Remote Access Ports

Intel Remote Desktop / Alternate HTTP Port

Port 8000 is officially allocated to Intel's Remote Desktop Management Interface (iRDMI), though in practice, it is rarely used for this purpose today. Instead, it commonly serves as an alternative port for HTTP or HTTPS web services when default ports like 80 or 443 are unavailable or intentionally changed. Administrators and developers may use this port to avoid conflicts or for basic security through obscurity.

D2GS Admin Console

Port 8888 is commonly associated with the D2GS Admin Console, which provides Telnet-based administrative access to Diablo II Game Servers (D2GS). This console allows server operators to manage gameplay sessions, configure server settings, monitor user activity, and perform maintenance tasks remotely. While unofficial, it remains widely used in private or custom game server deployments to streamline the management of Diablo II multiplayer environments.

Atlasz Secure Server

Port 8881 is commonly associated with Atlasz Informatics Research Ltd.'s Secure Application Server, a platform intended to facilitate secure application deployment and communications, primarily over TCP. While its utilization isn't standardized or well documented, it often serves proprietary secure communication processes or remote management interfaces that demand careful access control and monitoring due to elevated security implications.

TeamViewer

TeamViewer is a widely-used remote access and desktop sharing application that enables users to connect to and control remote computers over the internet with minimal configuration. It facilitates secure remote support, collaboration, and file transfer between systems across various platforms.

Winbox MikroTik Admin

*MikroTik's Winbox* is a Windows-based utility used predominantly to configure and manage MikroTik RouterOS devices via TCP port 8291. It provides a graphical management interface that complements other access methods like SSH, Telnet, and an integrated web UI, offering administrators comprehensive and user-friendly device control.

IBM HTTP Server Admin

**IBM HTTP Server** (IHS) uses port 8008 as a default port for administrative access. This port facilitates management, monitoring, and configuration of the server remotely through a web-based interface or command-line tools. Admins leverage this port to control and maintain Apache-based HTTP servers optimized by IBM, which are often part of larger enterprise web infrastructure deployments.

Microsoft EPMAP

Microsoft Endpoint Mapper (EPMAP), commonly operating on port 135, serves as the RPC (Remote Procedure Call) locator service. It allows clients to identify network services available on a Windows host, facilitating communication with components like DHCP, DNS, WINS, and Distributed Component Object Model (DCOM). By mapping UUIDs to network addresses, EPMAP acts as a directory, enabling dynamic discovery of RPC services essential for remote management and inter-process communication in Windows environments.

Telnet

_Telnet is an unencrypted, text-based protocol operating over TCP port 23, primarily utilized for remote command-line access to network equipment and servers. Its simplicity allows administrators to manage systems by directly interfacing with their command-line shells; however, due to the lack of security features such as encryption and strong authentication, it has largely been superseded by more secure alternatives._

VNC over HTTP

Port 5800 is commonly used to access Virtual Network Computing (VNC) remote desktop interfaces over HTTP. This facilitates browser-based connections to remote systems, enabling users to manage another computer’s desktop environment through a web interface without needing dedicated client software.

VMware vSphere Management

Port 902 is primarily used by VMware vSphere for communication between the vSphere Client, ESXi hosts, and VMware management agents. It facilitates remote management, tasks automation, and host operations. The port enables secure communication pathways for remote console access, management functionalities, data transfers within VMware infrastructures, and integration with vCenter Server for centralized management.

Check Point Embedded HTTPS Management

Port 981 is typically utilized by SofaWare Technologies for secure remote management of firewall devices running embedded Check Point FireWall-1 software. This port enables administrators to access and configure these security appliances over an encrypted HTTPS connection, ensuring confidentiality of sensitive operational data during remote sessions.

Radmin Remote Administration

Radmin is a remote control software solution for remote desktop management and access. It enables administrators and users to connect to remote computers for tasks such as troubleshooting, configuration, or support. While primarily used for legitimate remote administration, its powerful capabilities have also made it a tool of choice exploited by cybercriminals and malware, frequently associated with unauthorized access if not properly secured.

VMware Console UDP

UDP port 902 is primarily used by VMware Server Console for communication between the managed VMware server and the management console. It enables important service functions like remote management, control, and monitoring of virtual infrastructure, ensuring administrators can maintain oversight of VMware environments efficiently through network communications.

