Port 1386 sits in the registered ports range (1024-49151) with an official assignment to CheckSum License Manager, but it carries a more complicated history than most ports in this range.
What Port 1386 Does
Port 1386 is officially registered with IANA for CheckSum License Manager, a software licensing service that uses both TCP and UDP protocols.1 License managers handle the distribution and validation of software licenses across networks—when an application needs to verify it's properly licensed, it reaches out to the license manager, often through a designated port like 1386.
The Security Shadow
Here's what makes this port notable: before CheckSum License Manager became widely known, port 1386 TCP was used by a trojan called Dagger.2 In the early 2000s, security researchers documented Dagger among the common trojans that exploited registered but underutilized ports for command and control.
This isn't unique to port 1386—many registered ports have been used by malware. But it illustrates something important about how port numbers work: they're just addresses. The port itself isn't safe or dangerous. What matters is what's listening on it.
Registered Ports and Their Role
Port 1386 belongs to the registered ports range (1024-49151). These ports are assigned by IANA to specific services, but the assignment is looser than with well-known ports (0-1023). Anyone can technically run any service on a registered port, though using the registered service is standard practice.
The registered ports range exists because there are thousands of legitimate network services that need consistent port numbers, but not every service deserves the privileged status of the well-known range.
How to Check What's Using Port 1386
If you see traffic on port 1386, you need to determine whether it's legitimate license management or something else.
On Linux or macOS:
On Windows:
These commands show you what process is listening on or connected to port 1386. If you see CheckSum License Manager or another legitimate license management software, the traffic is expected. If you see an unknown process or suspicious activity, investigate further.
Why Port Assignment Matters
The story of port 1386 shows why port registration exists in the first place. When a legitimate service like CheckSum License Manager registers a port, it creates a standard that network administrators can rely on. You can configure firewalls knowing that port 1386 traffic should be license management.
Without registration, every software vendor would pick ports randomly, creating conflicts and making network security nearly impossible to manage.
Current Status
Today, port 1386 is primarily associated with CheckSum License Manager in network documentation and IANA records.1 The Dagger trojan is ancient history—modern malware has moved on to different techniques. But the port remains a useful example for understanding that port numbers are just labels, not security mechanisms.
If you're running CheckSum License Manager, port 1386 should be open between clients and the license server. If you're not, and you see traffic on this port, it's worth investigating.
Related Ports
Other software license managers use different registered ports:
- Port 27000-27009: FlexNet (FlexLM) license manager range
- Port 1947: Sentinel HASP License Manager
- Port 5053: Veritas License Manager
Each license management system picks a registered port and sticks with it, creating predictable network behavior.
Frequently Asked Questions About Port 1386
آیا این صفحه مفید بود؟