Port 1162: Health-trap — The unprivileged SNMP trap port

What Runs on This Port

Port 1162 is officially assigned to health-trap by IANA¹—a service that receives SNMP (Simple Network Management Protocol) trap notifications for network and system health monitoring. It carries the exact same protocol as the standard SNMP trap port (162), just at a different address.

SNMP traps are unsolicited alerts that network devices send when something significant happens: an interface goes down, temperature exceeds thresholds, disk space runs low, or a security event occurs. They're the way infrastructure tells monitoring systems "something just happened."²

Why Port 1162 Exists

This port exists because of a Unix permission constraint that's been in place since the 1980s.

On Unix and Linux systems, binding to ports below 1024 requires root privileges. The standard SNMP trap port is 162—well below that threshold. This creates a problem: monitoring software that needs to receive health alerts must either run as root (a security risk) or find another way.

Port 1162 is that other way. It's the same protocol, moved exactly 1000 ports higher, where any process can listen without elevated permissions.³

How It Works

When network devices send trap notifications:

1. Standard deployment: Devices send traps to UDP port 162 on the monitoring server
2. Non-privileged deployment: Devices send traps to UDP port 1162 instead
3. The protocol is identical: SNMPv1, SNMPv2c, or SNMPv3 trap messages, just delivered to a different port

The monitoring software on the receiving end doesn't care which port it listens on—it's configured to bind to whichever port the administrator chooses. Port 1162 became a common convention because it's memorable (162 + 1000) and falls in the registered port range where IANA officially assigned it.

Real-World Usage

Port 1162 appears in several enterprise monitoring contexts:

Oracle Enterprise Manager Ops Center uses port 1162 for receiving trap notifications and fault management alerts from managed assets.⁴

Edge Delta and other log aggregation platforms support configuring SNMP trap receivers on custom ports above 1024, with 1162 being a common choice.⁵

Zabbix, Nagios, and similar monitoring systems allow administrators to configure non-standard trap ports when running without root privileges.⁶

The Permission Problem

Why does Unix restrict ports below 1024? Historical security. In the 1980s, only trusted system services were supposed to bind to well-known ports. If you connected to port 80, you could trust it was actually the system's web server, not some random user's program pretending to be one.

This made sense when multi-user Unix systems were shared among people who didn't all trust each other. It makes less sense on modern single-tenant servers, but the restriction remains.

Port 1162 is infrastructure adapting to that constraint.

Security Considerations

SNMP trap receivers should be configured carefully. Traps can contain sensitive information about network topology, device health, and security events. Configure firewalls to allow trap traffic only from known, trusted devices.

SNMPv1 and SNMPv2c traps use community strings (essentially passwords) sent in cleartext. If you're using port 1162 for trap reception, prefer SNMPv3 with authentication and encryption, or ensure the network path is already secured.⁷

Running without root privileges is generally safer than running as root, which is the entire reason port 1162 exists. But don't assume non-privileged automatically means secure—the application still needs proper input validation and access controls.

Checking What's Listening

To see if something is listening on port 1162 on your system:

Linux/Mac:

sudo lsof -i :1162
# or
sudo netstat -tulpn | grep 1162

Windows:

netstat -ano | findstr :1162

If you see a process bound to UDP port 1162, it's likely an SNMP trap receiver or monitoring agent.

Related Ports

• Port 162 (UDP) — Standard SNMP trap port, requires root/administrator privileges
• Port 161 (UDP) — SNMP query port (manager queries agents)
• Port 705 (TCP/UDP) — AgentX, SNMP agent extensibility protocol

Why Unassigned Ports Matter

Port 1162 isn't unassigned—it has an official IANA assignment to "health-trap." But the broader principle applies: the registered port range (1024-49151) exists so that common services have predictable, non-privileged addresses.

Without this range, every monitoring system would pick a random high port, and network administrators would need to consult documentation for every vendor's arbitrary choices. Registered ports create consistency. Port 1162 means "SNMP traps, non-privileged" to anyone who's configured enterprise monitoring.