The Broadband Guide
SG
search advanced

Port 161 Details


known port assignments and vulnerabilities
threat/application/port search:
 search
Port(s) Protocol Service Details Source
161 udp SNMP Simple network management protocol (SNMP). Used by various devices and applications (including firewalls and routers) to communicate logging and management information with remote monitoring applications. Typically, SNMP agents listen on UDP port 161, asynchronous traps are received on port 162.

Brother MFC printers use ports 137 UDP and 161 UDP (network printing and remote setup), 54925/udp (network scanning), 54926 UDP (PC fax receiving). Some may also open port 21 TCP (scan to FTP feature).

Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.
References: [CVE-2005-0289], [BID-12152]

The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of service (device restart) via a crafted packet on (1) TCP port 23, (2) UDP port 161, or (3) TCP port 513.
References: [CVE-2012-4703]

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port).
References: [CVE-2013-2780]

Cisco Catalyst 2900 XL series switches are vulnerable to a denial of service, caused by an empty UDP packet. If SNMP is disabled, a remote attacker can connect to port 161 and send an empty UDP packet to cause the switch to crash.
References: [CVE-2001-0566], [XFDB-6515]

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device.
References: [CVE-2019-6813]
SG
161 tcp,udp Simple Network Management Protocol (SNMP) (official) Wikipedia
161 tcp snmp snmp Nmap
161 udp snmp Simple Net Mgmt Proto Nmap
161 tcp,udp snmp SNMP IANA
5 records found
jump to:
 go
previous next

Related ports: 23  162  513  2404  

« back to SG Ports


External Resources
SANS ISC: port 161

Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.

TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP.

UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.

When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums.

Please use the "Add Comment" button below to provide additional information or comments about port 161.
  User Reviews/Comments:
    rate:
   avg:
by timflesher - 2017-03-30 13:15
what is port 161 ?
Says mine is open.
Should I be alarmed?
by Mark van der Pol - 2017-05-21 12:38
Port 161 is used for the Simple Network Management Protocol (SNMP)

For typical home use it is not required and even in industrial or office use it is rarely necessary, unless there is active use of an SNMP management system on-site.

There is no reason to be alarmed - Windows systems have it as an option that can be installed or removed.
by anonymous - 2017-08-16 22:13
very useful. i have some questions and i think here are people that can answer them:
when i try to scan 3 or 4 friends ip it says all 1000 ports are filtered and i cant get to know the open ports, then i tried a application called draconmap and could saw only 1 open port and it was 161 udp.

is there any way to do a better scan to get a common tcp port or something?

and the most important, once i get a port like this (161 udp) whats next? where i have to go and what do i have to run?

i have kali linux installed on virtualbox.
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About