Port 13 runs the Daytime Protocol. Connect to it, and a server sends you the current date and time as a line of plain text. Then it closes the connection. That is the entire protocol.
No login. No handshake. No binary encoding. You ask what time it is, and the network answers in English.
What Port 13 Does
The Daytime Protocol operates on both TCP and UDP port 13.1 The behavior is almost comically simple:
Over TCP: A server listens on port 13. A client connects. The server immediately sends the current date and time as an ASCII string, ignores anything the client might send, and closes the connection.
Over UDP: A server listens on port 13. When any datagram arrives, the server sends back a datagram containing the current date and time. The contents of the incoming datagram are ignored.
That is the entire protocol. The RFC that defines it is half a page long.
How the Protocol Works
The Daytime Protocol has one mechanism: respond with a string. There is no request format. There is no response format. RFC 867 says only that the response should be "limited to the ASCII printing characters, space, carriage return, and line feed" and that it "should be just one line."1
The RFC offers two example formats, but neither is mandatory:
That is not a typo. The protocol for telling time does not specify how to tell time. Every implementation is free to write the date however it chooses. This was intentional. The Daytime Protocol was a debugging tool, designed for human eyes, not machine parsing. If you needed machine-readable time, Postel pointed you to RFC 868, the Time Protocol on port 37.1
NIST, the U.S. National Institute of Standards and Technology, still operates Daytime servers on port 13 via time.nist.gov. Their implementation returns a structured string with the Modified Julian Date, UTC time, leap second indicators, and server health status:2
This is one of the more elaborate Daytime implementations. Most just sent the date and hung up.
The History
Jon Postel and the Seven Small Protocols
On a single day in May 1983, Jon Postel published seven RFCs in sequence. RFC 862 through RFC 868. Each one defined a small, simple network service:3
| RFC | Port | Protocol | Purpose |
|---|---|---|---|
| 862 | 7 | Echo | Send back whatever you receive |
| 863 | 9 | Discard | Accept and throw away whatever you receive |
| 864 | 19 | Character Generator | Send an endless stream of characters |
| 865 | 17 | Quote of the Day | Send a quote and disconnect |
| 866 | 11 | Active Users | List who is logged in |
| 867 | 13 | Daytime | Send the current date and time |
| 868 | 37 | Time | Send the time as a 32-bit binary number |
These were not toys. On January 1, 1983, the ARPANET had switched from the Network Control Protocol to TCP/IP.4 The Internet, as a TCP/IP network, was four months old. Postel was building the diagnostic toolkit for a network that had just been reborn. Each of these protocols answered a fundamental question an engineer might ask while debugging: "Is anything listening? Can it echo back? What time does the server think it is?"
Port 13 answered the most human of these questions. Not "what is the 32-bit binary representation of seconds since 1900?" That was port 37. Port 13 answered: "What time is it?" in words you could read.
Jon Postel
Jonathan Bruce Postel (1943-1998) was present at the birth of the Internet in almost every way that mattered. He was in the room at UCLA when the first ARPANET node was connected in 1969. He became the editor of the RFC document series from its inception and held that role until his death. He created and ran the Internet Assigned Numbers Authority (IANA), the organization responsible for assigning port numbers, IP addresses, and protocol parameters.5
The port number 13 was assigned by IANA. At the time, IANA was Jon Postel. He assigned port numbers by hand, from a list he maintained personally. The Daytime Protocol runs on port 13 because Jon Postel decided it should.
His robustness principle, from RFC 760, became known as Postel's Law: "Be conservative in what you send, be liberal in what you accept."6 The Daytime Protocol embodies this. The server sends a clean ASCII string. It accepts any input at all, including none, and throws it away.
Why Not NTP?
Port 13 was never meant for precise timekeeping. The Network Time Protocol (NTP) arrived on port 123 in 1985 with RFC 958, offering millisecond-level synchronization through sophisticated clock algorithms.7 The Daytime Protocol offered something different: a line of text a human could read.
Three ports, three approaches to the same question:
- Port 13 (Daytime): Human-readable ASCII string, no defined format
- Port 37 (Time): Machine-readable 32-bit integer, seconds since 1900
- Port 123 (NTP): Full synchronization protocol with drift correction and stratum hierarchy
Port 13 is the only one designed for a person, not a parser.
Implementation
On Unix systems, the Daytime service was traditionally built into inetd, the Internet super-server daemon that appeared in 4.3BSD.8 Rather than running a separate process for every small protocol, inetd listened on all the configured ports and handled the simple ones internally. Echo, discard, chargen, daytime, and time were all built in. When a connection arrived on port 13, inetd itself sent the time string. No child process. No separate binary.
Later, xinetd replaced inetd with better access controls and logging.9 On modern Linux systems using systemd, these small services are not included at all. systemd provides socket activation but does not ship built-in echo, daytime, or chargen servers.10
In all cases, the Daytime service is disabled by default. It has been for decades.
Security
The Daytime Protocol has no authentication, no encryption, and no way to verify that the server you are talking to is who it claims to be.1
Information Disclosure
An open Daytime service reveals the server's system time, timezone, and sometimes operating system details. This information is useful for reconnaissance. It can also enable timing-based attacks against cryptographic protocols that depend on clock accuracy.
UDP Amplification and Loop Attacks
The more serious vulnerability is structural. Because the UDP Daytime service responds to any incoming datagram with a time string, regardless of the source address, it can be used in two types of attacks:
Amplification: An attacker sends a small UDP packet to port 13 with a spoofed source address. The server sends a longer response to the victim. Multiply this across thousands of servers and you have a distributed denial-of-service attack.
Ping-pong loops: An attacker sends a spoofed UDP packet to port 13 on server A, with the source address set to port 7 (echo) on server B. Server A sends the time to server B's echo port. Server B echoes it back to server A's daytime port. Server A responds again. The loop continues indefinitely, consuming bandwidth on both hosts.11 This attack works with any combination of UDP services that respond unconditionally: echo (port 7), chargen (port 19), daytime (port 13), and time (port 37).
A 2024 study by CISPA identified a broader class of "Loop DoS" attacks affecting implementations of UDP-based protocols including Daytime, Echo, Chargen, DNS, NTP, and TFTP.12
The Recommendation
Disable port 13 on every system unless you have a specific, documented reason to keep it running. This has been standard security practice since the 1990s. Every security hardening guide says the same thing: turn off the small services.
Related Ports
| Port | Protocol | Relationship |
|---|---|---|
| 7 | Echo | Postel's 1983 suite. Echoes back input. |
| 9 | Discard | Postel's 1983 suite. Accepts and ignores input. |
| 17 | Quote of the Day | Postel's 1983 suite. Sends a quote. |
| 19 | Character Generator | Postel's 1983 suite. Sends endless characters. |
| 37 | Time | Machine-readable time (binary, 32-bit). |
| 123 | NTP | Modern time synchronization. Millisecond precision. |
Frequently Asked Questions
Was this page helpful?