Port 286 has an official assignment, but almost no one uses it for its intended purpose. It's assigned to FXP (File eXchange Protocol), a file transfer protocol that was supposed to work like FTP but never gained traction.1 The protocol exists in the IANA registry, but you'll be hard-pressed to find modern software that actually implements it.
What Is FXP?
FXP is a file transfer protocol designed for client-server file exchange between hosts and remote systems.2 It was intended to offer features similar to FTP—uploading and downloading files, presumably with some improvements or specific use cases in mind.
The problem is that FTP won and FXP didn't. The protocol specification is so obscure that even finding documentation about it is difficult. It's registered, it's official, but it's essentially abandoned.
The Well-Known Port Range
Port 286 sits in the well-known port range (0-1023), which means it required IETF approval to be assigned.3 These ports are supposed to be reserved for established, important services—the foundational protocols of the Internet.
Port 286 technically qualifies. It has an official assignment. But unlike its neighbors (SMTP at 25, HTTP at 80, HTTPS at 443), nothing actually uses it anymore.
When Empty Houses Attract Attention
Here's what makes port 286 interesting: it has legitimacy without activity. Security databases have flagged this port as being used by trojans and malware in the past.4 This doesn't mean port 286 is dangerous—it means that malware authors noticed an officially assigned port that nobody was watching.
If you see traffic on port 286, it's worth investigating. It could be a legacy application running an ancient file transfer protocol, but it's more likely to be something that shouldn't be there.
Checking What's Listening
To see if anything is listening on port 286, use these commands:
Linux/macOS with netstat:
Linux/macOS with lsof:
Windows:
If these commands return nothing, the port is free.5 If something appears, investigate what process is using it and why.
Why Unassigned and Forgotten Ports Matter
The Internet has 65,535 port numbers. Many are officially assigned to protocols that never took off or have been replaced by better alternatives. These forgotten assignments create a strange landscape—ports with formal designations that nobody uses.
They matter because malware uses them. An attacker can run traffic on an officially assigned port and blend in with legitimate network activity. Port 286 isn't inherently suspicious—it has a real assignment—which makes it useful cover.
The lesson: Official assignment doesn't mean active use. And inactive legitimacy is sometimes exactly what something illegitimate needs.
Was this page helpful?