Port 3047: hlserver — The Dongle License Server You Didn't Know You Had

What This Port Does

Port 3047 is registered with IANA under the service name hlserver, assigned to the Fast Security HL Server — the network license management component of the HASP HL (Hardware Against Software Piracy, Hardware Lock) system.¹

HASP HL is a hardware dongle platform originally developed by Aladdin Knowledge Systems, later acquired by SafeNet, and now maintained by Thales Group under the Sentinel product line.² The physical dongle — a small USB device — contains a cryptographic key that software uses to verify it's licensed. In networked deployments, the dongle lives on a server, and hlserver listens on port 3047 to serve license tokens to client machines across the network.

If software protected by HASP HL is installed in your organization, hlserver may be running without anyone on your team having explicitly configured it.

What Range This Port Belongs To

Port 3047 sits in the registered ports range (1024–49151). These ports are assigned by IANA upon application from software vendors. Unlike the well-known ports below 1024, registered ports don't require root or administrator privileges to open — any user-level process can bind to them.

IANA registration means the assignment is official and tracked, but it doesn't mean the service is common. Thousands of registered ports belong to software used by small industries, specific enterprise vendors, or products that no longer exist in any meaningful form.

Who Uses It

HASP HL-protected software spans engineering simulation tools, legal research platforms, scientific software, and CAD applications. When deployed in a networked environment — where multiple workstations share a single physical dongle — hlserver coordinates license checkout and return over port 3047.³

The typical setup: one machine holds the USB dongle, hlserver runs on that machine, and client software checks out a license token before launching. No token available means no launch.

Security Considerations

The SANS Internet Storm Center shows consistent scanning activity targeting port 3047.⁴ This is routine background noise for any port, but it's worth noting:

• If hlserver is running and exposed to the Internet, restrict it with a firewall to internal networks only
• License servers have no business being reachable from the public Internet
• If you see port 3047 open and don't recognize why, investigate before assuming it's benign

How to Check What's Listening

macOS / Linux:

sudo lsof -i :3047
# or
sudo ss -tlnp | grep 3047

Windows (Command Prompt, as Administrator):

netstat -ano | findstr :3047
tasklist | findstr <PID>

Replace <PID> with the process ID from the netstat output. If the process is hasplms.exe or hlserver, you've confirmed it's the HASP license manager.

Why Unassigned-Looking Ports Matter

Port 3047's story is common in the registered range: a real registration for specialized software, installed silently by applications, running persistently in the background, rarely visible unless you look. Tens of thousands of ports in the registered range follow this pattern — legitimately claimed, seldom recognized.

This is why port scanning your own network periodically matters. Not every open port is hostile. But every open port deserves to be known.

Related Ports

• Port 1947 — Sentinel HASP License Manager (the more commonly known HASP service port)⁵
• Port 475 — tcpnethaspsrv, an older HASP network license service