1. Ports
  2. Port 2842

Port 2842: l3-hawk — A Defense Contractor's Ghost Registration

Port 2842 is registered with IANA under the service name l3-hawk, assigned to both TCP and UDP. The registrant is Dolores Scott of L-3 Security (now part of L3Harris Technologies), a major American defense and security contractor known for airport scanning equipment, explosives detection systems, and classified government programs.1

The IANA description for this service is: "l3-hawk."

That is the entire description.

What We Know

The range. Port 2842 falls in the registered port range (1024–49151). These ports are officially tracked by IANA, and organizations can submit registrations to claim one for a specific service. Unlike well-known ports (0–1023), registered ports don't require special OS privileges to open—any process can bind to them. The registration is a coordination mechanism, not enforcement.

The company. L-3 Security & Detection Systems was a division of L-3 Communications, a defense contractor with contracts across the U.S. military, DHS, and TSA. Their products included full-body scanners, X-ray systems, and threat detection platforms deployed in airports worldwide. In 2019, L-3 merged with Harris Corporation to form L3Harris Technologies.2

The "Hawk." L-3's product lines often carried bird-of-prey names. Whether "l3-hawk" refers to a specific scanning platform, a backend management protocol for detection hardware, or an internal service for a classified system, no public documentation exists. The registration was made, the port was claimed, and the paper trail ends there.

No known unofficial uses. Port 2842 doesn't appear in threat databases as commonly exploited, nor in open-source software as a default port. It's genuinely quiet.

What Unassigned (and Barely Assigned) Ports Reveal

The registered port space is full of registrations like this one—ports claimed by organizations for internal systems that never became products, products that were discontinued, or infrastructure that was never meant to be public. IANA's registry is a historical record as much as a coordination document. Some entries are active and well-documented. Others are fossils.

Port 2842 is a fossil. It's proof that someone at L-3 Security, at some point, needed a port for something they called "hawk."

How to Check What's Listening on This Port

If you see traffic on port 2842 on your network, it almost certainly has nothing to do with l3-hawk. More likely it's:

  • Custom application software using an arbitrary registered port
  • Development or test services bound to a convenient high port
  • Potentially unwanted software—worth investigating
# Linux / macOS: see what process owns port 2842
sudo lsof -i :2842

# Or with netstat
sudo netstat -tlnp | grep 2842

# Windows: check with netstat
netstat -aon | findstr :2842
# Then look up the PID in Task Manager

السابق

Port 2841: l3-ranger — A Name Without a Protocol

التالي

Port 2843: PDnet — A registered ghost

هل كانت هذه الصفحة مفيدة؟

😔
🤨
😃