Dell OpenManage

Dell OpenManage HTTPS service listens on port 1311 to provide administrators with secure access to Dell servers' management consoles. It utilizes HTTPS encryption to ensure communication confidentiality and typically facilitates hardware monitoring, firmware updates, status alerts, and remote server administration via a web interface. This port is essential for managing Dell PowerEdge servers using Dell OpenManage Server Administrator (OMSA).

Apple Remote Desktop Reporting

Port 3283 is primarily used by Apple Remote Desktop (ARD) for reporting and status communication between managed Mac clients and the administrator console. Historically linked to Apple's Net Assistant utility, it facilitates efficient status updates and task execution monitoring within ARD environments.

WebSphere SOAP Connector

The WebSphere Application Server uses port 8880 by default to enable SOAP-based communication between clients and the server. This connector facilitates remote management, deployment, and configuration interfaces using SOAP, a common protocol supporting structured information exchange. It primarily assists in integrating administrative tools and automated systems with WebSphere's application management capabilities.

Mac OS X Server Admin

Port 311 was historically used by Mac OS X Server's Admin tool, which provided a web-based management interface for AppleShare IP services. This allowed system administrators to configure and control server-side functions, including file sharing, web services, and user management, from any standard web browser with appropriate authentication. Over time, its utility diminished as Apple transitioned to new server management paradigms.

Mac OS X Server Admin

Port 660 is utilized primarily for the remote management and administration of Mac OS X Server instances. It serves as a communication endpoint for macOS administrators to configure, monitor, and troubleshoot macOS server systems. This port helps facilitate administrative access and management functions, often through dedicated Apple utilities or command-line tools.

Cisco XRemote

Port 9001 is traditionally associated with Cisco's XRemote router configuration, primarily utilized for device management and remote console access over serial interfaces. It facilitates administrative operations on Cisco routers, providing a means to configure, troubleshoot, and maintain network infrastructure remotely, especially in legacy network environments.

Telnet over TLS/SSL

Port 992 is designated for Telnet communications secured through TLS/SSL encryption, augmenting the traditional Telnet protocol by providing a secure channel that protects data integrity and confidentiality during remote command-line sessions. It is used primarily where legacy Telnet access needs to be maintained while enhancing security.

Webmin

Webmin is a web-based system configuration tool designed for Unix-like systems, allowing administrators to manage server functions through an intuitive web interface rather than command-line operations.

LogMeIn Hamachi

LogMeIn Hamachi is a VPN tunnel software used to connect securely to a mediation server, allowing users to create virtual networks over the internet.

eklogin Kerberos Remote Login

Port 2105 is used by eklogin, a version of the classic Unix remote login (rlogin) service that incorporates Kerberos encryption. It facilitates secure, authenticated remote terminal access by leveraging Kerberos to verify user identities and encrypt the login session. This port aims to provide a safer alternative to traditional rlogin, reducing risks from credential exposure and session hijacking over untrusted networks.

TheosNet-Admin

TheosNet-Admin on port 2501 facilitates communication for The sMessenger client connections. This service enables administrative management and instant messaging functionalities within Theos systems, serving both as a command and control interface and messaging relay point.

DirectAdmin & ESET Remote Admin

Port 2222 is widely recognized as the default TCP port for DirectAdmin, a commercial web hosting control panel, and is also employed by ESET Remote Administrator for centralized management of ESET security solutions. This dual-purpose port is predominantly used for secure web-based management interfaces, allowing administrators to manage servers or endpoint clients remotely. Due to its remote administration capabilities, it is a notable target and should be protected accordingly.

Back Orifice RAT

Back Orifice is a notorious remote administration tool released in the late 1990s, primarily known for its exploitation as a Trojan horse. It allows remote control of a Windows system, often without the user’s knowledge or consent, enabling malicious actors to access files, monitor user activity, and manipulate system configurations. Due to its ease of deployment and stealthy capabilities, it has historically been a popular choice for attackers targeting vulnerable systems.

Remote Administrator

Port 3899 is primarily associated with Remote Administrator (Radmin), a remote desktop software suite by Famatech. It provides tools for remote management, technical support, and system administration, allowing administrators to securely control and access remote computers over a network or the internet.

