Port 3700: LRS NetPage, the network behind the restaurant pager

What Runs on Port 3700

Port 3700 is officially registered with IANA under the service name lrs-paging, assigned to LRS NetPage (also called LRSN) for both TCP and UDP.¹ It was registered in February 2003 by Geoffrey Wossum of Long Range Systems.

Long Range Systems makes paging equipment used in restaurants, hospitals, hotels, and retail environments. You have almost certainly held one of their pagers. It's the plastic disc that buzzes and blinks when your table is ready.²

Port 3700 is the network side of that system.

How the Protocol Works

LRS NetPage is a TCP/IP protocol that connects paging management software to the transmitter hardware. The handshake is simple:³

1. Client connects to TCP port 3700
2. Server responds with an <LRSN> element identifying itself and advertising available services
3. Client sends a <Login> element (credentials optional depending on configuration)
4. Server responds with <LoginAck>
5. A persistent session begins: bidirectional XML messages, each delimited by a newline

The protocol supports sending pages to specific pagers, querying pager status, reading device configuration, and monitoring heartbeats to verify the connection is alive.

The pager delivery itself is radio. Port 3700 is the control plane. It is the socket where the waitlist software says "buzz pager 47." The transmitter handles everything from there.

Where You Will Find It

Anywhere physical space and digital management meet. Restaurants using LRS guest paging systems. Hospital waiting rooms where families are notified when their patient is out of surgery. Retail counters managing order pickups.

These systems are not prominent. They sit in back-office networks, rarely discussed, reliably doing their job. Port 3700 is one of the ports that keeps the physical world running on schedule.

A Historical Footnote

Port 3700 carries one shadow from its past. In 1999, four years before LRS NetPage was registered with IANA, a trojan called Portal of Doom used this port as part of its remote access infrastructure.⁴ It was written in Visual Basic and spread in the early Internet era.

Portal of Doom is long obsolete. No modern security tool considers it an active threat. But older vulnerability databases still flag port 3700 because of it, which occasionally causes confusion. The trojan came first; the legitimate protocol came later.

How to Check What Is Listening on Port 3700

If you see traffic on port 3700 on a system that is not running LRS paging software, find out what it is.

macOS and Linux:

# Show what is listening on port 3700
lsof -i :3700

# Linux alternative
ss -tlnp sport = :3700

Windows:

netstat -ano | findstr :3700

Match the PID to a process with Task Manager or tasklist /fi "PID eq <pid>".

If nothing is running LRS NetPage equipment, nothing legitimate should be listening on this port from outside your network.