Registered Ports (1024-49151)

Between the privileged ports reserved for system services and the ephemeral ports grabbed for temporary connections lies a vast middle ground: 48,127 port numbers that run on something stranger than enforcement. They run on agreement.

Registered ports (1024–49151) work because developers collectively decided to respect each other's choices. MySQL claimed 3306. PostgreSQL took 5432. Redis grabbed 6379. Nobody forces you to honor these claims. The Internet won't stop you from running MySQL on port 5432—but you'll confuse anyone expecting a PostgreSQL database there, which is punishment enough.

The Privilege Line

Port 1024 marks a boundary that matters more than its number suggests.

Below it, binding to a port requires root access. This protects critical services—you can't impersonate the SSH daemon on port 22 unless you already control the system. Above it, any user can claim any port. A developer installing PostgreSQL on their laptop can start it on 5432 without sudo prompts or permission dialogs.

This accessibility explains why databases, application servers, and development tools cluster in the registered range. They need standardized ports for recognition, but they also need to run without administrative privileges. The registered range offers both.

Ports That Became Identities

3306 — MySQL

MySQL's port has achieved such ubiquity that connection libraries default to it silently. Developers often omit port numbers entirely from database URLs, trusting that 3306 is assumed. Firewall rules reference it by name. Nobody documented why they chose 3306—it's simply the number that became inseparable from the software.

5432 — PostgreSQL

PostgreSQL registered 5432 with IANA as its default port. Like most port assignments, the specific number carries no special meaning—it was available, they claimed it, and millions of deployments now depend on that arbitrary choice.

6379 — Redis

The Redis port spells MERZ on a telephone keypad—a word coined by the creator, Salvatore Sanfilippo, after watching Italian TV actress Alessia Merz say something he found ridiculous. Among his friends, "MERZ" evolved to mean something like hack value: doing something impressively technical that's also, somehow, pointless. When he needed a port number for Redis, he had no trouble deciding.¹

This arbitrary choice—born from an inside joke rather than committee deliberation—became a universal standard. Backend developers worldwide recognize 6379 instantly, unaware they're honoring a neologism about valuable stupidity.

8080 — HTTP Alternate

When port 80 is already taken, 8080 serves as the obvious alternative. The pattern extends: 8443 for HTTPS when 443 is occupied, 8000 and 8888 for development servers. The 8000-range has become semantically meaningful—seeing traffic on 8080 tells you "web application, probably not production" without checking anything else.

Registration Without Enforcement

IANA maintains a registry of port assignments. You can submit a request with your desired port, your protocol, and a description of your application. They'll check for conflicts and, if available, add your entry to the list.

But the list is advisory. Nothing prevents you from ignoring it. Many widely-used applications never formally registered their ports—they simply documented a default and let adoption do the rest. The registry captures some conventions while others live purely in community knowledge.

This creates a layered system:

• Some ports have IANA registration AND universal adoption (MySQL, PostgreSQL)
• Some have registration but limited recognition (obscure protocols serving niche communities)
• Some have universal adoption without registration (informal conventions in the 8000-range)

The enforcement mechanism isn't technical. It's social. Use a port that conflicts with an established convention and your users will struggle with documentation that assumes different defaults. Your software will clash with existing firewall rules. Your support burden will increase. These consequences, not IANA edicts, maintain the system.

When to Override Defaults

Default ports work until they don't.

Running multiple MySQL instances on one server? The second one needs a different port—13306 is a common choice, preserving the recognizable suffix. Production environments sometimes shift to non-default ports to distinguish them from development in network logs, or to satisfy compliance requirements demanding non-standard configurations.

But overriding defaults has costs. Every tool that assumes the default now needs explicit configuration. Every new team member needs documentation explaining your deviation. Every automated scanner might miss your service.

The calculus: use registered defaults unless you have a specific reason not to, then document the exception clearly.

The Social Contract

Registered ports reveal something true about how technical infrastructure actually works. Not through rigid enforcement or perfect design, but through accumulated agreement. Someone picks a number. Others respect the choice. The choice becomes convention. Convention becomes expectation. Expectation becomes infrastructure.

The 48,127 ports in the registered range represent 48,127 potential agreements. Some are formalized through IANA. Some exist only in documentation. Some live purely in the shared knowledge of developers who learned that 6379 means Redis and 5432 means PostgreSQL.

This system works not because it's elegant, but because the alternative—chaos, conflict, constant reconfiguration—is worse. The registered port range is a negotiated peace, maintained by collective self-interest rather than central authority.

Sources