1. Ports
  2. Port 357

Port 357: bhevent — The Protocol That Forgot Itself

Port 357 sits in the well-known ports range (0-1023), officially assigned by IANA to a protocol called "bhevent." The assignment is real. The protocol is not—at least not anymore.

What Lives Here (Officially)

According to the IANA Service Name and Transport Protocol Port Number Registry, port 357 is assigned to:1

  • Service Name: bhevent
  • Transport Protocols: TCP and UDP
  • Assignee: John Kelly (johnk@bellhow.com)
  • Status: Officially registered

That's it. That's all anyone knows.

The Mystery

Someone once built something. They cared enough to register it with IANA. They secured port 357 in the System Ports range—ports that require IETF Review or IESG Approval. This wasn't casual. This was deliberate.

And then the documentation disappeared.

No RFC exists for bhevent. No technical specification. No user manual. The contact email domain (bellhow.com) is gone. The same John Kelly registered several other "bh"-prefixed protocols around the same port range (bhoetty on 351, bhoedap4 on 352, bh611 on 354), all equally undocumented.2

It's possible this was proprietary software from a company whose name is now forgotten. It's possible it was related to Bell & Howell or some derivative thereof. It's possible a dozen people used it for three years in 1997 and then moved on.

What This Port Actually Does Today

Nothing, probably.

Port 357 is assigned but dormant. If you scan it on most systems, you'll find nothing listening. If something is listening on port 357, it's almost certainly not bhevent—it's something else that chose to use an obscure assigned port because it was unlikely to conflict with anything real.

Why Obscure Ports Matter

Port 357 represents something important about how the Internet works: the registry preserves everything, even the forgotten protocols.

IANA doesn't delete port assignments just because the protocol died. The registry is a ledger of intent. Port 357 was claimed. Someone wanted it. That claim remains, even if the protocol doesn't.

This prevents future conflicts. If you create a new protocol today and try to register it on port 357, IANA will say no—that port is taken. Even by a ghost.

The Well-Known Ports Range

Port 357 belongs to the System Ports range (0-1023), also called well-known ports. These are the most restricted ports on the Internet:

  • Assignment Authority: IANA, with IETF Review or IESG Approval
  • Purpose: Core Internet protocols and established services
  • Privilege: On Unix-like systems, only root can bind to these ports
  • Historical Weight: These ports carry the oldest protocols—some from the 1970s

Getting a port in this range meant something in the 1990s. It meant your protocol mattered, or would matter, or at least convinced someone it should.

How to Check What's on Port 357

If you want to see if anything is actually listening on port 357 on your system:

# Check if something is listening on port 357
sudo lsof -i :357

# Or using netstat
sudo netstat -tulpn | grep :357

# Scan a remote host (use responsibly)
nmap -p 357 example.com

Most of the time, you'll find nothing. And that's honest.

Security Note

Some historical security databases flag port 357 as having been used by malware in the past.3 This doesn't mean the port itself is dangerous—it means that at some point, a piece of malicious software chose to use this obscure, unmonitored port for communication.

That's what happens to forgotten ports. They become useful precisely because no one is watching them.

The Honest Truth

Port 357 is a tombstone. It marks something that once existed, left a registry entry, and disappeared without explanation.

The Internet is full of these—protocols that mattered for a moment and then didn't. Services that solved problems we don't remember having. Software that someone wrote, someone deployed, someone depended on, and then everyone forgot.

Port 357 is still there, still assigned, still reserved. Waiting for a protocol that isn't coming back.

That's not sad. That's just what happens when you build things on the Internet. Some of them last forever. Some of them last three years. And some of them leave nothing behind except a line in a registry file that says "bhevent" and an email address that bounces.

Related Ports

Other "bh"-prefixed protocols from the same era:

  • Port 351: bhoetty
  • Port 352: bhoedap4
  • Port 354: bh611
  • Port 358: shrinkwrap

All equally mysterious. All equally forgotten.

Frequently Asked Questions

Previous

Port 375: HASSLE — The Ghost of Scientific Collaboration

Next

Port 369: RPC2 Portmapper — The Coda Filesystem's Directory

Was this page helpful?

😔
🤨
😃
Port 357: bhevent — The Protocol That Forgot Itself • Connected