What Port 60396 Is
Port 60396 falls in the dynamic (ephemeral) port range: 49152-65535.1 These ports are reserved for temporary use. When your browser opens a connection to a web server, your operating system automatically assigns itself a port in this range—something like 60396—for that conversation. Once the connection closes, the port goes back to the pool, ready for the next temporary use.
This is how the Internet's conversation works at scale. Your OS doesn't ask you "which port should I use?" It just picks one from this vast reservoir of 16,384 unassigned addresses.
Who Uses Port 60396?
Nobody officially. That's the point of the dynamic range.
In practice, port 60396 gets used by whatever application your operating system assigns it to on any given moment. One second it might carry your HTTPS connection to GitHub. The next second it might be idle. The second after that, someone else's application claims it.
What Malware Has Found Here
Here's where this becomes relevant to security: malware doesn't care about official assignments either. Port 60396 has been documented in association with Trojan.DownLoader34.3753, a trojan that injects code into system processes and creates files related to onion services.2 It's also been linked to Linux.Siggen.1830, a Linux malware variant that runs as a daemon and uses network protocols for command and control.3
This doesn't mean port 60396 is dangerous. It means that in the space where legitimate temporary connections live, malware lives there too. The port doesn't discriminate.
How to Check What's Using Port 60396
If you want to see what's listening on or using port 60396 right now:
On macOS/Linux:
On Windows:
If nothing shows up, that's normal. This port is only "active" when something temporarily claims it.
Why Unassigned Ports Matter
The dynamic port range exists because the Internet needed overflow space. When you connect to a server, both ends of that conversation need a port number. The server uses a well-known port (like 443 for HTTPS). Your computer picks from the dynamic range.
There are 16,384 of these dynamic ports. They're a gift to the Internet—a massive, renewable resource of unassigned addresses that every application and every protocol can tap into without coordination or bureaucracy.
But because they're unassigned, they're also unpatrolled. A trojan can listen on port 60396 just as easily as your browser can. Security tools look for suspicious activity here, but so do threat actors.
Port 60396 is nobody's port. That makes it everybody's port. And that's exactly how the Internet's temporary infrastructure works.
Frequently Asked Questions
Cette page vous a-t-elle été utile ?