Remote Web Workplace

Remote Web Workplace (RWW) is a Microsoft web-based portal enabling remote access for administrators and users to internal resources such as desktops, email, and file shares. Typically integrated with Windows Small Business Server, it provides a central, browser-based interface designed to simplify connectivity and management tasks for offsite personnel.

ASF-RMCP

ASF Remote Management and Control Protocol (ASF-RMCP) is a standardized protocol enabling remote monitoring, management, and control of computer systems and devices at the platform hardware level. Primarily used by IT administrators, ASF-RMCP facilitates out-of-band management for devices regardless of their operating system status, making it valuable for maintenance, troubleshooting, and asset administration.

SSH

<p><strong>Secure Shell (SSH)</strong> is a widely-used network protocol designed to provide secure access and communication with remote systems over an unsecured network. It encrypts login credentials, command execution, file transfers, and tunneling capabilities, making it a fundamental tool for system administrators and developers to securely manage servers and devices.</p>

NetBus / NetBuster

Port 12345 is strongly associated with the NetBus remote administration tool, which is widely known as a backdoor Trojan horse. It was originally designed for legitimate remote control but was quickly adopted by malicious actors for unauthorized access and control over infected machines. Additionally, this port has seen use by NetBuster, a NetBus honeypot tool, and is sometimes used by certain networked games such as Little Fighter 2.

Xadmin Control Daemon

Xadmin Control Daemon is a network service typically employed for managing system configurations, device administration, or internal service management. It provides administrators remote capabilities to monitor, control, and update system parameters via both TCP and UDP protocols. While not a widely standardized service, it enables flexible network management that can be adapted by different organizations based on their internal needs.

IPSec

Internet Protocol Security (IPSec) is a suite of protocols designed to secure IP communications by authenticating and encrypting each IP packet in a communication session. It is widely used to establish secure VPNs, protecting data traffic over untrusted networks, including the internet. Port 1293 is specifically assigned for the IPSec Network Address Translation-Traversal (NAT-T), facilitating IPSec operation behind NAT devices.

Kaspersky Network Agent

Kaspersky Network Agent is a key component in Kaspersky's security infrastructure, facilitating communication between managed security products and the central administration server. It enables remote deployment, configuration, monitoring, and updates of security policies, ensuring seamless management of endpoints across an organization.

DCE/RPC Endpoint Mapper

_Port 135 is primarily used by Microsoft RPC Endpoint Mapper, a crucial function for locating network services used by Windows systems and DCE/RPC frameworks. It facilitates communication between clients and available services by helping clients determine what dynamic ports specific RPC services are listening on._

Microsoft RDP

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft to provide a graphical interface for remotely connecting to another computer or server. Commonly used by system administrators and remote users, RDP allows full control over Windows systems across networks, enabling maintenance, troubleshooting, or remote work capabilities. Despite being a widely deployed remote access solution, RDP can expose systems to significant security risks if incorrectly configured.

SOCKS Proxy

Port 1080 is traditionally used for the SOCKS proxy protocol, a flexible proxy mechanism enabling network clients to route traffic through intermediary servers. It supports various types of network connections, providing anonymity, bypassing restrictions, or improving security by acting as a relay between networks.

IPSec NAT Traversal

Port 4500 facilitates IPSec VPN connections across network devices using NAT by encapsulating ESP packets within UDP to traverse NAT gateways seamlessly. Defined in RFC 3947, it extends IPSec capabilities for real-world networks where NAT is prevalent, ensuring secure communications remain intact. NAT-T allows enterprises and remote workers to maintain encrypted IPSec tunnels reliably over varied and complex network topologies.

L2TP & L2F

Layer 2 Forwarding Protocol (L2F) and Layer 2 Tunneling Protocol (L2TP) are technologies primarily employed for creating Virtual Private Network (VPN) tunnels by encapsulating data for secure transmission across IP networks. L2TP, often used in conjunction with IPSec for encryption, has largely supplanted L2F, which was an earlier Cisco-developed protocol. These protocols operate at the data link layer, enabling secure communication of PPP frames beyond point-to-point physical connections.

VNC Viewer Listener

Port 5500 is primarily associated with Virtual Network Computing (VNC) in 'listening' mode, allowing a server-side VNC viewer to wait for remote client connections. This facilitates reverse connections for remote desktop sharing and remote support. Standard VNC normally involves the client connecting to the remote server, but in some deployments, the server initiates a connection back to a listening viewer to bypass firewalls and NAT restrictions.

