Port 3583: CANEX Watch — The Registered Ghost

What Port 3583 Is

Port 3583 sits in the registered port range — the band from 1024 to 49151 where organizations can file for an official assignment from IANA, the body that maintains the global port registry.

It is assigned. The IANA record reads: canex-watch — CANEX Watch System, registered August 2002, attributed to a contact named Peter Kollath.¹

That entry is essentially all the public documentation that exists.

The CANEX Watch System

CANEX is a software company founded in Bratislava, Slovakia. By the mid-1990s it had focused on IP video monitoring, developing a video management platform eventually marketed as cWatch (now under the WatchSystem brand).² The software handles IP cameras, recording, and central station monitoring — the kind of infrastructure that sits behind security systems in buildings and facilities.

Port 3583 was presumably used for communication between cWatch clients and servers. The protocol itself was never publicly documented, no RFC was filed, and there is no published specification. It is a proprietary assignment: IANA recorded the claim, but the actual protocol lives entirely inside CANEX's software.

The company appears to still operate. The port may still be in active use inside cWatch deployments. If you see 3583 open on a machine running video surveillance software, this is the likely explanation.

What the Registered Range Means

The registered port range exists because 1024–49151 is too large for IANA to manage strictly, but chaotic free-for-all would cause collisions. So IANA maintains a voluntary registry: vendors request ports for their protocols, IANA records the assignment, and everyone theoretically avoids conflicts.

"Registered" does not mean "standard," "common," or "open." It means someone filed a form. Many registered ports belong to proprietary systems with no public documentation, discontinued software, or products used only in specific industries. Port 3583 is a typical example: formally claimed, practically obscure.

Checking What's on This Port

If port 3583 is open on a machine you're responsible for and you don't run CANEX/WatchSystem software, find out why.

On Linux/macOS:

# Show what process has port 3583 open
sudo lsof -i :3583

# Or with ss
ss -tlnp | grep 3583

On Windows:

netstat -ano | findstr :3583

The process ID in the output can be matched against Task Manager or tasklist to identify the application.

With nmap (from another machine):

nmap -sV -p 3583 <target-ip>

The -sV flag asks nmap to probe the port and attempt to identify what's running. For obscure proprietary protocols like canex-watch, it may return unknown — but an open port is a data point regardless.

Why Unassigned-Looking Ports Matter

Most ports below 49151 with no widely recognized service fall into one of three categories: genuinely unassigned, assigned to something obscure, or formerly assigned to something defunct. Port 3583 is the middle case.

From a security perspective, an open port running an undocumented proprietary protocol is worth auditing. You can't patch what you can't identify. If port 3583 appears in your environment unexpectedly, start with lsof and work from there.