1. Ports
  2. Port 449

Port 449: AS Server Mapper — The Directory Service

Port 449 is officially assigned to AS Server Mapper (as-servermap), a service used by IBM i systems (formerly AS/400, iSeries, System i). It doesn't carry your actual data. Instead, it answers a single question: "Which port is this service on?"

What It Does

The AS Server Mapper is a port lookup service. When a client connects to an IBM i system, it asks port 449: "Where's the database server?" or "Where's the file transfer service?" Port 449 responds with the actual port number, and then the client connects there.1

This exists because IBM i systems allow administrators to configure services on non-standard ports. Rather than hardcode port numbers into every client application, the client asks port 449 first. It's a directory service for ports.

How It Works

  1. Client connects to port 449 on the IBM i host
  2. Client sends a service name (e.g., "database", "file", "signon")
  3. Port 449 responds with the current port number for that service
  4. Client disconnects from 449 and connects to the actual service port
  5. The real work happens on the service port, not on 449

Port 449 itself is unencrypted and transmits no actual data—just port numbers.2 It's a lookup table over TCP/IP.

Why This Exists

IBM i evolved from the AS/400, a midrange computer system introduced in 1988. These systems were designed for flexibility and central administration. Instead of forcing every client to know that "database is always on port 8471," administrators could change port assignments and clients would discover them automatically through port 449.

This was elegant in 1988. Today it's a mandatory step that every IBM i Access Client Solutions connection must perform before doing actual work.3

The Well-Known Range

Port 449 sits in the well-known port range (0-1023), which requires IETF Review or IESG Approval for assignment.4 This is the reserved section of the port space, originally intended for services so fundamental that clients needed to know their addresses without asking.

The irony: port 449 is a well-known port whose entire purpose is to tell you the port numbers that aren't well-known.

Security Considerations

Port 449 is unencrypted and reveals which services are running on which ports to anyone who asks.2 This is service enumeration by design. If an attacker can reach port 449, they can map every active service on the IBM i system.

Many organizations block port 449 at the firewall and configure clients to use standard port assignments instead, avoiding the port mapper entirely.5

Checking What's Listening

To see if port 449 is active on a system:

# Check if port 449 is listening
sudo lsof -i :449

# Or with netstat
netstat -an | grep :449

# Test connection to a remote host
telnet hostname 449
nc -v hostname 449

On IBM i systems, this port is managed by the host server infrastructure and starts automatically when TCP/IP services are active.

Related Ports

  • Port 23 (Telnet) - Another well-known port for IBM i remote access
  • Port 8470-8477 - Common default ports for IBM i host servers (database, file, signon, etc.)
  • Port 111 (RPCbind) - Similar port mapper concept used by Sun RPC/NFS

Frequently Asked Questions

Previous

Port 441: decvms-sysmgt — A Ghost from Digital's Empire

Next

Port 435: MobilIP-MN — The Roaming Protocol

Was this page helpful?

😔
🤨
😃