Port 2990: BOSCAP — The Port That Forgot to Explain Itself

What Is Port 2990?

Port 2990 sits in the registered port range — the stretch from 1024 to 49151 where organizations and developers can formally claim a port number through IANA, the Internet Assigned Numbers Authority. Unlike the well-known ports below 1024 (where HTTP, SSH, and DNS live), registered ports don't require root privileges to open and don't carry the same operational weight. They're reservations, not mandates.

Port 2990 is technically assigned. IANA's registry lists it as BOSCAP, registered to a developer named Dirk Hillbrecht.¹ Both TCP and UDP. That's where the documentation ends.

The full IANA description for BOSCAP reads: "BOSCAP."

That's it. The protocol described itself by repeating its own name.

What Is BOSCAP?

Unclear. There is no RFC. No public specification. No known open-source implementation. No mailing list archives. No forum posts from people using it. Whatever BOSCAP was designed to do, that knowledge never made it into the public record.

Dirk Hillbrecht is a real German software developer — contributor to various open-source projects — but whatever motivated the BOSCAP registration appears to have stayed private or simply never went anywhere.²

This isn't unusual. The registered port range accumulated thousands of entries during the 1990s and 2000s, many from developers with good intentions and projects that never shipped, were abandoned, or moved to different ports without updating the registry. IANA doesn't audit or retire these entries. Once a port is registered, it stays registered.

What Might Actually Be on Port 2990?

If you see traffic on port 2990, it's almost certainly not BOSCAP (whatever that would mean). It's more likely:

• Application-defined: Some software chose this port arbitrarily for internal communication
• Development servers: Developers often pick obscure registered ports to avoid collisions with common services
• Misconfigured services: Something expected to be elsewhere
• Scanning activity: Automated probes testing which ports respond

How to Check What's Listening

To find out what's actually using port 2990 on your system:

Linux / macOS:

# Show process listening on port 2990
ss -tlnp sport = :2990

# Or with lsof
lsof -i :2990

Windows:

netstat -ano | findstr :2990

Take the PID from the output and look it up in Task Manager or with tasklist /fi "pid eq <PID>" to identify the process.

To check a remote host:

# See if port 2990 is open (no data about what's running there)
nmap -p 2990 <host>

Why Unassigned-in-Practice Ports Matter

A port with a name but no protocol is neither safe nor dangerous by itself — it's a blank space. That's actually meaningful in a few ways:

For security scanning, these ports show up as noise. When a scan finds port 2990 open, it can't be matched to a known fingerprint, which makes classification harder and investigation necessary.

For the registry itself, ghost registrations occupy namespace. IANA's registered port range has 48,128 slots. Thousands are held by projects that never launched or services long dead. The registry doesn't clean house, so the map stays cluttered.

For developers, choosing a port like 2990 for a new application is technically permissible (it's registered, not yours) but practically risky — you'd be squatting on someone else's reservation in a neighborhood where eviction doesn't exist.