Port 182: Unisys Audit SITP — A Well-Known Port That Nobody Uses

Port 182 sits in the well-known ports range (0-1023), officially assigned by IANA to a service called "Unisys Audit SITP." The assignment has been in the registry since at least RFC 1700 in 1994.¹ But here's the thing: you will almost never find this port actually being used.

What Was Unisys Audit SITP?

The official assignment lists port 182 for both TCP and UDP as "audit" — specifically for "Unisys Audit SITP," presumably a Security Information Transfer Protocol developed by Unisys Corporation.² The contact person listed in historical RFC documents was Gil Greenbaum. Beyond that, there's very little public documentation about what this protocol was supposed to do or whether it was ever deployed at scale.

This is a pattern you'll see throughout the well-known ports range: companies and organizations reserved port numbers in the 1980s and 1990s for protocols that never achieved widespread adoption. The port number remains assigned, but the service behind it faded into obscurity.

What Range Is This?

Port 182 belongs to the well-known ports range (0-1023). These ports are controlled and assigned by IANA and, on most systems, can only be used by system processes or programs executed by privileged users.³ They require formal IETF or IESG approval for assignment, which is why they're called "System Ports" in IANA's current registry.

Being in this range means port 182 was considered important enough to reserve permanently, back when port numbers were more scarce and carefully guarded. But reservation doesn't mean usage.

Is Anyone Actually Using Port 182?

In practice, port 182 is essentially unassigned. While it has an official designation, you're unlikely to encounter legitimate traffic on this port. Security researchers have noted that port 182 has occasionally been associated with malware in the past,⁴ which is common for obscure ports — attackers sometimes use rarely-monitored ports to avoid detection.

If you see traffic on port 182, it's worth investigating. It could be:

• Malware or unauthorized access attempts
• A misconfigured service
• A custom internal application that happened to choose this port
• Legitimate use of the Unisys Audit SITP service (extremely unlikely)

How to Check What's Listening on Port 182

On Linux or macOS:

# Check if anything is listening on port 182
sudo lsof -i :182

# Or use netstat
sudo netstat -tulpn | grep :182

# Scan the port with nmap
nmap -p 182 localhost

On Windows:

# Check listening ports
netstat -ano | findstr :182

If nothing returns, the port is closed — which is what you'd expect for port 182 on most systems.

Why Unassigned Ports Matter

The existence of ports like 182 tells a story about the Internet's history. In the early days, port assignments were handed out more liberally, often to companies developing proprietary protocols. Many of these protocols never achieved widespread use, leaving behind ghost ports — numbered doors that were never actually built.

These unused well-known ports represent both an opportunity and a risk:

• Opportunity: They could theoretically be reclaimed and reassigned to services that need them, though IANA rarely does this
• Risk: Because they're rarely monitored, they can be attractive to attackers looking for places to hide

The well-known ports range is a finite resource (only 1,024 numbers), and a significant portion of it is occupied by services that no longer exist or never widely deployed. Port 182 is one of those quiet reservations — officially assigned, rarely used, a footnote in the Internet's nervous system.

Related Ports

Port 182 sits among other obscure well-known port assignments:

• Port 181: Unify (another rarely-used assignment)
• Port 183: OCBinder
• Port 184: OCServer

Many ports in the 180s range share this characteristic: officially assigned decades ago, rarely encountered in practice.