microsoft protocol for remotely managing and controlling Windows-based systems.
  • WordPress XML-RPC API: an API tool for WordPress that may create additional surface for distributed denial-of-service (DDoS) attacks.
  • Wowza Streaming Engine: High-performance media server software used for streaming live and on-demand video and audio to a wide variety of devices and platforms.

  • X11: an SSH forwarding protocol; we identify if the service is running and can grab the header without auth.

  • XMPP Daemon: Extensible Messaging and Presence Protocol service.

  • Yahoo Smart TV: a smart television service.

  • Zero Access Trojan: a Trojan horse malware.

  • Zookeeper Node: a port is open and a service is listening but we cannot identify it.
  • ZTE Router: Optical Network Terminal (ONT) that functions as a residential gateway or router, providing internet access and local networking.

  • z/OS NJE: a Network Job Entry (NJE) network is composed of nodes that can transmit or receive a unit of work.

See also: