Port 1913: armadp — The Reserved Seat

What Range This Port Belongs To

Port 1913 sits in the registered port range (1024-49151), also called "user ports" by IANA. This range is where organizations and developers can formally claim a port number for their service by registering it with IANA.

Registered ports are different from well-known ports (0-1023), which require operating system privileges to bind and carry the protocols the Internet runs on — HTTP, SSH, DNS. Registered ports are for everything else: commercial software, internal tools, niche protocols that needed a stable number to call home.

Anyone can request a registered port. IANA assigns the number, records the contact, and moves on. What happens after that is between the registrant and the world.¹

What "armadp" Is

Port 1913 is registered under the service name armadp, filed by Kevin Welton of ARM Ltd — the company whose processor architecture runs in the majority of the world's mobile devices.

That's where the trail ends.

"armadp" does not appear in any public RFC. There is no specification, no open-source implementation, no Stack Overflow question about it. ARM Ltd registered a port, and whatever they built on top of it — if anything — never surfaced publicly. It may have been a proprietary internal tool, a development prototype, or a protocol that never shipped. The registry entry is the only artifact that remains.²

Unofficially

No unofficial uses are widely observed on port 1913. Some port databases flag it as a historical malware vector — as they do for thousands of ports — but there is no credible documented instance of a specific trojan or attack campaign targeting this port. Treat generic malware warnings about obscure ports with appropriate skepticism.

How to Check What's Listening

If you see traffic on port 1913 on your own system, it's worth investigating. Any process could be using this port — it's unoccupied enough that software sometimes lands here by coincidence.

On Linux or macOS:

# Show what process is listening on port 1913
ss -tlnp sport = :1913

# Or with lsof:
lsof -i :1913

On Windows:

netstat -ano | findstr :1913

The process ID in the output maps to an entry in Task Manager or tasklist. If something is listening here and you don't know what it is, that's worth investigating — not because port 1913 is inherently suspicious, but because unknown listeners always are.

Why Unassigned and Dormant Ports Matter

The IANA registry is not just a list of active protocols. It's a reservation system. When a port is registered — even to a protocol that never ships — it's marked as claimed. Other software is less likely to collide with it.

This matters more than it sounds. In the registered port range, collisions between software are common. Two applications that both want port 8080, both trying to run on the same machine — one of them loses. The registry reduces that chaos, even when the registered protocols themselves go nowhere.

Port 1913 holds its place in the registry. ARM Ltd reserved it. Whatever they intended, the seat remains empty — and reserved.