Port 1698 is assigned to RSVP-ENCAPSULATION-1 (rsvp-encap-1) — a UDP encapsulation of the Resource ReSerVation Protocol (RSVP). Both TCP and UDP are registered, though UDP is the relevant one here.1
What This Port Does
RSVP normally travels as its own IP protocol — protocol number 46, sitting alongside TCP (6) and UDP (17) at the network layer. But not every operating system in the 1990s could send and receive arbitrary IP protocols. Some only knew TCP and UDP.
Port 1698 is the workaround: RSVP messages wrapped inside UDP packets, so any system could speak the protocol regardless of what its kernel supported. RFC 2205, which defines RSVP, documents this UDP encapsulation in its appendix — a contingency for hosts with "inadequate raw network I/O support."2
Port 1699 is the companion: RSVP-ENCAPSULATION-2, used for a slightly different encapsulation variant.
What RSVP Actually Does
RSVP is a signaling protocol. Before an application sends a stream of data across a network — video, audio, anything time-sensitive — RSVP lets it ask routers along the path to reserve bandwidth for that flow. Each router along the way either agrees to hold capacity or refuses.
The idea was ambitious: a polite, coordinated Internet where applications announced their needs and infrastructure accommodated them. This was the 1990s vision of Quality of Service — not just best-effort delivery, but guaranteed lanes.
It worked in controlled environments. Enterprise networks, MPLS backbones, and voice-over-IP deployments still use RSVP internally. But the open Internet never adopted it. There were too many routers, too many autonomous systems, no mechanism to enforce reservations across administrative boundaries. The Internet chose to scale through brute bandwidth instead.3
Why This Port Range
Port 1698 sits in the registered port range (1024–49151). These ports are assigned by IANA for specific services, but they don't require elevated privileges to use — unlike well-known ports below 1024. Any application can bind to a registered port.
The registered range exists between the authority of well-known ports and the chaos of ephemeral ports. IANA maintains the registry, but enforcement is voluntary. A port being registered doesn't mean you'll find that service there on any given machine.
Security Notes
A documented vulnerability (CVE-2014-3354) affects Cisco IOS and IOS XE: specially crafted RSVP packets sent to port 1698 can trigger a denial-of-service condition. If you're running Cisco gear that handles RSVP, this port deserves attention.4
Additionally, the backdoor trojan Backdoor.Win32.Wollf.a has been observed listening on TCP port 1698. Finding unexpected activity on this port is worth investigating — RSVP encapsulation is not a common service on modern systems.5
How to Check What's Listening on Port 1698
On most systems, this port should be silent. If something is there:
Linux/macOS:
Windows:
The process ID from these commands will tell you exactly what's listening. Cross-reference it against your running processes. RSVP encapsulation is not a service you'd expect to find active on a workstation or typical server.
Related Ports
- Port 1699 — RSVP-ENCAPSULATION-2, the companion encapsulation port
- IP Protocol 46 — Native RSVP, operating below TCP/UDP at the network layer
- Port 3455 — PRSVP, a proxy RSVP service
Frequently Asked Questions
¿Fue útil esta página?