Port 2220: The Registered Range — An Unassigned Port with a Famous Unofficial Life

What Range This Port Belongs To

Port 2220 sits in the registered ports range (1024–49151). This range is managed by IANA, the organization that coordinates global Internet numbering. Registered ports can be claimed by applications and protocols — but not every number in a range that large gets claimed.

Port 2220 is one of the unclaimed ones. IANA has no official service assigned to it.¹

That matters less than you might think. Unassigned ports aren't empty lots — they're available land. Any application, tool, or administrator can use them for whatever they need. The port number itself carries no protocol, no built-in behavior, no rules. It's just a number the operating system hands to whichever application asks for it.

What Actually Runs on Port 2220

OverTheWire Bandit — SSH on a Famous Port

The most widely observed use of port 2220 is probably known to anyone who has ever started learning security: OverTheWire's Bandit wargame runs its SSH server here.²

Bandit is a beginner-friendly security challenge. Players connect to a Linux server via SSH, solve puzzles to find passwords, and use those passwords to unlock the next level. The first command in the game is:

ssh bandit0@bandit.labs.overthewire.org -p 2220

Port 2220 was chosen because 22 — the standard SSH port — was already in use, and 2220 is close enough to be memorable. It's an unofficial use of an unassigned port, but it's probably introduced more people to SSH than most official documentation ever has.

NetIQ End2End — An Enterprise Monitoring Tool

Port databases often list port 2220 as associated with NetIQ End2End, an enterprise application monitoring product that simulates user transactions to measure application performance. Whether this reflects an actual assigned use or just observed traffic is unclear — IANA has no record of it.¹ If you see port 2220 open on an enterprise network, this is a plausible explanation.

SSH on a Non-Standard Port

Beyond Bandit, port 2220 appears occasionally as an alternative SSH port on servers where the default port 22 has been moved. This is a common administrative practice — moving SSH off port 22 reduces noise from automated scanners. Security professionals generally call this "security through obscurity": it stops casual bots, not determined attackers.

How to Check What's Listening on This Port

If you see port 2220 active on a system you manage, you can find out what's using it:

On Linux/macOS:

# Show the process listening on port 2220
ss -tlnp | grep 2220

# Or with lsof
lsof -i :2220

On Windows:

netstat -ano | findstr :2220

From outside the system (network scan):

nmap -sV -p 2220 <host>

The -sV flag tells nmap to probe the port and identify what service is actually running — not just whether the port is open.

Why Unassigned Ports Matter

The registered ports range contains 48,127 port numbers. Only a fraction are officially claimed. The rest exist in a practical gray zone: not reserved, not forbidden, just available.

This is actually how the Internet grows. New protocols need ports. New tools need ports. Rather than waiting for official assignment — a process that requires submitting documentation to IANA — administrators and developers pick available numbers that suit them. Some of these uses never get officially registered. Some become so common they effectively become standards anyway.

Port 2220 is a small example of this. It has no official owner, but it has a real identity — built by practice, not by committee.