Port 2328: Netrix SFTM — A reservation nobody claimed

Port 2328 sits in an odd position: officially claimed, practically empty.

IANA registered it for Netrix SFTM (Software File Transfer Manager), a product attributed to a registrant named Garrett Herschleb. The registration covers both TCP and UDP. Beyond that, the record goes cold. No documentation. No RFC. No product that left a trace on the public Internet.¹

The registered ports range

Port 2328 lives in the registered ports range: 1024 through 49151.

The three ranges work like this:

• 0-1023 — Well-known ports. Reserved for foundational Internet services: HTTP (80), HTTPS (443), SSH (22). Assigning something here requires IANA approval and strong justification.
• 1024-49151 — Registered ports. Applications and vendors can claim a number here. IANA maintains the registry, but enforcement is light. If your application uses a registered port it doesn't own, nothing technically stops it.
• 49152-65535 — Dynamic/ephemeral ports. No registration. Your OS grabs numbers from this range when your browser opens a connection to a server — the temporary "return address" for outbound traffic.

Registered ports were designed to give software a stable, predictable home — so that firewalls could be configured, documentation could point somewhere consistent, and two applications wouldn't accidentally collide. The system works well for actively maintained software. For abandoned registrations, it mostly creates ghost entries in the registry.

What's actually listening on port 2328

Almost certainly nothing intended. If you scan a machine and find something on port 2328, it's worth investigating — not because Netrix SFTM poses any threat, but because the port has no legitimate modern use. Something listening here is either:

• A custom internal application that picked this number informally
• A misconfigured or unusual service
• Historically: some sources flag this port as having been used by malware in the past, though no confirmed active threat is associated with it today²

How to check what's listening

On Linux or macOS:

ss -tlnp | grep 2328
# or
lsof -i :2328

On Windows:

netstat -ano | findstr :2328

If something appears, the process ID in the output will tell you what's running. On Linux/macOS, lsof shows the process name directly.

Why these ghost registrations exist

Port registrations don't expire. IANA has no mechanism to reclaim a port from a defunct company or abandoned product. Once assigned, a port number stays in the registry indefinitely.

This is mostly harmless. With 65,535 ports available and only a fraction actively used, the system isn't running short. But it does mean the registry contains hundreds of entries like this one — names attached to software that no longer exists, contact information that no longer works, and numbers that have been, in practice, returned to the commons.

Port 2328 is unoccupied. If your application needs a port and you're not going through formal IANA registration, you might use it. You might find someone else already did.