Port 2105 is a registered port assigned to eklogin — encrypted Kerberos remote login. It is a fossil of a security evolution that happened just before SSH made the whole branch of the tree irrelevant.
The Lineage
To understand port 2105, you need to understand where it sits in a sequence:
Port 513 — rlogin. Classic Unix remote login. You could log into another machine on your network without typing a password, relying instead on host trust. Credentials and session data traveled in plaintext. By modern standards, it was open season.
Port 543 — klogin. Kerberos-authenticated rlogin. Added proper authentication using the Kerberos ticketing system — no more trusting the hostname, you had to prove who you were. Still unencrypted in transit.
Port 2105 — eklogin. Kerberos authentication plus encryption. Everything klogin did, but the session data was now encrypted. The "e" stands for encrypted. This was the complete version: you proved your identity through Kerberos, and nobody could read your session traffic on the wire.
Each step was a genuine security improvement. Each step came too late. SSH arrived, offered all of this and more in a single protocol, and the entire rlogin family quietly retired.
What the Port Range Means
Port 2105 sits in the registered ports range (1024–49151). These ports are registered with IANA — the Internet Assigned Numbers Authority — by organizations and software vendors to avoid conflicts. Registration doesn't require enforcement; it's more like reserving a table. Anyone can technically use any port, but registered ports signal intent and help administrators understand what traffic they're seeing.
Unlike well-known ports (0–1023), registered ports don't require elevated privileges to open on most systems.
Other Observed Uses
Port 2105 has appeared in a few other contexts over the years:
- IBM MiniPay — IANA lists this as an alternate registered service on port 2105, used for electronic payment processing in IBM enterprise environments.
- Kerberos firewall configurations — Some Kerberos guides specifically mention port 2105 as a port to open if your environment supports Kerberos-authenticated rlogin.1
- Microsoft MSMQ — Message Queuing uses a range of ports including 2105 for certain RPC over TCP configurations.
If you see traffic on port 2105 today, it is almost certainly not eklogin. It's more likely application-specific software that chose this port because it was available.
What's Actually Listening on This Port
If you want to know what's running on port 2105 on your own machine:
macOS / Linux:
Or with netstat:
Windows:
The process ID in the output will tell you exactly what software claimed the port.
Why Unassigned Ports Matter
The registered port range contains thousands of ports with no assigned service. This isn't wasted space — it's the system working as intended. Applications need ports to communicate, and the registration system exists so they can claim one without guessing what else might be using it.
When you see an unfamiliar port in your network traffic, the first step is checking whether it's registered. If it is, the registration tells you the intended purpose. If it isn't, or if what you see doesn't match the registration, that's worth investigating.
Port 2105 is registered. Its assigned service is obsolete. Treat unexpected traffic here the same way you'd treat any unrecognized connection: find out what process opened it.
Frequently Asked Questions
Cette page vous a-t-elle été utile ?