HP Support Automation

Port 5814 is used primarily by Hewlett-Packard OpenView's Support Automation tools, including Self-Healing Services. These services enable remote diagnostics, automated issue detection, and streamlined support workflows for enterprise IT environments. The primary goal is seamless system management with proactive problem resolution.

AlphaVision RCI

Aqumin AlphaVision's Remote Command Interface (RCI) is a communication service that allows external applications and clients to remotely control the AlphaVision visualization environment. This facilitates integration within financial services, where AlphaVision is used to analyze large-scale financial datasets visually.

VNC Remote Desktop

Virtual Network Computing (VNC) allows users to remotely control another computer’s desktop across networks or the internet. Operating primarily on port 5900, VNC is widely compatible, supporting various implementations including Apple Remote Desktop. It facilitates graphical desktop sharing, enabling seamless access and management regardless of physical location.

Plesk/Tomcat SSL

Port 8443 is commonly used for secure web-based administrative interfaces such as the SW Soft Plesk Control Panel, Apache Tomcat Manager over SSL, and Promise WebPAM SSL management. Typically, it facilitates encrypted communications for web applications running outside the default HTTPS port (443), enabling secure management and service access without conflicting with standard HTTPS content.

LogMeIn Hamachi

LogMeIn Hamachi is a popular virtual private network (VPN) application that allows users to create secure, encrypted peer-to-peer connections over the internet. It uses dedicated mediation servers to establish and manage VPN tunnels between clients. Port 12975 is typically used by the Hamachi client to communicate with the mediation server, facilitating network creation and management. If communication via this port is unavailable, Hamachi may attempt to use alternative ports or fallback to SSL protocols to maintain connectivity.

MikroTik Dude Remote Management

Port 2210 is primarily used for remote management of MikroTik RouterOS devices via The Dude, MikroTik’s centralized network monitoring and management tool. It enables administrators to monitor network devices, manage configurations, and perform diagnostics efficiently from a centralized location.

pcAnywhere Status

Symantec pcAnywhere uses port 5632 UDP for transmitting status information between client and host systems. This port helps facilitate remote management and monitoring capabilities within the pcAnywhere application suite, which is widely used for remote desktop control. Proper configuration and securing of this port is essential to avoid unauthorized access.

X11 Protocol

Port 6000 is primarily utilized for the X11 protocol, which facilitates communications between X Window System clients and servers over a network. It enables the display of graphical user interfaces from remote Linux and UNIX systems, allowing users to run applications remotely with graphical output rendered locally. This makes it a fundamental component in remote graphical computing environments.

X11 Display Manager

Port 6001 is commonly used by the X Window System (X11), a windowing system for bitmap displays, primarily on UNIX and UNIX-like operating systems. It enables graphical user interfaces (GUIs) to be used over network connections by transmitting display data between an X server and X client applications. Each additional display instance typically uses an incremental port from 6000, meaning port 6001 corresponds to the second X11 display.

MikroTik Dude Secure Management

Port 2211 is utilized by MikroTik for secure management communications within The Dude network monitoring system. It facilitates administrative tasks, device management, and secure data transfer between The Dude client and server components, ensuring that network administrators can efficiently monitor and maintain their network infrastructure.

A-Talk Remote Server

Port 5107 is commonly associated with A-Talk's remote server connection feature. It facilitates communication between remote A-Talk clients and servers, enabling chat, messaging, and connectivity management. The port is primarily TCP-based and typically used in setups requiring remote administration or communication relay, with limited encryption support by default.

Synergy

Synergy is a versatile software application that enables users to seamlessly share a single keyboard and mouse across multiple devices and operating systems. It effectively merges desktops into one fluid workspace, eliminating the need for separate input devices for each machine.

Multiplicity

Multiplicity is a software solution that enables users to control multiple computers using a single keyboard and mouse, as well as share clipboard data seamlessly across devices. It simplifies the workflow for users who utilize multiple machines simultaneously by offering quick switching and data transfer capabilities.

DBGp

DBGp (Debugger Protocol) is a common debugging interface primarily used by PHP debugging tools such as Xdebug. Operating typically over TCP port 9000, it facilitates communication between the IDE and the server for efficient debugging workflows including breakpoint management, code inspection, and execution control.

