Port 636 (LDAPS)

TCP

LDAP over SSL — LDAPS listens on port 636 by default.

What is Port 636?

Port 636 is the default port for LDAPS (LDAP over SSL/TLS), the encrypted version of the Lightweight Directory Access Protocol. LDAPS wraps the entire LDAP connection in TLS encryption from the start.

LDAPS on port 636 provides the same directory services as LDAP port 389 but with full encryption. This protects sensitive data including user credentials, organizational information, and authentication tokens during transmission. Active Directory Domain Controllers typically listen on both ports 389 and 636.

LDAPS on port 636 uses implicit TLS, meaning encryption is established before any LDAP data is exchanged. An alternative approach is STARTTLS on port 389, which upgrades an existing plain connection. Microsoft recommends LDAPS for securing Active Directory communication.

Port 636 Security

LDAPS on port 636 should be secured with appropriate access controls and monitoring. Ensure the service is only accessible from trusted networks by configuring firewall rules to restrict access. If the protocol supports encryption, enable TLS/SSL to protect data in transit.

Regularly update LDAPS to the latest version to patch known vulnerabilities. Monitor port 636 for unauthorized access attempts and implement rate limiting where possible. Follow the principle of least privilege when configuring access permissions.

How to Check Port 636

To check if port 636 is open on a remote host, use nmap: 'nmap -p 636 hostname'. For a quick TCP connection test, use: 'telnet hostname 636' or 'nc -zv hostname 636'. On Windows PowerShell, use: 'Test-NetConnection -ComputerName hostname -Port 636'.

To check if port 636 is listening on your local machine, use: 'netstat -tlnp | grep 636' on Linux, or 'ss -tlnp | grep 636'. On Windows, use: 'netstat -an | findstr 636'. For a comprehensive scan, use: 'nmap -sV -p 636 hostname' to detect the service version running on the port.

Related Ports

Port 389 (LDAP) Port 443 (HTTPS) Port 993 (IMAPS)

Frequently Asked Questions

What is port 636 used for?

Port 636 is the default port for LDAP over SSL (LDAPS). It is used for ldaps communication using the TCP protocol.

Is port 636 TCP or UDP?

Port 636 uses TCP. TCP is used because ldaps requires reliable, ordered data delivery.

Should port 636 be open?

Port 636 should only be open if you are actively running LDAPS. Close unused ports to reduce your attack surface. If needed, restrict access to trusted IP addresses using firewall rules.

How do I check if port 636 is open?

Use 'nmap -p 636 hostname' to scan remotely, or 'netstat -tlnp | grep 636' to check locally on Linux. On Windows, use 'Test-NetConnection -Port 636 hostname' in PowerShell.

How do I secure port 636?

Secure port 636 by restricting access with firewall rules, using encryption (TLS/SSL) where supported, keeping LDAPS updated, using strong authentication, and monitoring for unauthorized access attempts.

🔍 Check Your IP Address

While you're here, find out your public IP address, location, and ISP details instantly.

Check My IP →

Related Tools

Port Reference
Complete network port database
Port Scanner
Scan ports on any host
SSL Check
Verify SSL certificate status
HTTP Headers
View HTTP response headers
Traceroute
Trace network route to host
Speed Test
Test your internet speed