Port 155 is registered with IANA as netsc-dev, the development counterpart to port 154's netsc-prod. Both were claimed by Sergio Heker, and both carry the label "NETSC." Almost no traffic flows through either port today. But the story of who registered them, and when, is worth knowing.
What NETSC-DEV Is
NETSC stands for Network Service Center (or Network Services Center, depending on the era's documentation). Port 154 was designated for production use and port 155 for development1. Both operate over TCP and UDP. The registration appears in RFC 1340 (July 1992) and its successor RFC 1700 (October 1994), the "Assigned Numbers" documents that served as the early phone book of the Internet's port system23.
The actual protocol that was intended to run on these ports is not well documented in any surviving RFC or specification. What survives is the registration itself and the name of the person who requested it.
The Person Behind the Port
Sergio Heker is listed as the contact for both port 154 and port 155 in the IANA registry1. In 1985, Heker built the John von Neumann National Supercomputer Network (JvNCnet), one of the regional networks that fed into the original NSFNet backbone4. JvNCnet connected research institutions across the northeastern United States through a ring topology linking Philadelphia, Trenton, Newark, New York City, New Haven, Providence, and Boston via T1 lines5.
This was foundational work. The NSFNet backbone, which JvNCnet helped feed, became the principal Internet backbone by 19886. When the Morris worm hit in November of that year, Heker was one of the people who helped contain it. He later testified before Congress on Internet security4.
In 1992, Heker bought JvNCnet from Princeton University and formed Global Enterprise Services, one of the earliest commercial ISPs7. He went on to found NextGen (cybersecurity services for companies like General Motors) and then GLESEC, which he describes as the world's first outsourced cybersecurity provider4.
Ports 154 and 155 are artifacts from the period when Heker was running JvNCnet, likely reserved for internal network management tools that needed stable, well-known port assignments. Production on 154, development on 155. A clean separation that tells you something about the engineering discipline of the person who requested them.
How the Protocol Works
There is no publicly available specification for the NETSC protocol. Unlike ports with associated RFCs that describe packet formats and state machines, ports 154 and 155 were registered without a published protocol document. This was not unusual for early port assignments. The IANA registry at the time was maintained by Jon Postel, and registration requirements were less formal than they are today under RFC 63358.
What we can infer: the "dev" and "prod" split suggests a client-server tool used for network management or monitoring, where the development instance needed to run alongside production without port conflicts. This pattern was common in the supercomputer center era, where network engineers needed to test changes to management infrastructure without risking production visibility into network health.
Traffic in the Wild
According to Nmap's service frequency data, netsc-dev on TCP port 155 has a scan frequency of 0.000000, meaning it is effectively never seen in TCP port scans. UDP port 155 shows a slightly higher frequency of 0.000659, still vanishingly rare9. For practical purposes, this port is dormant.
No widely known trojan or malware is specifically associated with port 155, though as with any open port, unexpected listeners should be investigated.
Checking What Is Listening on Port 155
On most systems, you can check whether anything is bound to port 155:
If something is listening on port 155 and you did not put it there, investigate. This port sees so little legitimate traffic that any unexpected listener warrants attention.
The Significance of Dormant Ports
Port 155 belongs to the well-known port range (0 through 1023), which means binding to it requires root or administrator privileges on most operating systems8. These ports are assigned through IETF Review or IESG Approval, the most stringent assignment process IANA offers.
Many well-known ports are like port 155: assigned decades ago, tied to services that either never became widely adopted or were used internally at specific institutions. They sit in the registry as historical markers. They are not wasted. They are not meaningless. They tell us that someone, at some point, was building something that needed a stable address on the network.
In this case, that someone helped build the network itself.
Frequently Asked Questions {faq}
Was this page helpful?