Port 481: Ph Service — The Internet's First Phonebook

Port 481 carries the Ph protocol—one of the Internet's earliest white pages directory services. Before you could Google someone's name, before LDAP became the standard, universities ran Ph servers on port 481 so people could look up phone numbers and email addresses.

What Ph Does

Ph (short for "phonebook") is a client-server protocol for querying directory databases. You connect to port 481, send simple ASCII commands, and get back information about people: names, phone numbers, email addresses, office locations.

The protocol is remarkably simple. Commands are plaintext. Responses are plaintext. No complex encoding, no binary formats—just ASCII text flowing back and forth on port 481.

Example session:

query name=smith
200:1:Full Name: John Smith
200:1:Email: jsmith@university.edu  
200:1:Phone: 555-1234

That simplicity made Ph work everywhere. Any terminal could be a Ph client. Any programming language could parse the responses.

The Origin Story

In the late 1980s, the University of Illinois at Urbana-Champaign had a problem: thousands of students and staff, and no easy way to find someone's contact information. Steve Dorner, working at the university's Computing and Communications Services Office (CCSO), built a solution.

He created the CCSO Nameserver—a database system with a simple query protocol. The client was called "ph" (phonebook). The server was called "qi" (query interpreter). Together they formed one of the first practical directory services on the Internet.

By the early 1990s, hundreds of universities were running Ph servers. If you needed to find someone at another university, you connected to their Ph server on port 481 and searched their directory.

How It Works

The Ph service has three main components:

Information Model: A flexible field-based system. Each entry has fields like name, email, phone, department. Administrators could define custom fields for their organization's needs.

Client Commands: Simple ASCII commands like query, login, fields, help. No compilation required—you could type commands directly from a telnet session.

Server Responses: Numeric codes followed by data, similar to SMTP or FTP. Code 200 means success, 500 means error. Clients parse the codes to understand what happened.

The protocol supported authentication (plaintext and stronger methods), though many servers allowed anonymous queries for basic information.

The RFC

Roland Hedberg from Umeå University formalized the Ph protocol in RFC 2378, published in September 1998. By that time, Ph had been running in production for nearly a decade.

RFC 2378 documented what was already working: the command language, the response codes, the authentication methods, the recommended core fields. It captured a protocol that had evolved organically through real-world use.

What Happened to Ph

LDAP happened.

The Lightweight Directory Access Protocol, created around 1993 by Tim Howes and colleagues, offered everything Ph did plus standardized schemas, better security, hierarchical organization, and integration with X.500 directory services.

By the early 2000s, universities began replacing their Ph servers with LDAP. Port 389 (LDAP) became the new directory service port. Port 481 slowly went quiet.

Ph worked, but LDAP was designed for the Internet that was coming—not just universities, but enterprises, corporations, massive distributed directories. Ph was built for a smaller, more collegial Internet.

Security Considerations

Ph was designed for openness, not security:

• Plaintext protocol: All queries and responses are unencrypted ASCII
• Weak authentication: While RFC 2378 allowed for stronger authentication methods, many servers accepted plaintext passwords
• Information disclosure: Many Ph servers allowed anonymous queries, exposing directory information to anyone who asked

If you encounter a Ph server today, treat it as you would any unencrypted protocol from the 1990s: assume everything is visible to network observers, and don't send sensitive credentials.

Modern Relevance

Port 481 is largely historical now. A few legacy systems might still run Ph servers, but most universities migrated to LDAP decades ago.

You can still experience Ph through archival projects. GitHub user michael-lazar maintains ccso-nameserver, resurrecting the 1993 implementation of the Qi/Ph server for historical preservation.

Related Ports

• Port 105: The original CSNET NS/CIC Name Server, another early directory protocol¹
• Port 389: LDAP, the protocol that replaced Ph²
• Port 636: LDAPS (LDAP over SSL/TLS)³

Checking What's Listening

To see if anything is listening on port 481:

Linux/Mac:

sudo lsof -i :481
netstat -an | grep 481

Windows:

netstat -an | findstr :481

To test a Ph server (if you find one):

telnet hostname 481
# Then type: help