According to this article, keyloggers usually make use of the FTP ports and email ports:
http://rbmikrotik.blogspot.com/2011/07/how-to-block-port-frequently-keylogger.html
My question is, can a keylogger software make use of other ports within the network so that it sends the information to the attacker?