Port 2843: PDnet — A registered ghost

What This Port Is

Port 2843 sits in the registered port range (1024–49151). These ports are assigned by IANA to organizations and developers who request them for specific services. Unlike the well-known ports below 1024, registered ports don't require elevated system privileges to open — any application can bind to them.

IANA lists port 2843 as assigned to PDnet, registered under the name Torsten Scheffler of Technolution SW GmbH, for both TCP and UDP. That's where the trail ends. There is no RFC, no public specification, no software package, no documentation describing what PDnet is or does. The registration exists; the protocol does not appear to.¹

What This Means in Practice

Registered port assignments are permanent unless explicitly revoked, so port 2843 remains "taken" in the registry indefinitely. In practice, this makes no difference. Nothing enforces port assignments. Any application on any machine can open port 2843 for any purpose. The IANA registry is a coordination mechanism, not a lock.

You may encounter port 2843 in the wild as:

• Ephemeral traffic — Operating systems use registered and dynamic ports for outbound connection sources. A packet leaving your machine via port 2843 is probably just your OS picking a temporary port number, not PDnet.
• Custom internal services — Teams sometimes pick obscure registered ports for internal tools precisely because nothing else uses them.
• Scanning noise — Automated scanners probe every port. Seeing traffic on 2843 doesn't mean something is listening.

How to Check What's Using This Port

If you see port 2843 active on a machine you manage:

On Linux/macOS:

ss -tlnp | grep 2843
# or
lsof -i :2843

On Windows:

netstat -ano | findstr :2843
# Then look up the PID in Task Manager

For network-level inspection:

# Capture traffic on this port
tcpdump -i any port 2843

The process name returned by these commands tells you exactly what is actually using the port — which will tell you far more than the IANA registry ever could.

Why Ghost Registrations Exist

The registered port range contains thousands of entries like this one — claims filed for projects that stalled, companies that folded, or protocols that never left a private lab. Deregistration requires someone to actively request it, which abandoned projects don't do.

This is one of the small dysfunctions baked into the port numbering system: the registry grows but rarely shrinks, and the map gradually diverges from the territory. Tools like ss and lsof tell you what's actually happening. The registry tells you what someone intended, once.