Port 518 was the home of ntalk (network talk), a Unix protocol that made terminals into chat rooms. Before Slack, before IRC, before instant messaging existed, Unix users typed talk username@hostname and ntalk opened a split-screen conversation over port 518.
What ntalk Did
Ntalk was the successor to the original talk protocol (port 517). When you wanted to chat with someone on another Unix machine, you'd run:
The ntalk client sent a UDP packet to port 518 on the remote machine. The daemon (ntalkd) running there would notify the recipient—usually by interrupting whatever they were doing with a message like:
If they accepted, both terminals split into two windows. What you typed appeared in your half. What they typed appeared in theirs. Every keystroke transmitted in real-time over UDP. It was immediate, direct, and completely unencrypted.
How It Worked
Ntalk used UDP for everything—the initial request, the negotiation, and the actual chat data.1 This made it fast and low-latency, perfect for the feeling of real-time conversation. But UDP doesn't guarantee delivery or ordering. Packets could arrive out of sequence. Messages could vanish.
The protocol didn't care. The goal was to feel immediate, not to be reliable. If you missed a character, you'd see it in context soon enough.
The split-screen interface meant you could see the other person typing as they typed. Not "Kirk is typing..." but actual characters appearing. You could see them hesitate. Backspace. Correct themselves. It was intimate in a way modern chat isn't.
The Unix Lab Experience
In university computer labs in the 1980s and 1990s, ntalk was how you got someone's attention across the room without shouting. You'd be working on a problem, and suddenly your screen would split and a classmate would ask if you'd figured out the segfault yet.
Some system administrators loved it. Others hated it. You could disable talk requests with mesg n, but that meant missing legitimate conversations. Some labs had unwritten rules about when talk was acceptable. Late night? Fine. During lecture? Rude.
Why Ntalk Died
Security killed ntalk. Everything transmitted in cleartext—usernames, messages, everything readable by anyone on the network.2 The protocol had no authentication. Anyone could claim to be anyone. Buffer overflow vulnerabilities made ntalkd a common attack vector.
By the time encryption became standard, better alternatives existed. IRC gave you multiple channels and persistent chat. ICQ and AIM added presence and contact lists. SSH gave you encrypted remote access. Ntalk solved a problem that no longer existed.
The Well-Known Range
Port 518 sits in the well-known range (0-1023), ports assigned by IANA for standardized services. These ports require root privileges to bind on Unix systems, which gave ntalkd elevated access—useful for notifying users, dangerous when exploited.
Today, port 518 is officially assigned but functionally abandoned. Modern Unix systems don't ship with ntalkd. The protocol exists in RFCs and old documentation, a fossil of how the Internet used to feel.
How to Check Port 518
To see if anything is listening on port 518:
You probably won't find anything. Ntalk belongs to an era when the Internet was small enough that everyone trusted everyone, and chat meant splitting your terminal in half.
Related Ports
- Port 517 — talk (the original version, ntalk's predecessor)
- Port 531 — chat/RPC (another early chat system)
- Port 6667 — IRC (what replaced ntalk for group chat)
Frequently Asked Questions
Was this page helpful?