Apprentice

Port 4747 is used primarily by the VNC-based remote desktop tool TightVNC’s 'Apprentice' component to facilitate remote access and control of computer systems. It enables remote management, troubleshooting, and screen sharing, making it effective for system administration and remote support. Although not widely standardized, it is popular in certain remote support and monitoring solutions.

Remote Server System

Port 384 is designated for a Remote Network Server System protocol that supports communication between remote clients and network-based servers. This port facilitates remote configuration, monitoring, and management tasks, often enabling system administrators to perform crucial operations without direct physical access. It is an official port assignment that is known for its versatility in enabling remote network services across various environments.

PPTP

PPTP, or Point-to-Point Tunneling Protocol, is a VPN protocol developed by Microsoft to enable secure data transfer through encryption and encapsulation. While it historically allowed users to create secure communication tunnels over public networks, today it is largely considered outdated due to its well-known security vulnerabilities.

klogin (Kerberos Login)

Kerberos klogin facilitates secure, authenticated remote login services using Kerberos as the authentication mechanism. It is a protocol built on top of the Berkeley rlogin protocol but with strong authentication to prevent credential interception or replay attacks. Historically, it served to allow trusted access between hosts in environments where Kerberos is deployed.

OpenVPN

OpenVPN is an open-source VPN protocol and software that enables secure, encrypted connections over both TCP and UDP. Designed for flexibility, reliability, and ease of configuration, OpenVPN has become one of the most popular solutions for creating virtual private networks that bypass network restrictions and ensure data privacy.

LANDesk Remote Control

LANDesk Management Suite's Remote Control service allows administrators to remotely access, troubleshoot, and manage client devices across the enterprise network, improving IT support efficiency.

Citrix ICA Session Reliability

TCP port 2598 is used by Citrix Independent Computing Architecture (ICA) protocol when Session Reliability is enabled, providing a seamless user experience during momentary network disruptions. Unlike the standard ICA port 1494, port 2598 supports the Common Gateway Protocol (CGP), allowing Citrix sessions to maintain connectivity without user interruption by buffering data until the network stabilizes.

Remote Login (rlogin)

**rlogin** (Remote Login) provides remote command-line access to Unix systems, allowing users to log in over the network as if they were directly connected.

Miralix GreenBox API

Miralix GreenBox API is a communication interface designed to integrate Miralix’s telephony and contact center solutions with external systems and business tools. It streamlines the process of connecting call control, presence information, and other unified communications features, enabling organizations to optimize customer interactions and internal communications through a centralized API platform.

Gobby Collaboration

Gobby is a real-time collaborative text editor that allows multiple users to simultaneously edit documents over a network. Built upon the libobby library, it enables seamless editing with immediate updates, supporting group projects, code collaboration, and shared note-taking across platforms. Gobby's focus on simplicity and efficiency makes it a popular tool for developers, teams, and educational settings.

Microsoft DCOM

Port 1029 is frequently associated with Microsoft Distributed Component Object Model (DCOM) communications. DCOM enables software components to communicate directly across networked environments, predominantly within Windows operating systems. While this port is unofficial and dynamic, it's commonly observed during remote procedure calls and system management activities.

DameWare Remote Control

**DameWare Remote Control** is a remote administration tool primarily used for managing Windows systems. It enables IT administrators to access and troubleshoot remote endpoints, perform system maintenance, and offer support without needing physical access. Widely utilized in corporate environments, it streamlines IT workflows but requires careful security management due to its powerful access capabilities.

DTSPCD

DTSPCD (Distributed Terminal Server Process Controller Daemon) is a network service primarily used to remotely execute commands and launch applications on UNIX systems, notably those running CDE (Common Desktop Environment). It facilitates client-server interactions for remote desktop management, enabling administrative tasks and remote application control over a network. While originally designed to enhance remote system management capabilities, it has since fallen out of favor due to significant security vulnerabilities.

Rexec

Rexec (Remote Execution Daemon) is a service traditionally used on UNIX systems allowing users to execute commands on a remote machine over a network. It facilitates remote process execution by authenticating with a username and password sent in plain text, which poses significant security risks. While once commonly adopted in trusted internal environments for remote management, Rexec has largely been superseded by more secure technologies due to its inherent vulnerabilities.

