What is Port 5900?
by Colin Cohen | Published on August 29, 2024
Port 5900 is dedicated to the Remote Frame Buffer (RFB) protocol. The Virtual Network Computing (VNC) system uses the protocol to transmit a graphical user interface (GUI) from a server to a client over the port.
What is Port 5900?
Port 5900 is for the RFB protocol. It’s what the VNC system uses when transferring the video display of a server to the video display of a client so that the client can remotely run applications on the server.
Definition
To understand the function of port 5900, you need to understand VNC.
VNC is a system that lets a client remotely connect to a server and run its GUI. You can think of it as Secure Shell Protocol (SSH) with a graphical interface. With VNC, a client running one operating system can run a different one on the server. For example, if you had a Mac and needed to run Windows apps, you could connect to a Windows machine using VNC and run Windows apps as if you had a Windows machine.
A key component of VNC is the RFB protocol. It transfers the video display of the server to the client over port 5900.
Technical Aspects
A device’s video display exists in what’s called a frame buffer. This is true regardless of the type of device or its operating system. By transferring the frame buffer over port 5900, the RFB protocol, in essence, transfers the video of one display to another.
It should be noted that you can use a port other than 5900 for RFB. The RFB protocol exists in the application layer of the Open Systems Interconnection (OSI) model.
Protocol Association
The protocol associated with port 5900 is RFB. It’s what lets the VNC system transfer a video frame buffer from the display of a server to the display of a client.
You also use the Transport Control Protocol (TCP) on port 5900 for transport control. It exists beneath RFB and establishes a reliable connection between the client and the server.
What is Port 5900 Used For?
VNC uses port 5900 for transmitting video buffers between a server and a client through the RFB protocol. This allows clients to remotely access and control devices using a GUI.
Primary Functions
Port 5900 is the default port used by VNC for remote desktop connections. The port allows a VNC server to transmit a video buffer to a VNC client through the RFB protocol. This, in turn, gives the client remote access to the server and the ability to control it and run GUI apps on it.
Industry Use Cases
In many organizations users need to remotely access and control devices over a network. Reasons for this include the need to manage devices from a distance or running applications that are not remotely available.
When there’s no need to run graphical applications, you can provide this access through a text-based tool such as SSH. But VNC lets you do this for graphical applications. Through port 5900, VNC transfers the video buffer of a server to a client using the RFB protocol, allowing you to run any graphical application that the server can run.
VNC isn’t the only tool for running graphical applications remotely. Organizations often use Remote Desktop Protocol (RDP) instead. This is because it’s faster than VNC and has better integration with Windows.
How to Ensure Port 5900 is Secure
As there are many exploitation risks associated with port 5900, it is important to implement best practices for securing the port on your devices. Toward this end, you should know how to close the port on your devices.
Exploitation Risks
A wide range of serious exploitation risks are associated with port 5900. They include remote command executions (RCEs), denial-of-service (DoS) attacks, and unauthorized access. Because of this, it is imperative that you secure port 5900.
Best Practices for Security
If you are not using VNC (or another service that uses port 5900), you should disable the port in your devices.
If you do require port 5900, you should implement the following practices:
Limit access to port 5900 in your firewalls to authorized IP addresses.
Require authentication when connecting to the port as well as strong passwords, and implement encryption.
Keep all VNC software updated to the latest releases.
Disabling and Closing Port 5900
To block port 5900 in Windows, do the following:
Open the Firewall Control Panel by running firewall.cpl in a command prompt.
Select Advanced Settings and click Inbound Rules.
Click New Rule under Action.
Select TCP and Specific local ports, and enter 5900.
Under Action, select Block the connection and click Next.
Under Profile, select Domain and Private and click Next.
Under Name, enter a name for the rule and click Finish.
Repeat steps 2 through 7 for Outbound Rules.
Monitoring and Troubleshooting Port 5900
If your organization uses port 5900 for VNC (or for some other service), you need to know how to detect traffic on the port. You also need to know how to resolve conflicts relating to the port.
Detecting Port 5900 Activity
To determine whether port 5900 is open on a device, run the following command from a command prompt or terminal:
netstat -aon
Resolving Port 5900 Conflicts
Only one service can listen to port 5900 at a time. If you want to run a service on port 5900 and discover through the netstat command that another service is listening on this port, you will need to disable this other service before you can start your service.
Frequently Asked Questions
The following FAQs answer questions typically asked relating to port 5900. They provide a basic understanding of the port and its uses.
What is TCP Port 5900 Used For?
You use TCP port 5900 for VNC (Virtual Network Computing). It allows a VNC server to share its video display with a VNC client through the RFB protocol.
Can Port 5900 Be Exploited?
Port 5900 can and has been exploited. To protect your organization against these exploitations, implement recommendations detailed in the Best Practices for Security section. These include limiting access, requiring authentication to use it, and ensuring software is up-to-date.
Is it Safe to Block Port 5900?
If you do not use VNC (or some other service that uses port 5900), it is safe to block port 5900. Even if you use VNC, you can configure it to use a port other than 5900. You can also limit access to the port.
What is the TCP Port 5900 Vulnerability?
Vulnerabilities associated with port 5900 include RCEs, DoS attacks, and unauthorized access. Because of this, it is important to properly secure the port.
Conclusion
VNC uses port 5900 so that it can transfer video buffers from a server to a client through the RFB protocol. This allows a client to remotely access and control a server and run GUI applications on it. Because of many serious exploits associated with the port, it is important to properly secure it.