Port 2513: Citrix Admin — A registered port from a retired architecture

What Port 2513 Is

Port 2513 sits in the registered port range (1024–49151). These are ports that have been formally claimed with IANA — they're not assigned on a first-come basis like well-known ports below 1024, but they carry an official record of what they were meant for.

IANA lists port 2513 as citrixadmin — the administrative communication port for Citrix's Independent Management Architecture (IMA).¹

What It Was Used For

Citrix Presentation Server (later renamed XenApp) used a management system called IMA — the Independent Management Architecture. IMA was how Citrix servers in a farm communicated with each other and with the Citrix Management Console. Port 2512 carried inter-server farm communication; port 2513 carried connections from the management console to the IMA service itself.²

If you ran a Citrix XenApp farm before 2013, your management console was almost certainly connecting to port 2513 on your Presentation Servers.

Why It's Mostly Quiet Now

Citrix replaced IMA with FMA — the FlexCast Management Architecture — starting with Citrix XenApp/XenDesktop 7.5 in 2013. FMA uses a completely different set of ports and communication mechanisms. The official Citrix documentation for modern versions (7.5 and later) does not list port 2513.³

Port 2513 didn't die by deprecation notice. The architecture it belonged to was retired beneath it.

Security History

Before IMA was retired, port 2513 had a notable vulnerability. CVE-2008-0356 documented a buffer overflow in the IMA service that allowed remote attackers to execute arbitrary code — meaning an unauthenticated attacker who could reach port 2513 could potentially take over the server.⁴

This was patched by Citrix at the time. But it's a reminder: administrative ports are high-value targets. A port that lets you manage servers is a port an attacker wants to reach.

If you're running a legacy Citrix environment with port 2513 open, it should be firewalled to management hosts only.

How to Check What's Listening on This Port

On Linux or macOS:

ss -tlnp | grep 2513
# or
lsof -i :2513

On Windows:

netstat -ano | findstr :2513
# Then look up the PID:
tasklist | findstr <PID>

Remote scan:

nmap -sV -p 2513 <target>

If you see something listening on port 2513 and you're not running a legacy Citrix environment, it's worth investigating.

Why Unassigned-but-Named Ports Matter

The registered port range is full of ports like 2513 — officially named, practically obsolete. They matter for a few reasons:

• Firewall rules: Many organizations block or allow ports by IANA name. "citrixadmin" might still appear in legacy firewall configs.
• Security scanning: Port scanners flag 2513 as Citrix-related. An unexpected response on this port in a non-Citrix environment is anomalous.
• Squatters: When a port goes quiet, software occasionally starts using it informally. An unassigned port in practice is an available port in practice.

The IANA registry is a historical record as much as it's a current one. Port 2513's name hasn't changed, even though the system it named is gone.