1. Ports
  2. Port 335

Port 335: Unassigned — An Empty Room in the Well-Known Range

Port 335 (TCP/UDP) has no official service assignment from IANA. It belongs to the well-known port range (0-1023), but unlike ports 22 (SSH) or 443 (HTTPS), no protocol was ever assigned to it. It's an empty room in the Internet's architecture.

What Well-Known Ports Are

The well-known port range (0-1023) is reserved for system services—protocols important enough that IANA assigns them permanent addresses. Getting a well-known port requires IETF Review or IESG Approval, formal processes that evaluate whether a protocol deserves a permanent place in the Internet's namespace.1

Port 335 is in this range but remains unassigned. No one ever requested it. No protocol ever needed it.

The Unassigned Range

According to IANA's registry, ports 334-343 are documented as "Unassigned."2 These aren't reserved for future use—they're simply available. Anyone could apply for them, but no one has.

In the well-known range, unassigned ports are relatively rare. Most were claimed decades ago by protocols that are now either fundamental to the Internet or long forgotten. Port 335 is one of the gaps.

What Actually Uses Port 335

Nothing legitimate should be listening on port 335. But that's exactly why malware sometimes uses it.

Security researchers have documented port 335 being used by the Nautical trojan (also called W32.HLLW.Nautic), a malware variant that communicates over unassigned ports precisely because they're unexpected.2 When malware listens on port 80 or 443, it blends in with normal web traffic. When it listens on port 335, it's betting no one is watching.

If you see activity on port 335, it's worth investigating. There's no legitimate reason for traffic there.

How to Check What's Listening on Port 335

On Linux or macOS:

# Using netstat
sudo netstat -tulpn | grep :335

# Using lsof
sudo lsof -i :335 -P -n

# Using ss (modern alternative)
sudo ss -tulpn | grep :335

On Windows:

netstat -ano | findstr :335

These commands show you if any process is listening on port 335, and if so, what it is.3

Why Unassigned Ports Matter

The Internet's port system works because of scarcity and structure. Well-known ports are valuable because they're limited. When you connect to port 443, you know what to expect: HTTPS. The protocol is defined in an RFC. Implementations are tested. Security researchers have studied it for decades.

Port 335 has none of that. It's undefined space. If something is listening there, you have no idea what it does or why it's there. That ambiguity is useful for malware and dangerous for network security.

Unassigned ports remind us that the Internet is not a finished system. It's a namespace with gaps—some intentional, some simply overlooked. Port 335 is one of those gaps.

Related Ports

  • Ports 334-343 — The entire range is unassigned
  • Port 1 — Often unassigned or used for internal purposes
  • Ports 49152-65535 — The dynamic/ephemeral range, where temporary connections live

Frequently Asked Questions

Previous

Port 343: Unassigned — The Empty Space Between Protocols

Next

Port 329: Unassigned — A Door Without a Service

Was this page helpful?

😔
🤨
😃
Port 335: Unassigned — An Empty Room in the Well-Known Range • Connected