diff --git a/references/ports.md b/references/ports.md
index 296104c..480ee60 100755
--- a/references/ports.md
+++ b/references/ports.md
@@ -11,29 +11,29 @@
  * 80 HTTP
  * 88 Kerberos
  * 110 POP3
- * 111 SUNRPC(UnixRPC)
+ * 111 SUNRPC (UnixRPC)
  * 139 NetBIOS
  * 143 IMAP
  * 389 LDAP
  * 443 HTTPS
- * 445 MicrosoftDS
+ * 445 Microsoft DS
  * 514 RSH
  * 515 Printers
  * 631 CUPS
- * 1352 LotusNotes
+ * 1352 Lotus Notes
  * 2049 NFS
  * 3000 Webrick (Ruby Webserver)
  * 3389 RDP
  * 4949 Munin
  * 5060 SIP
  * 5631-5632 PCAnywhere
- * 5666(evidence of Nagios server on network) NRPE(*nix)/NSCLIENT++(win)
- * 5900-5906 (Same as X11; display over VNC. SPICE is usually in this range as well) VNC
- * 6000-6009 (seexspy, xwd, xkeyforexploitation) X11
+ * 5666 Nagios server/NRPE(*nix)/NSCLIENT++(win)
+ * 5900-5906 VNC (Same as X11; display over VNC. SPICE is usually in this range as well)
+ * 6000-6009 Xll (seexspy, xwd, xkeyforexploitation)
  * 8006 Proxmox
  * 8080 Alt-HTTP
- * 8089(also on 8000) Splunk
- * 8000(mezzanine in development mode for example) AnotherHTTP
+ * 8089 Splunk (also on 8000)
+ * 8000 Another HTTP (mezzanine in development mode for example)
  * 8834 Nessus HTTPS
  * 8443 AltHTTPS
  * 9080 Alt-HTTPtomcat
@@ -42,7 +42,7 @@
  * 17500 Dropbox lansync
 
 ## UDP Discovery: ##
- * easy copy - `53,111,123,161,177,500,514,1194,1434,1900,17185`
+ * easy copy - `53,111,123,161,177,500,514,623,1194,1434,1900,17185`
  * 53 DNS
  * 111 SUNRPC (Unix RPC)
  * 123 Network Time Protocol (NTP)
@@ -50,6 +50,7 @@
  * 177 XDMCP (via NSE script --script broadcast-xdmcp-discover, discover *nix boxes hosting X)
  * 500 Isakmp (ike PSK Attack)
  * 514 syslog
+ * 623 IPMI (easy crack or auth bypass)
  * 1194 OpenVPN
  * 1434 MSSQL Ping
  * 1900 UPNP
@@ -57,36 +58,35 @@
 
 ## Authentication Ports: ##
  * easy copy - `80,902,1494,5985,5986,6129,8200,9084`
- * Citrix: 1494
- * WinRM: 80, 5985 (HTTP), 5986 (HTTPS)
- * VMware Server: 8200, 902, 9084
- * DameWare: 6129
+ * 80,5985,5986 WinRM (5985 (HTTP), 5986 (HTTPS))
+ * 902,8200,9084 VMware Server
+ * 1494 Citrix
+ * 6129 DameWare
 
 ## Easy-win Ports: ##
- * Java RMI - 1099, 1098
- * coldfusion default stand alone - 8500
- * IPMI UDP(623) (easy crack or auth bypass)
- * 6002, 7002 (sentinel license monitor (reverse dir traversal, sometimes as SYSTEM))
- * GlassFish: 4848
- * easy copy - `9060`
- * IBM Web Sphere: 9060
- * Webmin or BackupExec: 10000
- * memcached: 11211
- * DistCC: 3632
- * SAP Router: 3299
+ * easy copy - `1098-1099,3299,3632,4848,6002,7002,8500,9060,10000,11211`
+ * 1098-1099 Java RMI
+ * 3299 SAP Router
+ * 3632 DistCC
+ * 4848 GlassFish
+ * 6002,7002 (Sentinel license monitor (reverse dir traversal, sometimes as SYSTEM))
+ * 8500 Coldfusion default stand alone
+ * 9060 IBM Web Sphere
+ * 10000 Webmin or BackupExec
+ * 11211 memcached
 
 ## Database Ports: ##
- * easy copy - `3306,1521-1527,5432,5433,1433,3050,3351,1583,8471,9471`
- * MySQL: 3306
- * PostgreSQL: 5432
- * PostgreSQL 9.2: 5433
- * Oracle TNS Listener: 1521-1527
- * Oracle XDB: 2100
- * MSSQL: 1433
- * Firebird / Interbase: 3050
- * PervasiveSQL: 3351, 1583
- * DB2/AS400 8471, 9471
- * Sybase 5000
+ * easy copy - `1433,1521-1527,1583,3351,2100,3050,3306,5000,5432,5433,8471,9471`
+ * 1433 MSSQL
+ * 1521-1527 Oracle TNS Listener
+ * 1583,3351 PervasiveSQL
+ * 2100 Oracle XDB
+ * 3050 Firebird/Interbase
+ * 3306 MySQL
+ * 5000 Sybase
+ * 5432 PostgreSQL
+ * 5433 PostgreSQL 9.2
+ * 8471,9471 DB2/AS400
 
 ## SCADA / ICS:##
 (source: http://www.digitalbond.com/tools/the-rack/control-system-port-list/ )