Port 2166: Unassigned — A Registered Port with No Official Tenant

What Range This Port Belongs To

Port 2166 falls in the registered port range (1024–49151), also called the user port range. This is the middle tier of the port numbering system:

• Well-known ports (0–1023): Reserved for foundational Internet services. HTTP, HTTPS, SSH, DNS, SMTP — these live here. Assigning anything in this range requires IANA approval and serious justification.
• Registered ports (1024–49151): Available for applications to claim by registering with IANA. No formal registration is required to use a port in this range, but registration creates an official record and prevents conflicts.
• Dynamic/ephemeral ports (49152–65535): Handed out temporarily by operating systems for outbound connections. No registration, no permanence.

Port 2166 is in that middle tier — a port that could be officially assigned, but hasn't been. IANA's registry lists no service name for it.¹

The "iwserver" Label

Third-party port databases tag port 2166 with the label iwserver.² This turns out to be less informative than it sounds.

Two different enterprise software products share the "iwserver" name:

• iWay Service Manager (from Information Builders / TIBCO) — a middleware integration platform. Its administrative service, also called iwserver, typically listens on port 9000, not 2166.
• OpenText TeamSite — an enterprise web content management system. Its server process is called IWServer and corresponds to a shared network drive, not a TCP listener on a specific port.

Neither product appears to have formally registered port 2166 with IANA, and neither clearly uses 2166 as a primary or documented port. The association in third-party databases likely originated from someone observing traffic on this port in the wild and making an educated guess.

That's how a lot of unregistered port associations work: one observation, one guess, copied across databases for twenty years.

Security Note

Some older port scanners and security tools flag port 2166 as historically associated with malware — not because a specific, named trojan claimed it, but because malicious software has been observed using it opportunistically. Unassigned ports in the registered range are occasionally attractive to malware precisely because they're unlikely to be monitored.

If you see unexpected traffic on port 2166, investigate it. Don't assume it's benign because there's no famous threat tied to it. And don't assume it's malicious just because a database says "trojan (historical)."

How to Check What's Listening on This Port

On Linux or macOS:

ss -tlnp | grep 2166
# or
lsof -i :2166

On Windows:

netstat -ano | findstr :2166

Then match the process ID to an application:

tasklist | findstr <PID>

With nmap (from another machine):

nmap -sV -p 2166 <target-ip>

The -sV flag attempts to identify the service version, which can help clarify what's actually running.

Why Unassigned Ports Exist

The IANA registry has 48,127 ports in the registered range. Thousands are assigned. Thousands more have been requested and then abandoned. And thousands — like port 2166 — simply sit unclaimed.

This isn't a problem. The port system doesn't require every number to have an owner. Unassigned ports are just... available. Applications can use them without registration, software can listen on them by default, and operators can open or block them at will.

The registry exists to prevent conflicts between well-known services, not to govern every port on every system. Port 2166 being unassigned means it's genuinely open territory — which is either convenient or concerning, depending on what you find there.