What Port 2395 Is
Port 2395 is a registered port — officially assigned by IANA to a service called "LAN900 Remote" on both TCP and UDP.1
That's where the clear story ends. LAN900 Remote appears to have been a now-defunct remote access or LAN management product. No active documentation exists for it. No company still maintains it. The IANA entry is a tombstone.
The Registered Port Range
Port 2395 sits in the registered ports range: 1024 to 49151.2
Here's how the ranges divide:
| Range | Name | Who assigns them |
|---|---|---|
| 0–1023 | Well-known ports | IANA only |
| 1024–49151 | Registered ports | IANA, upon application |
| 49152–65535 | Dynamic/ephemeral | Operating systems, temporarily |
Registered ports exist so that software vendors can claim a number before shipping a product. You apply to IANA, describe your service, and the number is yours. Port 2395 was claimed this way. Whatever LAN900 Remote was, someone went through that process.
The catch: IANA doesn't reclaim abandoned registrations. Once a port is registered, it stays registered, even if the product disappears and the company dissolves. The number just sits there, officially occupied but practically empty.
What's Actually on Port 2395 Today
Almost certainly nothing — unless your software put it there.
Because LAN900 Remote is defunct, port 2395 has no legitimate software actively using it. That makes it a candidate for dynamic port assignment when applications need a temporary local port, and it occasionally shows up in port scans as background noise.
If you're seeing activity on this port, it's worth investigating.
How to Check What's Listening
macOS / Linux:
Linux alternative:
Windows:
These commands show you the process name and PID so you can identify what's actually using the port.
Why Ghost Ports Matter
The registered range has tens of thousands of entries. A meaningful fraction of them are like 2395 — registered years ago for software that no longer exists, by companies that no longer exist.
This matters because:
- Port scanners flag activity here as anomalous, which is actually useful — there's no expected legitimate traffic on dormant registered ports
- Malware occasionally squats on obscure registered ports precisely because no known service generates baseline traffic to mask the noise
- Applications that use dynamic port selection sometimes land here, creating false positives in security monitoring
An empty port isn't nothing. It's a baseline. When something appears on a port where nothing should be, that's information.
Hasznos volt ez az oldal?