What IANA Says
Port 2985 is officially registered with IANA for HPIDSAGENT — HP IDS Agent — on both TCP and UDP. The registration lists John Trudeau as the contact. That's roughly the entirety of the public record.1
No RFC governs this port. No HP support document explains its wire protocol. No deployment guide describes when or why it opens. The IANA entry exists; the documentation behind it does not.
What HP IDS Agent Probably Is
HP's enterprise server ecosystem — Insight Management Agents, Systems Insight Manager, and related tools — uses a constellation of ports for agent communication. HPIDSAGENT appears to be part of that world: a component that runs on HP servers to support management, monitoring, or intrusion detection functions.
HP's Insight Management Agents are documented as using ports in the 2300s range (2301, 2381) for web interfaces.2 Port 2985 likely served a backend agent channel in the same family — something that talks between managed servers and a management console, probably not exposed to the public Internet.
Whether this service is still deployed anywhere is unclear. HP's enterprise management stack has been reorganized multiple times since the agent ecosystem was built.
What Range This Port Belongs To
Port 2985 sits in the registered port range (1024–49151). This range is for services that have claimed a port number with IANA — they're not system services requiring root privileges (like well-known ports below 1024), but they're also not the ephemeral throwaway ports that operating systems use for outgoing connections (49152–65535).
A registration means someone filed paperwork. It doesn't mean the software is widely deployed, actively maintained, or that you'll ever encounter it.
Security Notes
Some port databases flag 2985 as having appeared in trojan or malware contexts.3 This is not unusual — malware authors scan for registered-but-quiet ports specifically because they're less likely to be monitored. A port associated with obscure enterprise software makes decent cover traffic.
If you see unexpected activity on port 2985 on a non-HP system, treat it with suspicion.
How to Check What's Listening
On Linux or macOS:
On Windows:
The process ID in the output will tell you exactly what has claimed the port. On an HP enterprise server, it might be a legitimate management agent. Anywhere else, investigate.
Byla tato stránka užitečná?