Symantec pcAnywhere

Symantec pcAnywhere is a remote access tool that enables secure communications and control over another system, often used for remote support or administration. The port 5631 is utilized specifically for data transfer in versions 7.52 and later. Despite its usefulness, it has a history of security concerns and is largely considered legacy software today due to emerging, more secure remote access solutions.

XDMCP

The X Display Manager Control Protocol (XDMCP) is designed to facilitate remote graphical logins to UNIX and Linux systems running the X Window System. It allows clients on the network to discover graphical login managers and initiate sessions, providing an interface for users to access remote desktops seamlessly over a network.

Kerberos Remote Shell (kshell)

Kerberos Remote shell (kshell) is a network service port traditionally used to provide authenticated command execution between systems in a network using the Kerberos authentication protocol. It enhances the conventional rsh protocol by incorporating secure identity verification, enabling users to remotely execute commands on trusted hosts without transmitting plain credentials. Although designed to improve security, its practical use has diminished in favor of more robust modern alternatives.

GoToMyPC

GoToMyPC is a remote desktop service that provides users with the ability to access and control their computers from any internet-connected device. Utilizing a client-server model, it facilitates secure, convenient, and on-demand remote access suited for business and personal use. The service often uses port 8200 for client communications with GoToMyPC servers.

VTun VPN

VTun is a virtual tunneling software that creates encrypted and unencrypted VPN tunnels between remote systems, facilitating secure communication. It is primarily used to build secure private networks over the internet, leveraging techniques like tunneling and optional encryption to provide confidentiality, authentication, and data integrity. Though flexible and configurable, its default operation on port 5000 supports various link options including Ethernet and IP-level virtual links.

FileNet RPC

FileNet RPC is a remote procedure call service primarily used for facilitating communication between FileNet applications.

NetSupport Manager

NetSupport Manager is a popular remote control and management tool used across enterprise and educational environments for device monitoring, support, and classroom control. It facilitates seamless screen sharing, file transfers, messaging, and device management, streamlining administrative workflows and problem resolution.

RSH / REMSH

Remote Shell (rsh or remsh) is a legacy protocol designed to execute shell commands on a remote Unix system in a non-interactive fashion. It operates primarily over TCP, allowing administrators or automated systems to issue single commands remotely. Despite its historical usage, RSH is largely deprecated due to its insecure design, transmitting data in plaintext, including user credentials, posing significant security risks in modern network environments.

Netop Remote Control

*Netop Remote Control* is a remote administration tool by Netop Business Solutions, allowing IT teams to securely connect to and manage remote desktops and servers over TCP or UDP. Designed primarily for enterprise use, it provides features for support, troubleshooting, software deployment, and maintenance.

ProRat Server

**ProRat Server** is a commonly used backdoor tool known as a Remote Access Trojan (RAT). It enables unauthorized access and remote control over compromised Windows systems. Cybercriminals use ProRat to steal sensitive information, manipulate system settings, and perform malicious activities covertly, posing significant security risks.

rexd Daemon Control

Port 10017 has historically been associated with the 'rexd' remote execution daemon service, notably present on UNIX variants like AIX, NeXT, and HP-UX systems. This service enables the execution of commands on remote hosts, facilitating remote administration and automation. As a control port, it may manage or trigger functions related to remote code execution, although in modern systems, its use is rare and largely deprecated due to security concerns.

TR-069 CPE WAN Management

The TR-069 CPE WAN Management Protocol enables ISPs to remotely configure, monitor, and manage customer-premises equipment (CPE) like routers and modems. Widely used in broadband deployments, it facilitates automated provisioning and firmware updates, streamlining service delivery and support. While convenient, its exposure requires careful security management.

Remote Telnet

Port 107 is traditionally associated with the Remote Telnet service, providing remote login and command-line access to servers and network devices over plaintext connections. While Telnet was once widely used for managing networked systems, it has largely been replaced by more secure protocols such as SSH due to its lack of encryption, which poses a significant security risk when transmitting credentials and data. Nonetheless, some legacy systems or network devices may still use this port for diagnostic or management purposes in controlled environments.

