Port 3350: findviatv — Registered to One Thing, Used for Another

What This Port Is

Port 3350 sits in the registered port range (1024-49151). IANA assigned it the service name findviatv — both TCP and UDP — but without a meaningful description, RFC, or apparent deployment. Whatever findviatv was, it never became anything you'd encounter in the wild.¹

What you will encounter is xrdp-sesman.

The Real Tenant: xrdp-sesman

xrdp is the open-source Remote Desktop Protocol server for Linux systems — the software that lets you connect to a Linux machine from a Windows Remote Desktop client. Inside xrdp, two processes work together:

• xrdp: handles the incoming RDP connection on port 3389
• xrdp-sesman: the session manager, which authenticates users and launches desktop sessions

These two processes talk to each other over port 3350 — but only on localhost (127.0.0.1). No traffic crosses the network; it never leaves the machine. Port 3350 is plumbing that xrdp uses to talk to itself.²

You'll see it referenced in xrdp error messages if something goes wrong:

Error connecting to sesman: 127.0.0.1 port: 3350

This typically means xrdp-sesman isn't running, or there's an IPv4/IPv6 mismatch — xrdp is trying to connect via IPv4, but sesman is listening only on IPv6 [::1].

A Notable Security History

In 2020, CVE-2020-4044 was disclosed against xrdp-sesman versions before 0.9.13.1. The attack was straightforward: connect to port 3350, send a malicious payload, and the buffer overflow would crash the sesman process.³

Once sesman was dead, an unprivileged attacker on the same machine could start their own impersonating sesman service on port 3350 — and capture credentials from every user who tried to log in over RDP. For xorgxrdp sessions, this also allowed hijacking active sessions.

The vulnerability has since been patched. If you're running xrdp, ensure you're on 0.9.13.1 or later.

How to Check What's Listening

# Linux
ss -tlnp | grep 3350
# or
lsof -i :3350

# macOS
lsof -i :3350

# Windows
netstat -ano | findstr :3350

On a Linux system running xrdp, you should see xrdp-sesman bound to 127.0.0.1:3350. On any other system, this port should be closed.

Why Unassigned (and Lightly Used) Ports Matter

The registered port range exists so software can stake a claim to a port number, reducing collisions. But registration doesn't guarantee use — and it doesn't prevent other software from quietly occupying the same port on localhost. Port 3350 is a minor example of how the reality of a port and its paper assignment can diverge entirely.

If you see unexpected traffic on port 3350 from an external address, that's worth investigating. xrdp-sesman listens only on loopback by design — external connections to this port aren't normal.