Port 559 belongs to the well-known ports range (0-1023), the territory reserved for system services assigned by IANA. It's officially registered to a protocol called TEEDTAP.
What TEEDTAP does is a mystery. What TEEDTAP stands for is unknown. Whether TEEDTAP was ever actually implemented is unclear.
What We Know
Port 559 is assigned to TEEDTAP for both TCP and UDP.1 That's what the IANA registry says. That's all the IANA registry says.
There's no RFC documenting TEEDTAP. No specification. No vendor documentation. No known implementations. Just a name in the official port registry, like a gravestone with no dates.
The Well-Known Range
Ports 0-1023 are the system ports, assigned by IANA through a formal process that typically requires either IETF review or IESG approval.2 These assignments are supposed to be for standardized services that need consistent port numbers across the Internet.
Port 559 sits in this range, which means at some point, someone went through the formal process to claim it. They submitted paperwork. They got approval. They reserved this port for TEEDTAP.
And then... nothing. Or at least, nothing we can find.
Ghost Protocols
Port 559 isn't unique in this. The IANA registry contains dozens of assigned ports for services that have no public documentation, no known users, and no apparent reason for existing. Some were probably corporate protocols that never left the company. Some might have been research projects that never shipped. Some could be protocols that are still in use somewhere, by someone, who never bothered to document them publicly.
TEEDTAP is one of these ghosts. It has a port number. It exists in the registry. But what it is remains unknown.
Security Considerations
The mystery creates a problem: if you see traffic on port 559, what is it?
It could be a legitimate (if obscure) service. It could be something using an abandoned assignment. It could be malware that picked a little-known port to avoid attention. There's no way to know without examining the actual traffic.3
Some security databases flag port 559 because trojans have historically used obscure well-known ports, betting that administrators won't notice unusual traffic on a "legitimate" port number.
Checking Port 559
To see if anything is listening on port 559 on a Unix-like system:
Or using netstat:
On Windows:
If you find something listening and you don't recognize it, investigate before assuming it's malicious. But also don't assume it's legitimate just because it has an IANA assignment.
Why This Matters
The existence of ghost protocols like TEEDTAP reveals something about the port registry: it's a historical record, not a current map. Assignments from decades ago remain in the registry even when the protocols die. Port numbers are rarely reclaimed.
This means the well-known range (0-1023) contains both vital protocols that power the modern Internet and archaeological artifacts from computing's past. Port 559 appears to be the latter.
Whether TEEDTAP ever served a purpose, or whether it was assigned and then abandoned before it could be used, we may never know. What remains is its name in the registry—and the reminder that not every port assignment has a story we can tell.
Byla tato stránka užitečná?