Well known ports and optimal ports scanning range

You have a list on Wiki:
List of TCP and UDP port numbers
That should help.

@Predrag Jovic - Lists don't help, that is why I posted the question. I've looked plenty on the net before asking.

@Qlemo - Yes, we have permission of course, this isn't about hacking.
I know there is no second well known ports range and what I mean is, what is the next most optimal range to scan without scanning the full 64K which takes too long.

This is what I'm trying to find out.

As the prior what is the purpose of your scan will dictate whether the 1-1024 are sufficient or whether the entire scope shoukd be scanned when you are searching for a system that might have been configured or compromised.
1-1024 were the common, these days there are other well known ports including 1433,3306,3389,8080,3128,1812/1814/1645/1646.......

/etc/services on Linux, iana maintains, publishes a list of known ports and their designated usage .........


You could use one scan to determine the underlying os, then SCan port ranges specific for that OS.
Money auto include/enable software firewalls denying icmp........

The thing is that there is no other "Well known port list", additionally ... The other ports often can be used by different vendors, and even ports that are on the wiki list - might still be security risk and still should be checked are ports really in use.

Come on guys, I've explained that I know there is no second list of well known ports. I'm using that as a term only since what I am asking about doesn't exist. No need to keep showing me where I can get lists of ports, I already know those things.

I am asking specifically, what would be the optimum port range to scan if I wanted to scan beyond 1024 but not the full 64K ports.
As I also said, it seems many services are in the 4 digit range so I guess I'm answering my own question here, 1-4096 for example might be a good balance.

Known range typically used for VOIP:

RTP: UDP ports 16384-32767
CUCM: UDP ports 24576-32767

It has been said, the purpose dicates a good choice of port ranges. But yes, if you stay below 4k you will cover most "well-known" services like databases, remote maintenance, web services ... But you still will need to add some single ports like 8080, 8085, 8088 for web proxies, VMs, and more.
People also like to add a digit for obfuscation, like 10080 instead of 80, but applying that for checking the range 1-4095 doesn't really help to reduce the port count ...

You're asking too broad a question. Arnold basically has pointed why it cannot be answered based on what you provided. If your point overall is just to know whether unauthorized ports are open then you would have to scan the entire range. If you want to know whether there are software misconfigurations, then you could probably use ranges based on the OS, software and servers in place.

Yes, it is a broad question but asked in the best way I could think of. I kept getting replies about where to look for well known ports and other ports lists which is not what I was asking about.

Basically, I am asking experts what they think, in terms of covering a fair range that could find potential problems, in an optimized way, meaning, not scanning all 64K ports. Of course, I understand that there is no miracle answer since someone could run a web server on any port, 80, 8080, 64000, etc.

I think scanning to a 4000 range would be a good start and depending on the results, if there is an anomaly, ports we know should not be open, then scan deeper.

I'm not quite sure how to award this but I'll go by whom ever came closest first.

You can use Network Service Scanner and Open TCP Port Scanner feature in NetCrunch Tools to scan your network (any range) for 70 most well-known services (SSH, FTP, Web, Mail, SQL, NTP, SMTP, TIME, WhoIs, FTPS and so on). The software is free.