Port 2016: Bootserver — a name without a manual

What Range This Port Belongs To

Port 2016 is a registered port — one of the 48,128 ports between 1024 and 49151 that IANA manages on behalf of organizations and vendors who apply for them. Unlike well-known ports (0-1023), which are tightly controlled and carry the Internet's core protocols, registered ports are a middle tier: officially assigned, but not universally recognized.

The registered range is where most application-layer services live: databases, game servers, enterprise software, development tools. Some ports in this range are famous (3306 for MySQL, 5432 for PostgreSQL). Many are obscure. A few, like 2016, are registered to something that has almost no public documentation.

The Official Assignment: Bootserver

According to the IANA Service Name and Transport Protocol Port Number Registry, port 2016 is assigned to bootserver on both TCP and UDP.¹

That's about all the official record says. No RFC. No specification. No description of what "bootserver" does or who registered it. The Nmap service fingerprint database echoes the same bare label.²

This happens more than you'd think. Ports get registered, services get renamed or abandoned, companies fold, and the assignment stays on the books. The name becomes a placeholder for something that once existed or was intended but never fully documented publicly.

The Practical Reality: Cisco Reverse Telnet

The most concrete, documented use of port 2016 in the wild is unrelated to "bootserver." It's a Cisco terminal server convention.

Cisco terminal servers (routers or dedicated devices used to reach the console ports of other equipment) use a port-numbering scheme for reverse Telnet: 2000 + line number. To reach a device connected to physical line 16, you Telnet to port 2016.³

This means a network engineer managing a lab full of routers might routinely use port 2016 to reach whatever sits on line 16 of their terminal server — completely independent of any IANA assignment.

# Reach console port on line 16 of a Cisco terminal server
telnet <terminal-server-ip> 2016

This 2000-offset convention covers lines 1 through 16 and beyond, so ports 2001-2016+ all carry this meaning in terminal server environments.

How to Check What's Listening

If port 2016 is open on a machine you control, these commands show what process owns it:

Linux / macOS:

# Using ss (modern)
ss -tlnp | grep 2016

# Using lsof
lsof -i :2016

# Using netstat
netstat -tlnp | grep 2016

Windows:

netstat -ano | findstr :2016

The PID from any of these commands can be matched against Task Manager or tasklist to identify the owning process.

With Nmap (scanning a remote host):

nmap -sV -p 2016 <target-ip>

Why Unassigned and Lightly Documented Ports Matter

The registered port range exists to reduce conflict. When two applications both try to claim the same port, they collide — connections go to the wrong service, or one service fails to bind entirely. IANA registration is a coordination mechanism, not a mandate.

But coordination only works when registrations stay current. Ports registered to defunct services become noise. Security scanners flag open ports they don't recognize. Firewall rules get written defensively against unknown ports. The accumulated weight of stale registrations is part of why port scanning output is so hard to read.

Port 2016 is a small example of this: officially "bootserver," practically a Cisco convenience, and realistically — on most systems — nothing at all.