Port 2360: Unassigned — An empty lot in the registered range

What Range This Port Belongs To

Port 2360 sits in the registered ports range (1024–49151). IANA maintains this range and assigns port numbers to specific services by request — things like MySQL on 3306, PostgreSQL on 5432, or Redis on 6379. Most ports in this range have an official occupant.

Port 2360 does not. IANA lists it as unassigned.¹

That doesn't mean it's unused. It means no one has claimed it officially.

Unofficial Uses

Two things show up in security research for port 2360:

NDMP-over-SSL (backup software). Some network-attached storage vendors and backup tools have used port 2360 informally for encrypted NDMP (Network Data Management Protocol) connections — the protocol that coordinates backup and recovery between storage devices. This isn't an official IANA assignment, just a convention some vendors adopted.²

Historical malware association. Security databases flag port 2360 as having been used by trojan or malware communication at some point.³ No specific active malware family is widely documented using it today, but the flag exists. An unexpected open port in this range, especially one with no obvious legitimate application, warrants investigation.

How to Check What's Listening

If you find port 2360 open on a system, these commands will tell you what process owns it:

Linux / macOS:

# Show process listening on port 2360 (TCP)
sudo ss -tlnp sport = :2360

# Or with lsof
sudo lsof -i TCP:2360

Windows:

netstat -ano | findstr :2360

The output will give you a process ID (PID). From there:

# Linux/macOS - find the process name
ps aux | grep <PID>

# Windows - find the process name
tasklist | findstr <PID>

If you don't recognize the process, that's your answer.

Why Unassigned Ports Matter

The 65,535 available ports aren't all spoken for. Thousands in the registered range sit empty — officially unclaimed but practically available to any application that wants them.

This creates a useful ambiguity. Legitimate software uses unassigned ports all the time: developer tools, enterprise applications, proprietary protocols that never bothered to register with IANA. So does malware. An unassigned port is exactly where you'd want to run a backdoor — no official service to impersonate, no baseline behavior to deviate from.

The registered range exists to bring order to this. When a service registers a port, it creates an expectation: traffic on that port should look like this, come from these applications. Unassigned ports have no such expectation. They're harder to monitor, easier to hide in.

Port 2360 being unassigned means any traffic on it exists outside the normal map. Which is worth knowing.