Portmap

The port mapper (rpc.portmap or just portmap, or rpcbind) is an Open Network Computing Remote Procedure Call (ONC RPC) service that runs on network nodes that provide other ONC RPC services.

Version 2 of the port mapper protocol maps ONC RPC program number/version number pairs to the network port number for that version of that program. When an ONC RPC server is started, it will tell the port mapper, for each particular program number/version number pair it implements for a particular transport protocol (TCP or UDP), what port number it is using for that particular program number/version number pair on that transport protocol. Clients wishing to make an ONC RPC call to a particular version of a particular ONC RPC service must first contact the port mapper on the server machine to determine the actual TCP or UDP port to use.

Versions 3 and 4 of the protocol, called the rpcbind protocol, map a program number/version number pair, and an indicator that specifies a transport protocol, to a transport-layer endpoint address for that program number/version number pair on that transport protocol.

The port mapper service always uses TCP or UDP port 111; a fixed port is required for it, as a client would not be able to get the port number for the port mapper service from the port mapper itself.

The port mapper must be started before any other RPC servers are started.

The port mapper service first appeared in SunOS 2.0.

Example portmap instance
This shows the different programs and their versions, and which ports they use. For example, it shows that NFS is running, both version 2 and 3, and can be reached at TCP port 2049 or UDP port 2049, depending on what transport protocol the client wants to use, and that the mount protocol, both version 1 and 2, is running, and can be reached at UDP port 644 or TCP port 645, depending on what transport protocol the client wants to use.

$ rpcinfo -p program vers proto  port 100000   2   tcp    111  portmapper 100000   2   udp    111  portmapper 100003   2   udp   2049  nfs 100003   3   udp   2049  nfs 100003   4   udp   2049  nfs 100003   2   tcp   2049  nfs 100003   3   tcp   2049  nfs 100003   4   tcp   2049  nfs 100024   1   udp  32770  status 100021   1   udp  32770  nlockmgr 100021   3   udp  32770  nlockmgr 100021   4   udp  32770  nlockmgr 100024   1   tcp  32769  status 100021   1   tcp  32769  nlockmgr 100021   3   tcp  32769  nlockmgr 100021   4   tcp  32769  nlockmgr 100005   1   udp    644  mountd 100005   1   tcp    645  mountd 100005   2   udp    644  mountd 100005   2   tcp    645  mountd 100005   3   udp    644  mountd 100005   3   tcp    645  mountd

Security concerns
The port mapper service was discovered to be used in Distributed Denial of Service (DDoS) attacks and Distributed Reflective Denial of Service (DRDoS) attacks in 2015. By using a spoofed port mapper request, an attacker can amplify the effects on a target because a portmap query will return many times more data than in the original request.