Port 1885: vrtstrapserver — Veritas's Quiet Alarm System

What Port 1885 Does

Port 1885 is registered with IANA to vrtstrapserver — the Veritas Trap Server. It operates on both TCP and UDP.

If you've never heard of it, you're in good company. This port exists inside enterprise data centers running Veritas NetBackup or Veritas Cluster Server, where it receives SNMP trap notifications — automated alerts that fire when something goes wrong with a backup job, a storage device, or a monitored system.

Think of it as an alarm receiver. When a Veritas-managed system detects a problem, it sends a trap (a one-way SNMP alert) to the trap server listening on this port. The server collects those alarms and routes them to whatever monitoring system the organization has configured.

The Registered Ports Range

Port 1885 lives in the registered ports range (1024–49151), which IANA maintains as a registry of vendor and protocol assignments. Unlike the well-known ports below 1024 — which carry the Internet's fundamental protocols and require root privileges to bind — registered ports are first-come, first-served claims by software vendors and standards bodies.

Veritas registered this port for their trap server. That registration means the port number is officially theirs, but it carries no requirement that the software be installed anywhere. Most machines on the Internet have never heard of port 1885.

Who Encounters This Port

You'll see port 1885 active only in environments running Veritas enterprise products — large organizations where Veritas NetBackup manages tape libraries, disk backups, and disaster recovery. These tend to be banks, hospitals, government agencies, and corporations with enough data that backup failures are serious events requiring immediate alerting.

Outside those environments, port 1885 sits silent. No traffic flows through it. No connection attempts reach it. It's registered but invisible.

How to Check What's Listening on This Port

If you see activity on port 1885 and want to know what's using it:

Linux/macOS:

# Show what process is listening on port 1885
ss -tlnp | grep 1885

# Or with lsof
lsof -i :1885

Windows:

netstat -ano | findstr "1885"

The PID from netstat can then be matched to a process name in Task Manager.

If something is listening here on a machine that doesn't run Veritas software, investigate. Malware occasionally binds to obscure registered ports precisely because they're unfamiliar enough to slip past casual inspection.

Why Unoccupied Registered Ports Matter

Most of the registered port range is like port 1885 — technically claimed, functionally quiet on any given machine. This is by design. The registry exists so that when Veritas does deploy their software, port 1885 is theirs and unlikely to conflict with something else.

The alternative — every vendor picking arbitrary ports without coordination — produces chaos: two applications fighting over the same port, firewall rules that have to account for random numbers, and administrators who can't tell legitimate traffic from intrusion by looking at port numbers alone.

A quiet registered port is doing its job. It's holding a reservation.

• IANA Service Name and Transport Protocol Port Number Registry
• SpeedGuide: Port 1885
• Veritas NetBackup SNMP Trap Reference Guide
• HPE Community: Ports used by Veritas admin tools