Port 3693: EASL — The Building Lockdown Port Almost No One Runs

What Port 3693 Is

Port 3693 sits in the registered port range (1024–49151). These ports are assigned by IANA to specific services upon request — they're not universally reserved like the well-known ports below 1024, but they're not up for grabs either. Something, at least on paper, owns them.

In the case of 3693, that something is EASL: the Emergency Automatic Structure Lockdown System, registered in November 2014 by Mele Associates.¹

The Registered Service: EASL

Mele Associates is a US government contractor specializing in national security, CBRNE defense (Chemical, Biological, Radiological, Nuclear, and Explosive), and emergency response. EASL appears to be a proprietary protocol for automated building lockdown systems — the kind that would trigger door locks, alerts, and access controls during an active emergency.

The registration covers TCP on port 3693. UDP is marked as reserved by the same assignee, meaning the space is held but not actively defined.

There's a wrinkle in the history: this port was previously removed from the IANA registry on April 5, 2007. Someone had claimed it before, the claim lapsed, and then Mele Associates registered it again seven years later. What ran on 3693 between those dates — or why the original registration was dropped — isn't recorded.¹

What This Means in Practice

EASL is a niche, likely proprietary protocol used by specific government facilities and contractors. You will not encounter it on a typical network. If you find port 3693 open on a system you administer, it is almost certainly not EASL.

More likely candidates:

• A development server that picked an arbitrary port
• Custom application software using the port opportunistically
• A misconfigured or unknown process

How to Check What's Listening

On Linux or macOS:

# Show what process is listening on port 3693
sudo ss -tlnp | grep 3693

# Or with lsof
sudo lsof -i :3693

On Windows:

# Show listening ports with process IDs
netstat -ano | findstr :3693

# Then look up the process by PID
tasklist | findstr <PID>

Cross-platform with nmap (from another machine):

nmap -sV -p 3693 <target-ip>

The -sV flag asks nmap to probe the port and identify the running service — which will tell you what's actually there, not just whether it's open.

Why Obscure Registered Ports Matter

The registered port range exists so services can claim a permanent home. Without it, two applications wanting to communicate would have to negotiate ports out of band, or guess. Registration creates a public record: if you build something that others will connect to, you register a port so the world can find you.

But the registry is not a guarantee of activity. Thousands of registered ports have one obscure registrant and essentially zero real-world deployments. Port 3693 is probably one of them — formally claimed, rarely (if ever) actually running in the wild.

The practical takeaway: a registered port is not a well-known port. Don't assume you know what's on it just because a database has an entry.