ONC RPC (SunRPC)

ONC RPC (SunRPC) is a protocol developed by Sun Microsystems enabling remote procedure calls over a network. It serves as the foundational communication method for Network File System (NFS) and other distributed network services on UNIX systems. It supports both TCP and UDP transports to facilitate flexible and efficient inter-process communication between clients and servers in heterogeneous environments.

NetSupport Manager

NetSupport Manager is a remote control software solution widely used by enterprises and educational institutions for remote desktop management, classroom control, and IT support. It enables administrators and teachers to connect to and control multiple endpoints seamlessly over a network, providing a versatile toolset for system management, troubleshooting, and collaboration.

EMCADS

EMCADS is a proprietary communication service developed by Giritech for its G/On product suite. The service facilitates remote access and secure communication pathways between client endpoints and organizational resources, centralizing management while maintaining flexibility. It operates over both TCP and UDP, ensuring adaptability across network environments and providing robust connectivity options.

Sophos RMS

Sophos Remote Management System (RMS) allows administrators to remotely manage, update, and monitor Sophos security products across an enterprise. It leverages a proprietary communication protocol to facilitate command delivery, status reporting, and policy update enforcement between endpoint agents and the management console.

OpenCORE Remote Control

OpenCORE Remote Control Service is a proprietary protocol used to remotely manage or control OpenCORE systems. This service typically facilitates command execution, system monitoring, and configuration management over the network, providing administrators with flexible remote access to OpenCORE-enabled devices. Though versatile, this port's open state represents both an asset and a risk, depending on how well it is secured.

Kaseya

**Kaseya** is a remote monitoring and management (RMM) solution widely used by managed service providers (MSPs) and IT departments. It enables centralized management of workstations, servers, network devices, and software deployment, streamlining IT operations from a single console.

NCA over OpenSSH

Network Console on Acid (NCA) over OpenSSH provides a way to redirect local TTY consoles over secure SSH tunnels, enabling remote system management while leveraging encrypted communications for enhanced security.

Sophos RMS

Sophos Remote Management System (RMS) is a proprietary communication channel utilized by Sophos security products for centralized management and command relay between managed endpoints and the Sophos Enterprise Console. This port facilitates the distribution of security policies, event notifications, and status updates, enabling administrators to efficiently oversee endpoint protection across enterprise networks.

Background File Transfer Program

The Background File Transfer Program (BFTP) is a command-line utility designed for secure and efficient transfer of files between a local system and remote hosts. Commonly integrated with Microsoft Remote Desktop services, it streamlines background data synchronization and remote file management using encrypted channels. BFTP’s integration with Secure Shell (SSH) offers a secure environment ideal for enterprise deployments requiring automated and unattended background file transfers without manual intervention.

Timbuktu Service Port

Port 1420 is used by Timbuktu Pro, a suite of remote control and file transfer software primarily designed for remote desktop and support purposes on older macOS and Windows systems. This port facilitates network connectivity between the client and server components, enabling secure communication of control commands and data transfers.

Conserver Console Management

Conserver is a serial console management server that enables centralized, remote, and persistent access to serial console ports on network devices and servers. It facilitates troubleshooting and maintenance by logging console output and providing access even during system failures or unresponsive states. Designed mainly for data centers and network operations, it ensures administrators can manage multiple devices efficiently and securely over the network.

Citrix ICA

Port 1494 is primarily used for the Citrix Independent Computing Architecture (ICA) protocol, which facilitates remote desktop connectivity within Citrix XenApp and XenDesktop environments. ICA enables thin clients to connect efficiently to applications and desktops hosted on centralized servers, optimizing bandwidth and providing a seamless user experience.

Timbuktu Service Port 3

Port 1419 is associated with Timbuktu Pro, a legacy remote access and management tool primarily used on Macintosh and Windows systems. It allows users to control remote desktops, transfer files, and conduct chat sessions between machines. This port specifically is related to one of the Timbuktu service channels facilitating these communications.

Timbuktu Remote Control

Timbuktu was a popular remote desktop and remote administration tool, primarily used on Windows and Macintosh systems in the 1990s and early 2000s. Port 1417 is one of several ports associated with Timbuktu's operational services, facilitating communication between host and client for remote access functions. Its use has largely declined with the advent of newer remote desktop solutions.

VMware Remote Console

VMware Remote Console (VMRC) enables users to remotely access and manage virtual machines hosted on VMware infrastructure, providing full console access with mouse and keyboard control for administration and troubleshooting purposes.

