What Runs on Port 3544
Port 3544 UDP is Teredo. Specifically, it's where Teredo servers listen for clients trying to establish IPv6 connectivity through a NAT device.
Teredo is a tunneling protocol that wraps IPv6 packets inside IPv4 UDP datagrams, letting a device behind a NAT router (which speaks only IPv4) communicate with the IPv6 Internet. The server sitting on port 3544 is the translator — the thing that hands your device an IPv6 address and helps route packets in and out.
This port isn't officially assigned by IANA, but it's so thoroughly associated with Teredo that it functions as a de facto standard. RFC 4380 defines it explicitly.1
The Problem Teredo Solved
By the early 2000s, the Internet had a problem: it was running out of IPv4 addresses, IPv6 was ready to replace them, but NAT was everywhere. NAT lets dozens of devices share a single public IPv4 address — which solved the address shortage short-term but created a new problem. NAT devices don't speak IPv6. They only know IPv4.
So you had a situation where the new addressing system existed, but most devices couldn't reach it because they were stuck behind old hardware that didn't know the new system existed.
Teredo's answer: don't fix the NAT. Tunnel through it. Wrap your IPv6 packets in UDP, which NAT understands, send them to a Teredo server on port 3544, and let the server unwrap and forward them. From the NAT's perspective, it's just regular UDP traffic. From the IPv6 perspective, you have full connectivity.
Who Built It
Christian Huitema, then at Microsoft, designed Teredo. He named it after the Teredo navalis — a shipworm that bores tunnels through wood. The protocol tunnels through NAT. He was being literal.
The IETF standardized it as RFC 4380 in February 2006.1 Microsoft shipped it as a built-in feature of Windows Vista, Windows 7, and Windows 8, enabled by default. For years, if you ran Windows, you were almost certainly running Teredo without knowing it.
How the Handshake Works
- Your Teredo client sends a UDP packet to a Teredo server on port 3544
- The server responds with a Teredo IPv6 address — one that encodes your public IPv4 address and NAT port into the address itself
- Your device now has an IPv6 address it can use
- When another IPv6 device wants to reach you, it sends packets to that address, which route back through the Teredo server, which wraps them in UDP and delivers them through your NAT
The elegance is in the address encoding. By embedding the NAT mapping into the IPv6 address, Teredo makes the return path discoverable without any additional lookup.
The Security Concern
Teredo attracted serious scrutiny because it creates an IPv6 path through NAT that many firewall administrators don't know exists.
Your firewall might be configured to block incoming connections. But if Teredo is running, you have an IPv6 address reachable from the IPv6 Internet — and your firewall may not have any rules for IPv6 at all. Researchers at Black Hat 2007 demonstrated that Teredo could be used to reach machines that administrators believed were protected.2
This is the genuine tension: Teredo was built to solve a real problem (IPv6 reachability through NAT), but it does so by creating connectivity that bypasses assumptions about network isolation.
Current Status
As native IPv6 deployment spread, Teredo became less necessary. Microsoft disabled Teredo by default starting in Windows 10 version 1803 (April 2018). Most modern routers support IPv6 natively, and ISPs have been rolling out IPv6 for years.
Teredo isn't gone — it's still present and can still be enabled — but it's no longer the automatic background process it once was. If you see traffic on port 3544, it's either legacy Teredo activity or something that explicitly enabled it.
Check What's Using This Port
macOS / Linux:
Windows:
To check your Teredo status on Windows:
If Teredo is active, you'll see your Teredo server address, your assigned IPv6 address, and the current NAT type.
Frequently Asked Questions
Беше ли полезна тази страница?