What port 2565 is
Port 2565 sits in the registered ports range (1024-49151). IANA records it under the name "Coordinator Server," assigned for both TCP and UDP. No widely deployed protocol or commercial product has ever made that name mean anything in practice.1
The registered range is where software vendors claim port numbers for their applications. Unlike the well-known ports below 1024, no elevated privilege is required to open a registered port, and IANA registration is largely nominal. Thousands of registered ports go unclaimed in any real sense.
The Striker trojan
The most documented use of port 2565 is not a legitimate service. The Striker trojan, a Remote Access Trojan (RAT) targeting Windows 95, 98, and NT systems in the late 1990s, used this port as its command-and-control channel.2
Striker was primitive even by the standards of its era. Security researchers described it as a tool that "mostly just crashes Windows." It is not an active threat today, those operating systems are long obsolete, but the association remains in historical malware databases.
If you see port 2565 open on a modern system, it is almost certainly a legitimate application that chose an uncrowded port, not a decades-old trojan. But it is worth knowing what is listening.
How to check what is using this port
On Linux or macOS:
On Windows:
The process ID in the output maps to a running application. On Windows, open Task Manager and look up the PID under the Details tab. On Linux, lsof will print the process name directly.
Why unassigned ports matter
The port system only works because most ports are empty most of the time. When a packet arrives, your operating system needs to route it to the right process. Unassigned ports are the breathing room in that system. They let new applications claim addresses without colliding with established protocols.
Port 2565 is one of thousands in this quiet middle range: officially registered, practically unclaimed, waiting for traffic that almost never comes.
Questa pagina è stata utile?