Port 2406: JediServer — a registered port for a game that time forgot

What Port 2406 Is

Port 2406 sits in the registered port range — ports 1024 through 49151, where organizations and developers formally claim numbers from IANA for specific services. The Internet Assigned Numbers Authority lists port 2406 on both TCP and UDP under the name jediserver.¹

The service: a dedicated server protocol for the Star Wars Jedi Knight game series, developed by Raven Software and published by LucasArts. Games in this franchise — built on id Software's Quake engine — needed a way for clients to connect to hosted servers, and someone at some point cared enough to register a port number with IANA to do it properly.

The Registered Port Range

Registered ports (1024–49151) occupy the middle ground between two other categories:

• Well-known ports (0–1023): The ports you already know. HTTP is 80, HTTPS is 443, SSH is 22. These require root/administrator privileges to open on most operating systems, and IANA guards them carefully.
• Dynamic/ephemeral ports (49152–65535): Used on the fly for outbound connections. Your browser grabs one of these when it opens a connection to a web server; the port disappears when the session closes.

Registered ports like 2406 sit in the middle. They're formally claimed, but any process on any machine can open them without elevated privileges. The registration is a declaration of intent, not a lock.

JediServer: What It Was

The Jedi Knight series ran from 1997 (Jedi Knight: Dark Forces II) through 2003 (Jedi Knight: Jedi Academy). These were modem-era and early-broadband multiplayer games — lightsaber duels, force powers, dedicated server files you downloaded and ran on whatever hardware you had.

The actual Jedi Academy dedicated server today uses ports in the 29060–29081 UDP range.² Port 2406 appears to be a relic from an earlier era of the franchise or a specific server variant. The IANA registration exists; what software originally used it is, at this point, genuinely obscure.

This is not unusual. The IANA registry is a graveyard of registrations from software that has since changed ports, been abandoned, or simply faded. The registration stays; the servers go dark.

Security History

Some port databases flag 2406 as having been used by malware at some point.³ This doesn't mean the port is dangerous — it means that at some point, a piece of malicious software chose this quiet, underused port to hide its traffic. Malware tends to prefer ports that firewalls ignore. An unused registered port is ideal camouflage.

Finding port 2406 open on a machine that isn't running a Jedi Knight server is worth investigating.

How to Check What's Listening on Port 2406

On Linux or macOS:

ss -tlnp | grep 2406
# or
lsof -i :2406

On Windows:

netstat -ano | findstr :2406

The output will show the process ID (PID) using the port. On Linux/macOS you can cross-reference with ps aux | grep <PID> to identify it. On Windows, open Task Manager and look up the PID under the Details tab.

If nothing is returned, nothing is listening. For a registered-but-dormant port like 2406, that's the expected result on virtually every machine.