Lots of Unknown TCP Ports

Posted on 2005-04-21
Last Modified: 2013-11-29
Have quite a bit of data on this SonicWall Soho3 that is moving over the T1.  Outside of the Wec, the Citrix, and the Send Mail, I am confused on these port numbers.  The first 3 on the list are all Unlisted.  So I am a bit confused.  Anyone have any idea what is causing all this traffic?

Thanks in advance.  M.J.

1 TCP Port 49109 (6,49109) 133.703
2 TCP Port 42342 (6,42342) 132.898
3 TCP Port 8080 (6,8080) 114.842
4 Web (HTTP) (6,80) 75.072
5 Citrix (6,1494) 23.210
6 Send Email (SMTP) (6,25) 14.454
7 TCP Port 5001 (6,5001) 11.623
8 TCP Port 41389 (6,41389) 7.217
9 TCP Port 43071 (6,43071) 7.140
10 TCP Port 43972 (6,43972) 7.080
11 TCP Port 41396 (6,41396) 6.421
12 TCP Port 43993 (6,43993) 6.339
13 TCP Port 43076 (6,43076) 6.267
14 TCP Port 43987 (6,43987) 5.960
15 TCP Port 43075 (6,43075) 5.951
16 TCP Port 41393 (6,41393) 5.920
17 HTTPS (6,443) 5.850
18 TCP Port 41589 (6,41589) 3.329
19 TCP Port 41590 (6,41590) 3.282
20 TCP Port 44746 (6,44746) 3.281
21 TCP Port 44810 (6,44810) 3.274
22 TCP Port 41782 (6,41782) 3.191
23 TCP Port 41581 (6,41581) 3.180
24 TCP Port 41580 (6,41580) 3.174
25 TCP Port 44474 (6,44474) 3.172
Question by:SuperChicoMJ
    LVL 8

    Expert Comment


    generally, very high number ports are not reserved for commercial use. there are proprietary applications that do use these however, anything can use those ports. its not uncommon to find worms, trojans... using high level port numbers to look unsuspicious. mainly designed for public use to avoid conflictions with commercial use.

    here is the latest port number revisions as posted by IANA

    Author Comment

    Checked the port assignments already.  Did not find much.
    LVL 8

    Accepted Solution


    The best way to determine what these ports are really being used for, is to use a packet sniffer to capture the data flowing to and from those ports. i would reccomend using ethereal for this, however this will require someone moderatley knowledgable to decipher what is happening by looking at the raw data. if you do not have someone available, maybe we can help read the data. (or you can fly me down there and ill do it for you at a reasonable rate)

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    26 Experts available now in Live!

    Get 1:1 Help Now