Port 3084: ITM-MCCS — Registered, Unknown

What This Port Is

Port 3084 sits in the registered ports range (1024–49151). These ports are assigned by IANA to specific services upon request, distinguishing them from the well-known ports (0–1023) reserved for foundational protocols like HTTP, SSH, and DNS, and from ephemeral ports (49152–65535) that operating systems assign temporarily to outgoing connections.

In theory, registered ports have documented owners. In practice, some registrations are ghosts.

The ITM-MCCS Registration

According to the IANA Service Name and Transport Protocol Port Number Registry, port 3084 is assigned to a service called ITM-MCCS, registered in January 2005. The assignment covers both TCP and UDP. The contact on file is listed as Portnoy Boxman.

That is the entirety of the public record.

No RFC documents the protocol. No open-source project implements it. No vendor documentation describes it. Searching for "ITM-MCCS" turns up only port database mirrors repeating the same empty registration. Whatever it was — an internal enterprise tool, an abandoned product, a protocol that never shipped — it left no trace beyond its claim on this number.

What That Means in Practice

From the perspective of anyone encountering this port in the wild: it's unassigned. The registration exists, but the port carries no recognized traffic pattern, no known implementation, nothing to distinguish it from the vast silence of unclaimed registered space.

Security scanners sometimes flag port 3084 as having historical associations with malware — a common side effect of obscure registered ports being repurposed opportunistically by software that needs a number nobody is watching.¹

What Might Actually Be Listening

If you see traffic on port 3084, it's almost certainly one of these:

• Application-specific software that chose this port arbitrarily or from a configuration file
• Development or testing services running locally
• Misconfigured software using a hardcoded port
• Malware or unauthorized software using an obscure port to avoid detection

None of these are the documented ITM-MCCS service.

How to Check What's Using This Port

On Linux or macOS:

ss -tlnp | grep 3084
# or
lsof -i :3084

On Windows:

netstat -ano | findstr :3084
# Then look up the PID:
tasklist | findstr <PID>

If something is listening, the process name will tell you more than the port number ever could.

Why Unassigned Ports Matter

The registered port range contains 48,128 numbers. Many are actively used. Many more are held by registrations like this one — names without implementations, contacts who may no longer exist, protocols that never launched or quietly died. The port ecosystem has real entropy.

This matters for security: attackers know that obscure registered ports get less scrutiny than well-known ones. A process listening on port 3084 draws less attention than one on port 80. If you didn't put something there, finding it is worth investigating.