Port 3651: XRPC Registry — Assigned but Absent

What Port 3651 Is

Port 3651 sits in the registered ports range (1024–49151), which IANA maintains as a registry for services that have formally requested a port assignment. Unlike the well-known ports below 1024, which require elevated privileges to bind, registered ports can be used by any process on most systems.

According to IANA's Service Name and Transport Protocol Port Number Registry, port 3651 is assigned to XRPC Registry on both TCP and UDP, registered in January 2003.¹ Beyond that record, public documentation is essentially nonexistent. No RFC was published, no open-source implementation surfaced, no widespread deployment followed.

A Note on Naming

The abbreviation "XRPC" now carries a second meaning entirely: Bluesky's AT Protocol uses it to describe its HTTP-based API convention (short for "Lexicon RPC").² The two are unrelated. The 2003 registration predates that usage by nearly twenty years and quietly occupies the same acronym.

What "Registered but Dormant" Means

The registered ports range contains thousands of entries in various states of life:

• Active — the service is deployed, documented, and in use
• Dormant — registered once, never gained traction, still held
• Contested — registered for one purpose, used informally for another

Port 3651 appears to be dormant. No commercial software is known to claim it by default. If you see traffic on this port, it's more likely a non-standard application choice than XRPC Registry in the wild.

How to Check What's Listening

If port 3651 is open on a system you're investigating, the answer is almost certainly not XRPC Registry. To find out what actually is:

On Linux or macOS:

# Show which process is listening on port 3651
sudo ss -tlnp | grep 3651

# Or with lsof
sudo lsof -i :3651

On Windows:

# Show listening ports with process IDs
netstat -ano | findstr :3651

# Look up the process by PID
tasklist | findstr <PID>

With nmap (remote scanning):

nmap -sV -p 3651 <target>

The -sV flag asks nmap to probe the service and guess what's actually running, regardless of what IANA says should be there.

Why Unassigned (and Dormant) Ports Matter

The port registry is a coordination mechanism, not a lock. Any process can bind to any unprivileged port on a machine it controls. When port assignments exist but go unused, the space stays technically claimed but practically open — which means legitimate applications sometimes occupy these ports informally, and malware occasionally does too.

A port being "registered" tells you nothing about whether it's in use on a given machine. A port being "unassigned" or "dormant" tells you nothing about whether it's safe to ignore. Check what's actually running.