Port 3427: WebSphere SNMP — IBM's Application Server Monitoring Port

What This Port Does

Port 3427 is registered with IANA as websphere-snmp — the SNMP (Simple Network Management Protocol) port for IBM WebSphere Application Server. ¹

When you run WebSphere Application Server and enable its SNMP capability, the WebSphere SNMP agent starts listening on port 3427 (TCP and UDP). Network monitoring tools can then query this port to pull performance metrics, health data, and operational statistics from the WebSphere server using standard SNMP requests.

Why Not Just Use Port 161?

SNMP's standard port is 161. But that port is already used by the operating system's SNMP daemon — the one watching the host itself. WebSphere's SNMP agent is a separate process, watching the application server, not the machine. It needs its own port.

This is a common pattern in enterprise middleware: the application implements its own SNMP agent at a dedicated registered port so management software can query it alongside (not instead of) the OS-level agent. ²

The Port Range

Port 3427 falls in the registered port range (1024–49151). These ports require IANA registration but don't need root privileges to bind on most systems. They're the territory of application servers, databases, enterprise middleware, and purpose-built protocols — ports that are more likely to show up in a data center than on a home router.

Who Actually Uses This Port

Port 3427 appears in the wild on servers running IBM WebSphere Application Server (WAS) with the optional SNMP Capability installed and configured. This was a feature of older WebSphere versions (8.5.x, 9.0.x) used by large enterprises that managed Java applications through SNMP-based monitoring platforms. ³

In practice: if you see port 3427 listening on a server, there's a WebSphere instance nearby.

How to Check What's Listening

If you see port 3427 open on a system and want to know why:

On Linux/macOS:

# Show what process is listening on port 3427
ss -tlnp | grep 3427

# Or with lsof
lsof -i :3427

# Or with netstat (older systems)
netstat -tlnp | grep 3427

On Windows:

netstat -ano | findstr :3427
tasklist | findstr <PID>

If nothing is intentionally running WebSphere, an open port 3427 is worth investigating — like any unexpected listener.

Security Note

SNMP has a history of security problems. Community strings (SNMP's version of passwords) are often left at defaults (public, private), and older SNMP v1/v2c traffic is unencrypted. If WebSphere's SNMP agent is exposed beyond the management network, those queries — and the server data they carry — can be intercepted.

The recommendation: firewall port 3427 to monitoring infrastructure only. Don't expose it to the Internet.