Port 651: IEEE-MMS — The language of factory floors

Port 651 carries IEEE-MMS (Manufacturing Message Specification), the protocol that enables industrial automation systems to speak the same language. When a sensor reports a temperature reading, when a PLC adjusts a valve, when a control system monitors production—this is the kind of standardized messaging that makes it possible.

What IEEE-MMS Does

MMS is a messaging protocol for industrial automation. It operates at the application layer and provides a standardized way for manufacturing equipment to exchange real-time process data and supervisory control information.¹

The protocol supports:

• Real-time data acquisition — Reading sensor values, equipment status, production metrics
• Device management — Configuring parameters, updating settings across equipment
• Event reporting — Notifying control systems when conditions change or thresholds are exceeded
• Remote control — Sending commands to PLCs, RTUs, and other industrial devices
• File transfer — Moving programs, recipes, and configuration data between systems

This is how factories coordinate. A central control system doesn't need custom software for every brand of equipment—MMS provides the common vocabulary.

The Standard: ISO 9506

MMS originated in the early 1980s as part of General Motors' Manufacturing Automation Protocol (MAP) initiative. The problem was simple: factory floors were full of equipment from different vendors that couldn't talk to each other. Every machine spoke its own dialect.²

MAP version 2.1, released in 1985, adopted the OSI reference model to create a standardized communication framework. This work led directly to the formal standardization of MMS in 1990 as ISO 9506 by the International Organization for Standardization.³

The standard was revised and reissued in 2003 with two parts:

• ISO 9506-1: Service definition⁴
• ISO 9506-2: Protocol specification⁵

Originally, MMS used the full OSI protocol stack. In 1999, Boeing created a version that runs over TCP/IP using RFC 1006 (ISO Transport over TCP), making MMS compatible with modern Internet-based networks.⁶ This is what typically runs on port 651.

How It Works

MMS follows a client-server model. The MMS server (typically a PLC, RTU, or industrial device) listens for connections. The MMS client (typically a SCADA system or control application) initiates communication to read data or send commands.

When you see port 651 in use, you're seeing the TCP/IP implementation of MMS—industrial devices exchanging standardized messages over standard networks rather than proprietary industrial buses.

The protocol defines "virtual manufacturing devices" (VMDs) that represent equipment capabilities in a standardized way. Instead of needing to know the specific commands for a particular PLC brand, a control system can interact with the VMD abstraction using standard MMS services.

The Security Problem

Here's the honest truth: MMS has no built-in encryption.⁷

Every measurement travels in plaintext. Every control command is readable by anyone on the network. Every piece of manufacturing data crosses the wire unencrypted.

When MMS was standardized in 1990, this wasn't necessarily a problem. Factory networks were isolated. Air-gapped. Physically separate from everything else.

Many aren't anymore. Industrial systems increasingly connect to corporate networks, to the Internet, to cloud monitoring platforms. The protocol designed for isolated factory floors now operates in environments where that isolation no longer exists.

This matters because someone intercepting port 651 traffic can:

• Read sensitive production data
• Observe control commands and reverse-engineer processes
• Potentially inject malicious commands if network access is gained

The standard assumes network security is handled by the infrastructure—firewalls, network segmentation, VPNs. The protocol itself provides no protection.

Related Ports and Protocols

• Port 102 — MMS traditionally uses TCP port 102 when running over the standard OSI stack⁸
• Port 695 — IEEE-MMS-SSL, the encrypted version of MMS
• Port 2404 — IEC 61850 MMS, used specifically in electrical substation automation

MMS is also a key component of IEC 61850, the international standard for electrical substation automation systems.

Checking What's Listening

To see if something is listening on port 651:

# On Linux/Mac
sudo lsof -i :651
netstat -an | grep 651

# On Windows
netstat -an | findstr :651

In industrial environments, you'd typically see this port in use on:

• Programmable Logic Controllers (PLCs)
• Remote Terminal Units (RTUs)
• Distributed Control Systems (DCS)
• SCADA servers and clients

Why This Port Matters

Port 651 represents the reality of industrial automation: standardized protocols that enable interoperability, running on infrastructure that wasn't designed with modern security threats in mind.

The protocol works. It's been enabling factory automation for decades. Equipment from different vendors can coordinate. Control systems can monitor and manage diverse manufacturing environments.

But it also represents the challenge: critical infrastructure running on protocols designed for a different era, now connected to networks where the old assumptions—isolation, trust, physical security—no longer hold.

Understanding port 651 means understanding both what makes modern manufacturing possible and what makes it vulnerable.