Port 1815: MMPFT — A Door with No Public Key

What This Port Is

Port 1815 is assigned to MMPFT — Manufacturing messaging protocol for factory transmission — on both TCP and UDP. IANA registered this assignment on June 12, 2024, making it one of the more recent additions to the registered port range.¹

That's roughly the extent of what's publicly known about it.

There is no public RFC. No open specification. No open-source implementation. The registrant is a private party (listed in the IANA registry as Ralf Muckenhirn, info&muckenhirn.net). This appears to be a proprietary industrial protocol used in manufacturing environments — the kind of thing that runs on factory floors, not on the public Internet.

What Range It Lives In

Port 1815 sits in the registered port range (1024–49151). This range is where IANA records assignments for specific services and applications — not the famous well-known ports (0–1023) that require root privileges, but not the purely ephemeral ports (49152–65535) assigned on the fly by operating systems.

Registered ports can be used by any process on most systems, without special privileges. They're meant to be "reserved" for their assigned service, but in practice, nothing enforces this. Software can — and does — listen on any port it wants.

The neighborhood matters here. Port 1812 is RADIUS authentication. Port 1813 is RADIUS accounting. Port 1814 is RADIUS change of authorization. Then 1815: a private factory protocol, registered quietly in 2024. The ports near an unassigned number often tell you more than the port itself.

Will You Ever See This Port?

Almost certainly not, unless you work with Muckenhirn's industrial systems. This port won't appear in home networks, cloud infrastructure, or typical enterprise environments. If you see traffic on port 1815 somewhere unexpected, it's not MMPFT — it's something else using the port opportunistically.

How to Check What's Listening

If you see port 1815 open on a system and want to know what's actually using it:

On Linux/macOS:

# Show the process listening on port 1815
ss -tlnp | grep 1815
# or
lsof -i :1815

On Windows:

netstat -ano | findstr :1815

The process name or PID will tell you what's actually there — which will almost certainly not be a manufacturing messaging protocol.

Why Unassigned (and Obscure) Ports Matter

The port system is a shared namespace. Every port number from 0 to 65535 exists once, and whatever claims it first in a given context wins. Unassigned and obscurely-assigned ports matter for two reasons.

First, malware and unauthorized services love quiet ports. A process that needs to communicate without attracting attention picks a port number that nobody monitors. An obscure registered port is ideal cover — it looks legitimate in a port scan, but nobody knows what legitimate traffic looks like on it.

Second, collisions happen. Two different pieces of software can independently choose the same port. If that software ends up on the same machine, one of them fails to bind. Understanding which ports are "spoken for" — even by obscure industrial protocols — helps administrators avoid conflicts.

Port 1815 has a name now. Whether anything real runs on it outside a specific factory context remains an open question.