What Range This Port Belongs To
Port 1835 sits in the registered ports range (1024–49151). This range is managed by IANA, which assigns port numbers to specific services and protocols on request. Unlike the well-known ports (0–1023), registered ports don't require special OS privileges to use — any process can bind to them.
Registered doesn't mean active. IANA assigns numbers when organizations request them, but there's no requirement that the protocol get implemented, documented, or ever actually used. Port 1835 is a case study in this gap.
The Official Assignment: ARDUS Multicast
IANA lists port 1835 (both TCP and UDP) as assigned to ARDUS Multicast — service name ardusmul.1
ARDUS is a family of protocols covering multicast transfer, control, and unicast. IANA also assigned port 1117 to "ARDUS Multicast Transfer" and port 1118 to "ARDUS Unicast." The ports exist. The documentation does not — at least not publicly. No RFC, no vendor page, no meaningful technical description has surfaced for ARDUS Multicast on port 1835. The protocol was registered and then, apparently, forgotten.
This happens more than you'd expect. The registered ports range accumulated assignments over decades. Some point to thriving protocols. Some point to projects that never shipped. Port 1835 appears to be the latter.
The Less Official Story: TCC Trojan
The most documented thing about port 1835 is that a trojan called TCC used it.2
This is a pattern in the port numbering world: obscure registered ports make convenient hiding spots for malware. A legitimate-looking port number is less likely to trigger firewall alerts than something blatantly unusual. Attackers exploited exactly this — port 1835 sounds like it has a purpose, even if no one remembers what that purpose was.
The TCC trojan is old enough that it's primarily a historical concern now, but any unexpected activity on port 1835 is worth investigating.
How to Check What's Listening on This Port
If you want to see whether anything is using port 1835 on your system:
macOS / Linux:
Windows:
If you get a result, cross-reference the process ID against your running processes. A legitimate service will be identifiable. An unknown process with no clear owner is worth investigating further.
Why Unassigned-in-Practice Ports Matter
Port 1835 illustrates something real about how port numbers work: the registry is a record of intent, not of reality. IANA tracks what ports should mean. Your network traffic reveals what they actually carry.
Ports like 1835 — officially assigned, practically empty — create ambiguity. Firewalls that block only "known bad" ports leave these gaps open. Security tools that rely on port-to-service mappings may misclassify traffic. The honest answer about port 1835 is: if you see traffic on it, you should find out why, because the official explanation doesn't help you.
Hasznos volt ez az oldal?