Just running “netstat -a” on my windows 10 box running Roon Server (connecting to a QNAP NAS SMB share for the stored music, which requires its own set of ports) shows that the protocols/ports may be endpoint-specific:
Squeezeboxes (transporter, touch, radio) appear to communicate on TCP/3483 and TCP/9000
Raspberry Pi RoonBridges (Raspian Lite) appear to use TCP/51283 TCP/51317 TCP/59211
iPad air RoonRemote appears to connect on port TCP/9100 and TCP/9101
Android phone RoonRemote appears to only connect on port TCP/9101
I can’t speak for any other endpoints or devices at this time, nor can I confirm these are the only ports required for these devices, but presumably there is some relationship between the device manufacturer (or app) and the port Roon uses.
I don’t see any persistent connections to/from roonlabs.com or tidal.com so those are probably stateful connections - or I just entirely missed them. It does look like port tcp/59318 is used for last.fm integration somehow. I will be investigating all of this further in the coming weeks as I build a new Core server and start to lock things down.