What are Ports 8086 and 8087?
by Colin Cohen | Published on July 30, 2024
Ports 8086 and 8087 are dedicated to VMware vCenter Servers. The servers use these ports to communicate with vSphere components, particularly for diagnostics.
What are Ports 8086 and 8087?
Ports 8086 and 8086 are for the VMware vSphere virtualization platform. The platform uses the ports for internal purposes, specifically communication and diagnostics.
Definition
Ports 8086 and 8087 play an important role in the VMware vSphere virtualization platform. They allow vCenter Servers to communicate with vSphere components such as ESXi hosts and vSphere clients and perform diagnostics on them.
The two ports are closely tied to each other, as VMware utilizes them in a similar context. In vSphere implementations, you will need to make both ports accessible on devices that serve as vCenter Servers and vSphere components.
Organizations that do not implement VMware vSphere may use ports 8086 and 8087 for different purposes, such as for reverse proxies.
Technical Aspects
VMware vSphere uses ports 8086 and 8087 for internal purposes, most significantly for diagnostics. You need not worry about the technical aspects of these purposes, as they are proprietary. You just have to make sure that vSphere can access these ports on your devices.
The tools that run over ports 8086 and 8087 operate in the application layer of the Open Systems Interconnection (OSI) model.
Protocol Association
VMware vSphere implements proprietary protocols over ports 8086 and 8087. As a transport protocol below these protocols, VMware uses Transport Control Protocol (TCP) over these ports. This is because vCenter Servers must establish reliable connections with vSphere components.
What are Ports 8086 and 8087 Used For?
Ports 8086 and 8087 let vCenter Servers communicate with vSphere components. This is important for organizations that implement virtualized environments using VMware.
Primary Functions
You use ports 8086 and 8087 for VMware vSphere. It allows vCenter Servers to communicate with vSphere components and perform diagnostics on them. You typically don’t need to interact with these ports directly.
Industry Use Cases
Many organizations use virtualized environments, and VMware is one of the leading products. Those who implement it must ensure that VMware has access to ports 8086 and 8087 on devices so that vCenter Servers can perform internal diagnostics and other forms of communication.
If you don’t use VMware, you can use ports 8086 and 8087 for different purposes. Common ones include reverse proxies and custom web applications.
How to Ensure Ports 8086 and 8087 are Secure
Opening ports 8086 and 8087 on your devices can expose them to dangerous vulnerabilities. So you need to know how to secure them based on how you are using them.
Exploitation Risks
Having ports 8086 and 8087 open on your devices can expose them to serious vulnerabilities such as remote code executions (RCEs). If you are using the ports within the context of VMware vSphere, this shouldn’t be a problem, as you will only need the ports open within private networks. However, if you are using the ports in a different context, security can be an issue.
Best Practices for Security
If you are using ports 8086 and 8087 for VMware vSphere, you should only open them within private networks. If you are using the ports for a different purpose, such as a reverse proxy, you may have to keep them open to the public Internet. In such cases, you should monitor the ports for malicious activities and ensure that you are always using the latest software.
Disabling and Closing Ports 8086 and 8087
If you are using ports 8086 and 8087 for VMware vSphere, you should enable them only for private networks. If you are using the ports for a different purpose, you may be able to close them, or you may not. If you can’t, you should follow the recommendations in the previous section.
Monitoring and Troubleshooting Ports 8086 and 8087
If you use ports 8086 and 8087, you need to know how to detect and monitor activity on them, as well as how to resolve conflicts.
Detecting Port 8086 and 8087 Activity
To determine whether ports 8086 and 8087 are open on a device, run the following command from a command prompt or terminal:
netstat -aonMonitoring Port 8086 and 8087 Activity
It’s important to monitor traffic on ports 8086 and 8087, especially if you expose these ports to the public Internet. You can use a tool such as PRTG Network Monitor to monitor activity on the ports.
Resolving Ports 8086 and 8087 Conflicts
Only one service can listen to ports 8086 and 8087 at a time. If you want to run VMware vSphere on a device and discover through the netstat command that another service is listening on either port, you will need to disable this service or configure it so that it doesn’t use ports 8086 and 8087.
Frequently Asked Questions
The following FAQs answer questions typically asked relating to ports 8086 and 8087. They provide a basic understanding of the ports and their uses.
What is Port 8086 Used For?
You use port 8086 for internal communication and diagnostics within VMware vSphere, specifically between vCenter Servers and vSphere components. If you are not implementing vSphere on a device, you can use the port for a different purpose, such as for a reverse proxy.
What is Port 8087 Used For?
Like with port 8086, you use port 8087 for internal communication and diagnostics within VMware vSphere. If you are not implementing vSphere on a device, you can use the port for a different purpose, such as for a reverse proxy.
What Data Types are Supported by Ports 8086 and 8087?
Ports 8086 and 8087 support proprietary data types. You should not need to concern yourself with them. You just need to make sure that VMware can access the ports.
What Vulnerabilities are Associated with Ports 8086 and 8087?
RCEs have been associated with ports 8086 and 8087. Because of this, it is important to secure the ports by following the steps outlined in the Best Practices for Security section.
Conclusion
In VMware vSphere, ports 8086 and 8087 allow vCenter Servers to communicate with vSphere components and diagnose issues. If you don’t use VMware vSphere, you can use the ports for other purposes, such as reverse proxies. In either case, you need to know how to secure the ports.