Port 3713: TFTP over TLS — The Protocol Nobody Adopted

What This Port Is

Port 3713 is registered with the Internet Assigned Numbers Authority (IANA) under the service name tftps - TFTP over TLS.¹ Both TCP and UDP are listed. The registration dates to March 2003.

You will almost certainly never encounter it in the wild.

The Story Behind It

TFTP (Trivial File Transfer Protocol) runs on port 69. It has been carrying files across networks since 1980.² The protocol's design philosophy was radical minimalism: no authentication, no directory listing, no encryption, no session state. You ask for a file. You get a file. That's it.

This simplicity made TFTP useful for specific tasks where you need to transfer a file before a full OS is running - booting diskless workstations, loading firmware onto network equipment, delivering OS images during PXE boot. In those contexts, TFTP's stripped-down nature is a feature, not a bug.

But "no encryption, no authentication" is also a genuine security problem. Someone in 2003 had a reasonable idea: keep TFTP's simplicity, but wrap the connection in TLS. Register port 3713 for this secured variant. Problem solved.

Except the world had a different answer: SFTP (port 22).

SFTP - the SSH File Transfer Protocol - was already secure, already widely deployed, already supported by everything. Adding TLS to TFTP created a hybrid that satisfied neither camp. The people who needed TFTP's simplicity for network booting didn't need encryption at that layer. The people who needed secure file transfer just used SFTP. Port 3713 landed in a gap where nobody was standing.

What You'll Actually Find Here

Nothing official. If you see traffic on port 3713, it's either:

• A misconfigured application using it as an arbitrary high port
• Custom internal software that picked it without checking the registry
• Something that should probably be investigated

How to Check What's Listening

On Linux/macOS:

ss -tlnp | grep 3713
# or
lsof -i :3713

On Windows:

netstat -ano | findstr :3713

With nmap (remotely):

nmap -sV -p 3713 <target>

Why Registered-But-Unused Ports Matter

The registered port range (1024-49151) contains thousands of ports like 3713: technically claimed, practically abandoned. A registration in the IANA registry doesn't mean software was ever built, deployed, or maintained. It means someone filled out a form.

This matters because that registration still occupies the namespace. If you're choosing a port for internal software, checking IANA first prevents collisions with anything that might actually be in use on that number - even if the chance of collision is small.

For port 3713 specifically: the registration is real, the service is not.