What Port 3535 Is
Port 3535 sits in the registered ports range (1024–49151), the middle tier of the port numbering system where IANA tracks assignments for applications and services that have formally requested a port number.
IANA lists port 3535 under the service name "ms-la" for both TCP and UDP.1 That name suggests a Microsoft product or internal protocol — the "MS" prefix is a common Microsoft convention — but no RFC, no public specification, and no official documentation has ever described what MS-LA actually does. The registration exists. The protocol, as far as public record is concerned, does not.
This makes port 3535 something specific: not unassigned, but effectively undocumented. The name is a placeholder that outlasted whatever it was pointing at.
The Three Port Ranges
Understanding where 3535 sits helps explain why it matters:
| Range | Ports | Who Controls It |
|---|---|---|
| Well-known | 0–1023 | IANA; requires root/admin to bind |
| Registered | 1024–49151 | IANA-tracked; anyone can use |
| Dynamic/ephemeral | 49152–65535 | Unregistered; used for temporary connections |
Registered ports like 3535 are a gray zone. They're documented enough to show up in scanners and port databases, but loosely enough controlled that the actual assignment may be meaningless in practice. An application doesn't need IANA permission to bind to port 3535 — it just needs to not conflict with whatever else is running.
Observed Uses
Two things show up in port databases for 3535:
SMTP alternate. Some sources note that certain mail configurations have used port 3535 as an alternative to the standard SMTP ports (25, 465, 587). This is informal — there's no standard that specifies it — but if you see port 3535 open on a mail server, this is the most likely explanation.2
Historical malware association. Security databases flag port 3535 as having been used by trojan activity at some point.3 This doesn't mean malware is likely using it on your system — trojans pick available ports opportunistically, and nearly every port in the registered range has been touched by something malicious at some point. It means port 3535 showing up in an unexpected context is worth a second look.
Checking What's on This Port
If port 3535 shows up in a scan or your monitoring, three commands tell you what you need to know:
On Linux/macOS:
On Windows:
The output will show the process ID (PID). Cross-reference that with your process list (ps aux on Linux, Task Manager on Windows) to identify what's actually running.
If nothing shows up, nothing is listening — the port is closed, which is the expected state for an unassigned port on most systems.
Why This Port Exists
The registered ports range was designed to prevent chaos: if every application picked arbitrary ports, conflicts would be constant and unpredictable. IANA coordinates assignments so that, in theory, port 3535 means one thing and not seventeen.
In practice, the system works better for well-known protocols than for registered ones. Port 443 means HTTPS everywhere. Port 3535 meaning "ms-la" means essentially nothing — the registration persists in databases long after whatever it represented became irrelevant.
This is normal. The registered range has thousands of entries, many pointing at software that was abandoned, renamed, or never widely deployed. Port 3535 is one of them: officially assigned, practically unclaimed.
هل كانت هذه الصفحة مفيدة؟