1. Ports
  2. Port 3142

Port 3142: Apt-Cacher NG — The Linux Package Cache Port

What Port 3142 Is

IANA has not assigned port 3142 to any official service. It sits in the registered port range (1024–49151), which means it's available for any application to claim — but no one has filed the paperwork.

In practice, though, port 3142 belongs to the Debian/Ubuntu world. It's the default port for Apt-Cacher NG (apt-cacher-ng), a caching proxy for .deb packages, and also the default for squid-deb-proxy, which does the same job using Squid under the hood. Both tools converged on the same port — apt-cacher-ng inherited it from the original apt-cacher daemon, and squid-deb-proxy matched it for compatibility. The result is an unofficial standard strong enough that most Linux administrators recognize the port on sight.

The Problem It Solves

When you have multiple Debian or Ubuntu machines on the same network, each one independently downloads the same packages from the same repositories. A team of 20 developers running apt upgrade on the same morning hits the upstream mirrors 20 times for identical files.

Apt-cacher-ng sits between your machines and the repositories. The first machine to request a package downloads it; every machine after that gets it from the local cache. You configure each client's APT to point at http://<cache-server>:3142, and from then on, bandwidth is spent once per package, not once per machine per package.

For large fleets — CI/CD runners, Kubernetes nodes, server farms — this matters. It cuts external bandwidth, speeds up installs, and reduces load on upstream mirrors.

The Range It Lives In

The registered port range (1024–49151) is where most application services live. Unlike well-known ports (0–1023), registered ports don't require root privileges to bind. Unlike ephemeral ports (49152–65535), they're meant for persistent services.

IANA maintains a registry for this range, but registration is voluntary and incomplete. Many ports here are assigned to services no one uses anymore. Many others, like 3142, are actively used by real software that never registered. The registry is a map, and like all maps, it has blank spaces that don't mean empty territory.

Security Considerations

An open port 3142 on a network means a package proxy is running. This is generally benign — it's an HTTP service serving cached .deb files — but a misconfigured cache accessible from outside the intended network could:

  • Serve stale or manipulated packages if the cache itself is compromised
  • Expose information about what software is installed across your fleet (request logs reveal which packages clients are fetching)

Apt-cacher-ng includes an admin interface (also served on port 3142, at /acng-report.html) that should not be exposed publicly.

How to Check What's Listening

To see if something is bound to port 3142 on your system:

# Linux
ss -tlnp | grep 3142

# macOS
lsof -i :3142

# Any platform (if nmap is available)
nmap -p 3142 localhost

If you see apt-cacher-ng or squid in the output, someone set up a package cache. If you see something else, that's worth investigating.

Related Ports

  • Port 8080 — Common alternative for HTTP proxies when 3142 isn't used
  • Port 9999 — Sometimes used as an alternative apt-cacher-ng port in Docker environments
  • Port 80/443 — What apt-cacher-ng proxies traffic to, upstream

Frequently Asked Questions

Vorherige

Port 3141: Where π Lives on the Network

Nächste

Port 3143: Seaview — Assigned to Seagate, Forgotten by Everyone Else

War diese Seite hilfreich?

😔
🤨
😃