Port 2748: Cisco CTI Manager — The Phone System's Command Channel

What Port 2748 Does

Port 2748 carries CTI (Computer Telephony Integration) traffic between Cisco Unified Communications Manager (CUCM) and the applications that control it.

CTI is the layer that lets software talk to a phone system. When a Cisco softphone places a call, when an IVR system transfers a caller, when an attendant console shows who's ringing — that control traffic flows through CTI Manager. Port 2748 is where it lands.

This port is the unencrypted version. Port 2749 carries the same traffic over TLS. If you see port 2748 active on a CUCM server, the CTI applications connecting to it are sending commands in plaintext.

What IANA Actually Says

IANA's official assignment for port 2748 is "fjippol-polsvr" — a name that appears in essentially no production documentation anywhere. Cisco adopted the port for CTI Manager without registering the actual use, and "fjippol-polsvr" became a historical artifact that nobody references.¹

This happens more than you might expect. Registered ports (1024–49151) are assigned on a first-come basis, but implementations diverge from registrations over time. The real-world traffic on a port often has nothing to do with the IANA label.

What Connects Here

Applications that use port 2748 include:²

Cisco Unified IP Phone (softphone / TSP plugin)
JTAPI applications — Java Telephony API clients
TAPI applications — Windows Telephony API clients
IVR and ICD systems — Interactive voice response and contact center software
Cisco Unified Attendant Console
IP Manager Assistant (IPMA)

All of these connect to the CTI Manager service running on CUCM to issue call-control commands.

Security Considerations

Port 2748 is plaintext. Commands sent over it — including call control instructions and device queries — are readable by anyone on the network path.

In 2008, a denial-of-service vulnerability (CVE-2008-2061) allowed remote attackers to crash the CTI Manager service by sending malformed traffic to port 2748.³ Cisco patched it, but the incident illustrates the risk of exposing an unencrypted control channel.

Use port 2749 instead. It carries the same CTI traffic over TLS. If your CUCM deployment still uses port 2748, migrate CTI applications to the secure port and use ACLs to block 2748 from untrusted network segments.

How to Check What's Listening

On the CUCM server (Linux):

ss -tlnp | grep 2748

On any system:

# Check if the port is open on a remote host
nc -zv <cucm-host> 2748

# See what process holds the port locally
lsof -i :2748

On Windows:

netstat -ano | findstr :2748

If port 2748 appears on a system that is not running Cisco CUCM, investigate. It could be misconfiguration, a legacy service, or something unexpected.

Port	Protocol	Use
2749	TCP	Cisco CTI Manager (TLS — the secure version)
2000	TCP	Cisco Skinny (SCCP) — device registration
5060	UDP/TCP	SIP — the other major VoIP signaling protocol

Frequently Asked Questions

Port 2747: fjippol-swrly — Fujitsu's Ghost Protocol

Port 2749: fjippol-cnsl — The Assigned Unknown

¿Fue útil esta página?

😔

🤨

😃