Port 2356: Unassigned — A slot in the middle of the registry

Port 2356 has no officially assigned service. IANA's registry — the authoritative source for port assignments — lists nothing for this number.¹

The Range It Lives In

Port 2356 falls in the registered ports range: 1024–49151.

This middle tier is where the port system gets interesting. Well-known ports (0–1023) are reserved for foundational Internet services — HTTP, HTTPS, SSH, DNS. Those require IANA approval and elevated system privileges to bind. Dynamic ports (49152–65535) are handed out temporarily by the OS for outgoing connections.

Registered ports are the in-between: available for any application or service that wants a stable, globally recognized number. You apply to IANA, document your protocol, and if approved, the number is yours. Databases, enterprise software, games, custom protocols — this is where they live.²

48,000 slots. Most of them empty.

Port 2356 is one of the empty ones.

The Ghost Entry

Search secondary port databases and you'll find port 2356 listed as gxtelmd — "GXT License Management." This name floats through database after database, copied forward without verification.

The problem: IANA's Service Name and Transport Protocol Port Number Registry has no record of it.¹ Whatever "gxtelmd" is or was, it never went through the formal registration process. The entry exists in the shadow registry that forms when databases copy each other rather than checking the source.

This is common. Hundreds of ports carry informal names in secondary sources that don't appear in the official registry. Treat them as signals worth investigating, not facts worth trusting.

What Might Actually Be on Port 2356

If you see traffic on port 2356, it's one of a few things:

Custom application traffic. Developers frequently pick arbitrary numbers from the registered range for internal services. If your organization runs something on 2356, someone chose it — and their reason may live only in a comment in code written years ago.

Software using a hardcoded port. License managers, game servers, and enterprise middleware often claim ports in this range without registering them. They just pick a number that seems unlikely to conflict, ship it, and move on.

Malware. Uncommon, but some malware uses ports in the registered range to blend in with legitimate traffic. Seeing unexpected traffic on an unrecognized port is always worth investigating.

How to Check What's Listening

On any Unix-like system:

# Show what's listening on port 2356 (TCP)
ss -tlnp sport = :2356

# Or with lsof
lsof -i TCP:2356

# On macOS
lsof -i :2356

On Windows:

netstat -ano | findstr :2356

The PID in the output maps to a process. Cross-reference it with Task Manager (Windows) or ps aux | grep <PID> (Unix) to identify what's running.

Why Unassigned Ports Matter

The registered port range was designed with a theory: if everyone registered their ports, any engineer could look up what's running where. The registry would be the Rosetta Stone of network traffic.

The theory broke down when vendors stopped registering. The friction of formal submission outweighed the benefits for most applications. So we got a registry full of gaps, secondary databases filling those gaps with unverified data, and network engineers left to discover what's actually running by checking directly.

Port 2356 is one small example of that gap. The number is reserved, in the sense that no one is actively using it for a registered purpose. But reserved doesn't mean safe, and unassigned doesn't mean empty.

When something appears on a port you don't recognize, look directly. The registry can tell you what's official. Only your machine can tell you what's real.