Port 2447: ovwdb — The OpenView Object Database

What This Port Does

Port 2447 is assigned by IANA to ovwdb — the OpenView Network Node Manager (NNM) database daemon.¹ It operates on both TCP and UDP.

ovwdb is the internal data store for HP OpenView NNM. While NNM's other daemons discover networks, draw maps, and process SNMP traps, ovwdb is the one that remembers everything. It holds the network topology database — every discovered node, every interface, every relationship the system has mapped. Other NNM components query it constantly. It is the daemon everything else depends on.

What HP OpenView NNM Was

HP OpenView Network Node Manager was, for roughly two decades, the closest thing enterprise IT had to a canonical answer to the question: "What's on our network, and is it healthy?"

Launched in the early 1990s, NNM used SNMP to automatically discover network devices, generate topology maps, and surface alerts when things went wrong. At its peak, it ran inside the network operations centers of banks, telecoms, governments, and any company large enough to need a room full of people watching blinking lights.²

The software was substantial. Running NNM meant running a constellation of daemons — each with a specific job, each with its own port. ovwdb on port 2447 was one of many: ovsessionmgr, ovalarmsrv, ovtopmd, and others formed the full process family. Stopping NNM meant stopping them all in the right order. Starting it back up required the same ceremony in reverse.

Where It Went

HP eventually sold its software assets to Micro Focus in 2017. Micro Focus was then acquired by OpenText in 2023. The product still exists — rebranded as part of OpenText's Network Operations Management portfolio — but the HP OpenView era is over.³

If you encounter port 2447 open on a system today, you are almost certainly looking at one of two things: a legacy NNM installation that nobody has decommissioned, or a security scanner that flagged it. The former is more likely. Enterprise network management software has a way of running untouched in corners of data centers for years after the people who installed it have left.

Security Considerations

HP OpenView NNM accumulated a meaningful number of vulnerabilities over its lifetime. Tenable's Nessus has dedicated plugins for detecting NNM services, and HP issued multiple security advisories covering buffer overflows and remote code execution in various NNM components.⁴

If you find port 2447 open on a system that shouldn't be running NNM, investigate. Legacy enterprise software with known CVEs and no active patching is a real risk.

How to Check What's Listening

On Linux/macOS:

ss -tlnp | grep 2447
lsof -i :2447

On Windows:

netstat -ano | findstr :2447

With nmap (from another host):

nmap -sV -p 2447 <target>

If ovwdb is running, it will likely identify itself. If something else is listening on this port, nmap's service detection will usually tell you what.