Port 221 is assigned to fln-spx, officially described as "Berkeley rlogind with SPX auth."1 This is a historical service that married two networking paradigms: Unix's Berkeley r-commands and Novell NetWare's SPX protocol. It represents a moment in computing history when different systems had to find common ground.
What is fln-spx?
The service name fln-spx refers to Berkeley's rlogind (remote login daemon) modified to use SPX (Sequenced Packet Exchange) authentication.2 rlogind was part of the Berkeley r-commands suite—tools that allowed Unix users to log into remote systems, execute commands, and copy files across networks.
SPX was the transport-layer protocol in Novell's IPX/SPX networking stack, widely used in NetWare networks throughout the 1980s and 1990s.3 When Unix workstations and NetWare servers shared the same physical networks, someone had to build bridges between them. Port 221's fln-spx service was one such bridge.
Why It Existed
In the late 1980s and early 1990s, enterprise networks were heterogeneous battlegrounds. Unix workstations ran Berkeley r-commands. NetWare servers dominated file and print services. Neither spoke the other's language natively.
The fln-spx service solved this: it allowed Unix remote login to authenticate through NetWare's SPX protocol. A Unix administrator could log into a remote system that used NetWare authentication without switching tools or protocols. Port 221 (and its sibling, port 222 for rsh-spx) represented interoperability engineering at a time when vendors rarely cooperated.
Why It Disappeared
Both halves of this marriage became obsolete:
Berkeley r-commands were inherently insecure. They transmitted passwords in plaintext. They relied on IP address-based authentication, easily spoofed. By the mid-1990s, SSH (Secure Shell) replaced them entirely.4
IPX/SPX lost the protocol wars to TCP/IP. As the Internet grew, TCP/IP became the universal standard. Novell eventually added TCP/IP support to NetWare and phased out IPX/SPX. The protocol stack that SPX depended on vanished.
Port 221's fln-spx service died because both technologies it bridged were abandoned. The problem it solved ceased to exist.
Current Status
Port 221 remains assigned in the IANA registry but sees virtually no legitimate use today.5 You will not find fln-spx running on modern systems. If you see traffic on port 221, it's either:
- A legacy system that nobody has updated in decades
- Custom software repurposing an unused port
- Malicious activity exploiting an obscure port number
The port exists in the registry as a historical marker, nothing more.
How to Check What's on Port 221
If you need to see what's listening on port 221 on your system:
On Linux or macOS:
On Windows:
If something is listening, investigate it. Legitimate services don't use port 221 anymore.
Why Unassigned Ports Matter
Port 221 is technically assigned, but functionally unassigned—the service it was designed for is extinct. These "ghost ports" matter because they show how the Internet evolved. They mark the boundaries of old network protocols, the rise and fall of vendors, the security lessons learned through painful experience.
Every assigned port tells a story. Port 221's story is about interoperability in a fragmented landscape, and about how both sides of a bridge can crumble while the bridge itself remains on the map.
Related Ports
- Port 222 — rsh-spx (Berkeley rshd with SPX auth, the remote shell counterpart)
- Port 513 — rlogin (standard Berkeley remote login without SPX)
- Port 514 — rsh (standard Berkeley remote shell)
- Port 22 — SSH (the secure replacement for all Berkeley r-commands)
Frequently Asked Questions
Was this page helpful?