Port 2018: terminaldb / rellpack — Named, but Silent

What Range This Port Belongs To

Port 2018 is a registered port, sitting in the range 1024–49151. This range is managed by IANA — the Internet Assigned Numbers Authority — and is distinct from the well-known ports (0–1023) that carry the Internet's most fundamental services: HTTP, HTTPS, DNS, SSH.

Registered ports don't require special OS privileges to open. Any application can bind to port 2018 without administrator access. That's by design: this range exists for software that needs a consistent, recognizable port without monopolizing the privileged space below 1024.

What's Officially Here

IANA shows port 2018 as unassigned. The Nmap service database — a separately maintained reference used by the network scanner — lists two names for this port:

• TCP 2018: terminaldb
• UDP 2018: rellpack

These names appear in port lookup databases across the web, but tracing them to any real software, RFC, or organization leads nowhere. No documentation. No source code. No software that announces itself on port 2018 and calls itself terminaldb or rellpack. They are names in a registry with no story attached.

This happens. A service gets registered, a name gets assigned, and then the project stalls, pivots, or quietly disappears. The name remains in databases long after the software stops mattering.

Known Unofficial Uses

Port 2018 has been observed in the wild as an alternate HTTP or application port — a common pattern for development servers, internal tools, and applications that want a round number near the 2000s. It appears in some Docker and container configurations, and occasionally shows up in home automation and IoT software that avoids well-known ports to sidestep conflicts.

None of these uses are standardized. If you see port 2018 open on a machine, it's whatever whoever set it up decided to put there.

How to Check What's Listening

If port 2018 is open on your system or a system you're investigating, these commands will tell you what's using it:

Linux / macOS:

# Using ss (modern, preferred)
ss -tlpn | grep :2018

# Using lsof
lsof -i :2018

# Using netstat
netstat -tlnp | grep 2018

Windows:

# Show PID for the process on port 2018
netstat -ano | findstr :2018

# Then look up the PID
tasklist | findstr <PID>

With Nmap (remote scanning):

nmap -sV -p 2018 <target-ip>

The -sV flag asks Nmap to probe the port and attempt to identify what's actually running — more useful than just knowing the port is open.

Why Unassigned Ports Matter

The registered port range contains 48,128 numbers. Many are claimed. Many of those claims are vestigial — products that never launched, companies that no longer exist, protocols that lost to competitors. Port 2018 is part of this quiet graveyard.

This matters for a few practical reasons:

Security scanning: An open port on an unusual number like 2018 is worth investigating. It might be a forgotten development server, an unauthorized service, or something intentionally obscured by running on a non-standard port.

Firewall rules: "Block everything not explicitly allowed" is the correct posture. Unassigned ports with unclear history are exactly the kind of thing that should be closed unless there's a specific reason to open them.

Port conflicts: If you're building software and need a port, picking an unassigned number like 2018 is reasonable — but understand that "unassigned" doesn't mean "unclaimed in practice." Check what's already running in your environment before assuming a port is free.