What Port 3646 Is
Port 3646 sits in the registered ports range (1024–49151) — the middle tier of the port numbering system, where applications and services claim space by registering with IANA. Unlike the well-known ports below 1024, registered ports don't require root privileges to bind, and unlike ephemeral ports above 49151, they're meant to be stable, named assignments.
IANA lists port 3646 as "XSS Server Port", registered in January 2003 by Joe Purcell.1
That name will make any security engineer do a double-take.
The Name Collision
XSS today is synonymous with Cross-Site Scripting — one of the most common web vulnerabilities, responsible for untold numbers of cookie thefts, session hijacks, and phishing attacks. If you told a modern security team you were opening "XSS Server Port," they would not be pleased.
But this registration predates that meaning taking hold. The OWASP Top Ten, which helped cement "XSS" as the standard abbreviation for Cross-Site Scripting, didn't exist in its current form until around 2003 — the same year this port was registered. The name was likely innocuous at the time.
Whatever "XSS" stood for in the context of Joe Purcell's 2003 application, it's not documented in any publicly available RFC or technical specification. The registration exists. The rationale does not.
What Actually Uses This Port
Practically nothing documented.
Port 3646 doesn't appear in nmap's service database, isn't referenced in any major protocol documentation, and generates no meaningful traffic analysis in publicly available datasets. This is not uncommon — many registered ports were claimed by applications that never shipped, never gained traction, or simply stopped being maintained.
If you see traffic on port 3646, it's almost certainly one of three things:
- Port scanning noise — automated scanners probe every registered port
- A private application using 3646 because it was convenient and available
- Something worth investigating — unexpected open ports deserve scrutiny
How to Check What's Listening
On Linux or macOS:
On Windows:
The process ID in the output will tell you which application has claimed the port. Cross-reference it with your process list and you'll know immediately whether it's something you put there.
Why Unassigned-in-Practice Ports Matter
The registered ports range was designed so applications could have stable, predictable addresses. In practice, the registry has accumulated thousands of entries for services that no longer exist, plus gaps where nothing was ever claimed.
Port 3646 represents a third category: officially named, genuinely obscure. The registration prevents another application from claiming the same number for something conflicting — but in 20+ years, nobody has built anything notable on top of it. It's a placeholder for a protocol that history forgot.
This is not unusual. Of the roughly 48,000 registered ports, most are silent most of the time. The Internet runs on a few hundred of them.
Frequently Asked Questions
Byla tato stránka užitečná?