Port 754 is officially assigned to the "tell send" protocol but widely used in practice for Kerberos database propagation (krb5_prop). A reminder that what the registry says and what actually runs on the Internet are sometimes two different things.
What Port 754 Is (Officially)
According to IANA, port 754 is assigned to a service called tell with the description "send," registered to Josyula R. Rao from IBM Research.1 The assignment covers both TCP and UDP.
This appears to be related to early Unix messaging systems—the family of commands that included write, wall, and talk for sending messages between logged-in users.2 But documentation about the "tell send" protocol is sparse, and it's rarely seen in modern systems.
What Port 754 Is (In Practice)
In the real world, port 754/tcp is widely used for krb5_prop—the Kerberos v5 slave propagation service.3
When you run multiple Kerberos servers (a primary KDC and replica KDCs), the primary needs to push database updates to the replicas. That's what krb5_prop does. The kpropd daemon listens on port 754/tcp, waiting for the primary server to connect and transfer the updated Kerberos database.4
Here's the strange part: krb5_prop was never officially registered with IANA for port 754.5 There's even a ticket in the MIT Kerberos bug tracker acknowledging this—the port is in use, documented in firewall guides, included in /etc/services on Linux systems, but never formally assigned.
So port 754 lives two lives: one in the official registry, one in production Kerberos deployments.
Why This Matters
Port 754 is a window into how the Internet actually works versus how we pretend it works.
The IANA registry is supposed to be the authoritative source—the list of who's using what port for what purpose. But the reality is messier. Protocols get deployed. Ports get chosen. Systems go into production. And sometimes the paperwork never quite catches up.
For decades, Kerberos administrators have configured firewalls to allow port 754/tcp for database propagation. The protocol works. The port is documented. But officially? It's still assigned to "tell send," a protocol from the early days of Unix that most people have never heard of.
Security Considerations
If you're running Kerberos with replica KDCs, you need to allow port 754/tcp between your primary and replica servers. The connection is authenticated using Kerberos principals, so an attacker can't just connect and push a fake database—but you should still restrict access to trusted KDC IP addresses.6
If you're not running Kerberos, port 754 should be closed. There's no reason for it to be listening.
How to Check What's Using Port 754
On Linux or macOS:
On Windows:
If you see kpropd listening, you're looking at a Kerberos replica KDC. If you see nothing, the port is closed—which is what you want if you're not running Kerberos infrastructure.
Related Ports
- Port 88 — Kerberos authentication (kdc)
- Port 749 — Kerberos administration (kadmin)
- Port 464 — Kerberos password changing (kpasswd)
Port 754 is part of the Kerberos ecosystem, even if the registry doesn't quite reflect that.
The Quiet Collisions
The Internet is built on layers of these quiet collisions—places where official assignments and actual practice don't quite align. Port 754 isn't broken because of this. Kerberos works. "Tell send" (whatever it was) has faded into history. The registry says one thing, the /etc/services file says another, and somehow it all keeps running.
This is how infrastructure actually evolves. Not through perfect planning, but through working systems that get deployed and then, eventually, documented—or not.
ئایا ئەم پەڕەیە بەسوود بوو؟