Port 2671: Newlixreg — A Name Without a Story

What Range This Port Belongs To

Port 2671 is a registered port, sitting in the 1024–49151 range that IANA officially designates for services registered by software vendors and developers. These aren't the famous well-known ports (0–1023) that belong to HTTP, SSH, and DNS. They're the middle tier: claimed territory, officially logged, but without the same universal recognition.

Registered ports are supposed to have owners. A company or developer submits a request, IANA logs the service name, and the port is considered "taken" — reserved in the global namespace to prevent two different services from colliding on the same number.

The Name in the Registry

IANA lists port 2671 under the name newlixreg, assigned to both TCP and UDP.¹

That's where the trail ends.

There is no RFC. No public documentation. No known software that announces itself as "newlixreg." The name appears in port reference databases as a straight copy of the IANA record, with nothing added. It may be a registration artifact from a company that submitted the request, built nothing, and vanished. It may be an internal tool that was never publicly released. It may be a misspelling or placeholder that made it into the registry and was never corrected.

The IANA registry contains hundreds of entries like this — names that exist as claims with no accompanying explanation. The port system was designed to prevent collisions, not to guarantee that every registered name would ship real software.

If You See Something on This Port

If you find a process listening on port 2671 on your machine or network, it isn't "newlixreg." It's whatever software decided to use this port, officially or not.

To check what's listening:

On Linux or macOS:

# Show the process using port 2671
ss -tlnp | grep 2671
# Or with lsof:
lsof -i :2671

On Windows:

# Show all listening ports with process IDs
netstat -ano | findstr :2671
# Then look up the PID:
tasklist | findstr <PID>

If something unknown is listening here, investigate it. An unassigned or obscure port number is a reasonable place for malware to hide — it generates less attention than port 80 or 443.

Why Gaps in the Registry Matter

The registered port range contains over 48,000 numbers. Many are actively used by well-known software. Many more are registered but dormant — claimed years ago and never deployed. And some are genuinely unassigned, claimed by no one at all.

This creates a practical reality: in the registered range, a port number tells you less than you might hope. "It's registered" means someone once filed paperwork. "It's unassigned" means no one did. Neither tells you what's actually running on it right now.

The only way to know what's using a port is to look.