Port 160 is assigned to SGMP-TRAPS, the trap notification channel for the Simple Gateway Monitoring Protocol. If port 153 was where you asked a gateway how it was doing, port 160 was where the gateway told you something had gone wrong without waiting to be asked.
Today, no traffic flows on port 160. Its successor, SNMP, took over on ports 161 and 162 in 1988. But port 160 holds something worth remembering: it was the Internet's first dedicated alarm bell.
What SGMP-TRAPS Did
SGMP, defined in RFC 10281 in November 1987, was a simple protocol for monitoring Internet gateways (what we now call routers). It ran on UDP and operated in two modes: request/response on port 153, where a management station could query a gateway, and traps on port 160, where a gateway could send unsolicited notifications to a manager.
The trap types were blunt and honest:
- Cold Start — the gateway is reinitializing, and its configuration may have changed
- Warm Start — the gateway is reinitializing, but nothing structural changed
- Link Failure — a communication link has gone down
- Authentication Failure — someone sent an improperly authenticated message
- EGP Neighbor Loss — a routing peer has disappeared
That was it. Five alarm types. No encryption, no guaranteed delivery, no session state. A gateway shouted into the void over UDP and hoped someone was listening on port 160. The protocol's minimalism was intentional: 1980s network equipment had so little memory and processing power that anything more complex would not have fit.
The People Behind the Port
RFC 1028 was written by four people1:
- James Davin (Proteon, Inc.)
- Jeffrey Case (University of Tennessee at Knoxville)
- Mark Fedor (Cornell University)
- Martin Schoffstall (Rensselaer Polytechnic Institute)
These are the same four authors who would go on to write RFC 11572, the specification for the Simple Network Management Protocol (SNMP), which replaced SGMP and became one of the most widely deployed protocols in networking history.
Martin "Marty" Schoffstall's story after SGMP is remarkable. After co-creating the protocol that would become the foundation of network management, he co-founded PSINet in 1989 with William Schrader3. They funded it with personal loans and by selling the family car. PSINet became the world's first commercial Internet service provider, offering connectivity to non-academic customers. One of the people who built the tools to monitor the early Internet also built one of the first companies to sell access to it.
From SGMP to SNMP: Two Doors Down
The transition from SGMP to SNMP is a study in knowing when to start over. The four authors looked at SGMP, recognized its limitations (a fixed set of variables, no extensible data model, no Management Information Base), and rather than patching it, they designed a new protocol from scratch4.
They kept the philosophy: simple, UDP-based, manager-agent model. They kept the architecture: request/response plus unsolicited traps. But they changed enough that backward compatibility was impossible. To avoid confusion, they requested new port assignments. SNMP got port 161 for queries and port 162 for traps.
Port 160 and port 162 do the same conceptual job, separated by one year and one number. Port 160 is the draft; port 162 is the published work.
The Well-Known Range
Port 160 sits in the well-known port range (0–1023), which is managed by IANA through IETF Review or IESG Approval5. On most Unix-like systems, binding to a port in this range requires root privileges. The assignment to SGMP-TRAPS is official and permanent, even though no modern system uses it. IANA does not typically recycle well-known port assignments. Port 160 is a historical marker, preserved in the registry like an inscription on a cornerstone.
Security
SGMP had no encryption. Every management message, including community strings (effectively passwords), traveled in plaintext. The trap messages on port 160 were equally exposed. Anyone on the network path could read them, forge them, or suppress them. This was one of the recognized weaknesses that SNMP aimed to address, though early SNMP versions inherited many of the same problems. True cryptographic security for network management did not arrive until SNMPv3 in 20026.
If you see unexpected traffic on port 160 today, treat it with suspicion. No legitimate modern software uses this port. Any activity here is either a misconfiguration or something worth investigating.
How to Check What Is Listening on Port 160
Linux:
macOS:
Windows:
You should find nothing. If you do, investigate immediately.
Related Ports
| Port | Protocol | Relationship |
|---|---|---|
| 153 | SGMP | SGMP query/response (port 160's companion) |
| 161 | SNMP | SGMP's successor for queries |
| 162 | SNMP Trap | SGMP-TRAPS' direct successor |
Frequently Asked Questions
Was this page helpful?