Port 126: NXEdit — The Burroughs Mainframe's Window to the World

Port 126 carries NXEdit traffic. If you have never heard of NXEdit, that is expected. This port serves a specific, enduring community: developers who write and maintain software on Unisys ClearPath MCP mainframes, machines whose operating system lineage stretches back to 1961.

What NXEdit Does

NXEdit is the network protocol used by the Unisys Programmer's Workbench for ClearPath MCP.¹ It allows a developer sitting at a Windows PC to edit source files, compile programs, run tasks, and manage projects on a remote MCP mainframe. Think of it as a specialized remote development environment, purpose-built for a platform that most of the computing world has forgotten exists but that still runs critical infrastructure in banking, government, and large enterprise.

The protocol operates on both TCP and UDP port 126. The IANA registry lists it under the service name nxedit, with Don Payette as the registered contact.²

The Name Change

Port 126 was originally registered as "Unisys Unitary Login," a more generic authentication-oriented service name.² Unisys later renamed it to NXEdit to reflect its actual use: the network editing protocol for the Programmer's Workbench. The IANA registry still carries the note that the port was "previously assigned" to the Unitary Login service.

The Machine Behind the Port

To understand port 126, you need to understand what sits on the other end of the connection.

The ClearPath MCP platform descends from the Burroughs B5000, a mainframe introduced in 1961 that was radical for its time.³ While every other manufacturer built machines around assembly language, Burroughs built hardware designed to execute high-level languages directly. The instruction set favored ALGOL, COBOL, and FORTRAN. The operating system, MCP (Master Control Program), was the first commercial OS written entirely in a high-level language.³

MCP was a pioneer in ways the industry would not catch up with for decades: virtual memory, symmetric multiprocessing, and capability-based security were all there in the 1960s.³

In 1986, Burroughs merged with Sperry in a $4.8 billion deal, the largest computer industry acquisition at the time, forming Unisys.⁴ The Burroughs mainframe line continued under the ClearPath brand. Today, ClearPath MCP systems run on Intel x86 hardware using secure partitioning, but they still execute MCP and its stack-based architecture, and developers still connect to them through tools like the Programmer's Workbench over port 126.

Who Still Uses This

Burroughs Large Systems penetrated nearly every major bank, including the Federal Reserve.³ Burroughs built the backbone switching systems for SWIFT, the Society for Worldwide Interbank Financial Telecommunication, and Unisys remains the provider to this day.³ Government agencies, airlines, and large financial institutions still run ClearPath MCP workloads.

Port 126 is not carrying traffic for millions of users. It is carrying traffic for a small number of developers maintaining systems that move serious money and process serious data. The volume is low. The stakes are not.

Security Considerations

Port 126 has been flagged in some threat databases as a port historically used by Trojan malware for communication.⁵ This does not mean NXEdit itself is a security risk. It means that because port 126 sees relatively little legitimate traffic on most networks, malware authors have occasionally used it as a covert channel. If you see unexpected traffic on port 126 and you are not running Unisys ClearPath systems, investigate.

For environments that do use NXEdit, the port should be firewalled to only allow connections from authorized development workstations. There is no reason for port 126 to be open to the general Internet.

How to Check What Is Listening on Port 126

Linux/macOS:

sudo lsof -i :126
sudo ss -tlnp | grep :126

Windows:

netstat -an | findstr :126

If something is listening on port 126 and you are not connected to a Unisys ClearPath MCP system, that warrants investigation.

Related Ports