SupportSoft Nexus Remote Command

Port 653 is commonly associated with SupportSoft's Nexus Remote Command, which facilitates remote management and diagnostic functions through proxy gateway mechanisms. This port supports both TCP and UDP protocols, enabling flexible communication between remote administration clients and managed systems. Although primarily legacy software, it enables centralized support by routing remote control traffic efficiently.

ConsoleWorks UI

Port 5176 is used by ConsoleWorks, a centralized management platform focused on secure remote access, device management, and event logging within critical infrastructure environments. This port typically hosts the application's web-based user interface, allowing administrators to configure systems, monitor events, and review access logs through an intuitive dashboard.

Timbuktu Service 2

Port 1418 is primarily associated with the Timbuktu remote control software, used historically for remote desktop administration on Windows and Mac systems. This port facilitates communication between the Timbuktu client and server components to manage remote connections, transfer files, and perform systems management tasks securely and efficiently.

Raven RMC

Raven Remote Management Control (RMC) is a proprietary protocol used for the remote monitoring and administration of network devices manufactured under the Raven product line. It facilitates configuration management, diagnostics, and status monitoring of devices deployed in distributed environments where direct physical access is limited. The protocol is commonly used in industrial, commercial, and telecommunications settings that require robust remote device maintenance capabilities.

Raven Remote Management

**Raven Remote Management** is a service port designed for remote monitoring and management of equipment deployed primarily in industrial, telecommunication, or IoT settings. It enables users or network operators to remotely configure, monitor, control, and diagnose connected devices, supporting more resilient infrastructure management without requiring direct physical access.

Zenworks Remote Control

Novell Zenworks Remote Control utilizes port 1761 to facilitate remote desktop management of client computers within enterprise environments. It is primarily used by IT administrators to troubleshoot, configure, and manage endpoints remotely through the Zenworks platform.

DTCP

Dynamic Tunnel Configuration Protocol (DTCP) facilitates the dynamic establishment, maintenance, and termination of network tunnels such as VPNs, enabling efficient, flexible, and automated secure communication channels within large or complex networks.

PlayStation Remote Play

Port 9293 is primarily associated with Sony's PlayStation Remote Play service, enabling users to remotely connect and stream gameplay from their PlayStation console to compatible devices across a network or over the internet. The service facilitates a seamless remote gaming experience by transmitting video and input controls between the console and client device.

Netop School

Netop School by Netop Business Solutions is an interactive classroom management software which facilitates communication and collaboration between teachers and students across a network. It allows for remote supervision, screen sharing, application control, and digital lesson delivery to enhance teaching in educational environments.

SupportSoft Nexus RCP

SupportSoft Nexus Remote Command Protocol (RCP) is employed as a proxy gateway to facilitate communication between remote support systems and client devices. Designed primarily to enable remote diagnostics and management, this port acts as a control point for relaying traffic and commands securely within support infrastructures. It allows technical support personnel to execute commands and access critical system information, improving efficiency during troubleshooting sessions.

Netop School

Netop School is an educational software solution developed by Netop Business Solutions designed to facilitate classroom management and interactive teaching. It allows teachers to monitor, control, and communicate with student devices to enhance the learning experience. The service uses UDP port 6503 for communication between the instructor’s and students’ systems.

Sub7

Port 27374 is notoriously associated with Sub7, a popular remote administration trojan from the late 1990s and early 2000s. Sub7 enables a malicious actor to gain covert control of infected Windows machines, allowing unauthorized access, data theft, and remote manipulation. Although its prevalence has declined, the port remains a common scan target for cybercriminals attempting to identify backdoored systems.

Netop Remote Control

Netop Remote Control by Netop Business Solutions is a remote desktop and administration tool designed to provide secure and efficient remote access and support services. Widely used in enterprise environments, it allows IT staff to troubleshoot issues, manage devices, and offer remote assistance seamlessly across various platforms.

Westell Remote Access

Westell Remote Access is primarily associated with remote management services for Westell broadband networking devices. It facilitates configuration, monitoring, and troubleshooting of Westell hardware over a network, typically by service providers or administrators. The protocol supports device firmware updates and status queries, aiming to streamline operations and reduce on-site visits.