Port 222: rsh-spx — A Bridge Between Extinct Protocols

Port 222 belongs to the well-known ports range (0-1023), assigned by the Internet Assigned Numbers Authority. It was officially designated for rsh-spx—Berkeley rshd with SPX auth—available on both TCP and UDP.¹

What rsh-spx Was

The service name breaks down into two parts from different computing eras:

Berkeley rshd (remote shell daemon) was part of the Berkeley r-commands suite—a collection of Unix utilities for remote access developed at UC Berkeley in the 1980s. The r-commands (rsh, rlogin, rcp) provided remote shell access, remote login, and remote file copying.

SPX (Sequenced Packet Exchange) was Novell's connection-oriented protocol, part of the IPX/SPX protocol suite used in NetWare networks. It provided reliable, ordered packet delivery—NetWare's answer to TCP.

rsh-spx was the marriage: Berkeley's remote shell daemon modified to use Novell's SPX authentication. Someone built a bridge between Unix remote access and Novell NetWare security.²

Why This Port Exists

In the 1990s, enterprise networks often ran Novell NetWare for file and print services. Unix systems existed alongside NetWare servers. The rsh-spx variant allowed Unix remote shell access while authenticating through NetWare's security infrastructure.

This made sense when NetWare dominated corporate networking and Unix machines needed to integrate with that environment. Port 222 was officially assigned to make this integration standard and predictable.

The Double Obsolescence

Port 222 represents a rare phenomenon: a protocol that depends on two other protocols, both of which died.

Berkeley r-commands are abandoned. They send passwords and data in plaintext. SSH replaced them entirely by the late 1990s. Running rsh today is considered grossly negligent—every credential flies across the network readable by anyone with a packet sniffer.

IPX/SPX is extinct. Novell NetWare peaked in the mid-1990s, then collapsed as TCP/IP and Windows NT took over. By the 2000s, NetWare was effectively dead. IPX/SPX vanished with it.

rsh-spx needed both to function. When both disappeared, the protocol became impossible to use even if you wanted to. Port 222 remains in the IANA registry as a historical marker—a tombstone for a protocol handshake nobody performs.

Unofficial Uses Today

In practice, port 222 occasionally serves as an alternative SSH port. Administrators sometimes run SSH on port 222 instead of the standard port 22 to avoid automated attacks that target the default port.³

This is security through obscurity—it doesn't make SSH more secure, but it reduces noise from port scanners and brute-force bots that only check port 22. It's not a substitute for proper security, but it can reduce log clutter.

Security Considerations

The original rsh-spx service should never be used. Both underlying protocols have severe security flaws:

• Plaintext credentials - rsh sends usernames and passwords without encryption
• No modern authentication - No support for public key authentication or multi-factor auth
• Obsolete protocols - No security updates, no community support, no modern implementation

If you find port 222 listening on a system, determine what's actually running:

# Linux/Unix - check what's listening
sudo lsof -i :222
sudo netstat -tlnp | grep :222

# See which process owns the port
sudo ss -tlnp | grep :222

If it's actually rsh or rshd, disable it immediately. If it's SSH on an alternate port, that's a deliberate configuration choice.

Why Unassigned and Obsolete Ports Matter

Port 222 demonstrates why the IANA registry includes dead protocols: historical continuity. The registry documents what ports were used for, even when those uses have vanished.

This matters because:

• Old systems still exist - Some legacy networks might still have rsh-spx references in ancient configs
• Port conflict prevention - Knowing 222's history prevents accidentally reassigning it to something incompatible
• Archaeological value - The registry is a history of Internet protocols, showing what we built and abandoned

Well-known ports (0-1023) require IETF Review or IESG Approval to assign.⁴ This high bar means assignments are rarely revoked even when protocols die. Port 222 keeps its assignment not because rsh-spx is used, but because it was legitimately assigned and there's no compelling reason to reclaim it.

The Weight It Carries

Port 222 represents a specific moment in computing history: when Unix and Novell NetWare coexisted in enterprise networks, and engineers built bridges between them.

Someone saw the problem—Unix machines that needed remote access in NetWare-authenticated environments—and solved it. They implemented SPX authentication for rshd, requested an official port assignment, and got 222.

Then the world moved on. TCP/IP won. SSH replaced rsh. NetWare disappeared. The bridge remains, but both shores crumbled.

Every obsolete port in the IANA registry tells this story: a problem that mattered intensely when solved, then stopped mattering entirely. Port 222 is a monument to effort that became irrelevant—the particular kind of obsolescence where the problem itself ceased to exist.

Related Ports

• Port 22 - SSH, the secure replacement for all Berkeley r-commands
• Port 514 - rsh (standard Berkeley remote shell)
• Port 512 - rexec (remote execution)
• Port 513 - rlogin (remote login)