Port 7 runs the Echo Protocol. Send data to it, and it sends the exact same data back. That is the entire protocol. No transformation, no processing, no interpretation. Pure reflection.
It is the simplest service ever formally standardized for the Internet, defined in RFC 8621, published in May 1983. The specification is a single page long. It might be the shortest RFC ever written.
How Echo Works
The mechanism is almost too simple to explain, but that simplicity is the point.
Over TCP: A server listens on port 7. A client connects. Whatever bytes the client sends, the server sends back, character for character, until the client closes the connection.
Over UDP: A server listens on port 7 for incoming datagrams. When one arrives, the server copies the data payload into a new datagram and sends it back to the sender.
There is no handshake beyond TCP's own. No authentication. No content negotiation. No headers. No metadata. The Echo Protocol has no opinions about what you send it. It just gives it back.
This is the entire specification, as RFC 862 describes it: "A very useful debugging and measurement tool is an echo service. An echo service simply sends back to the originating source any data it receives."1
That is not a summary. That is nearly the whole document.
The Story of Jon Postel's Six Small Protocols
RFC 862 was written by Jon Postel at USC's Information Sciences Institute2. But Echo was not an isolated creation. In May 1983, Postel published six small service protocols in a single burst, RFCs 862 through 867, each assigned a low-numbered well-known port:
| RFC | Port | Protocol | What It Does |
|---|---|---|---|
| 862 | 7 | Echo | Sends back whatever it receives |
| 863 | 9 | Discard | Silently throws away whatever it receives |
| 864 | 19 | Character Generator | Sends an endless stream of characters |
| 865 | 17 | Quote of the Day | Returns a short message |
| 866 | 11 | Active Users | Reports who is logged in |
| 867 | 13 | Daytime | Returns the current date and time |
Together, these six protocols formed a diagnostic toolkit for the early Internet. Each one tested a different aspect of network communication. Echo tested the round trip: can data leave, travel across the network, and return intact? Discard tested whether a host could receive at all. Character Generator tested sustained output. Daytime tested whether the remote clock was sane.
They were the vital signs of a young network. And Echo, port 7, was the heartbeat check.
Who Was Jon Postel?
Jonathan Bruce Postel (1943โ1998) was one of the most consequential figures in the history of the Internet3. He was present at its birth. As a graduate student at UCLA, he worked on the ARPANET starting in December 1969, alongside Vint Cerf and Steve Crocker, implementing the earliest network protocols.
He served as the RFC Editor from the series' inception in April 1969 until his death in October 1998, authoring or co-authoring over 200 RFCs and overseeing the documentation of more than 2,4003. He was the founding director of IANA (the Internet Assigned Numbers Authority), the organization responsible for coordinating the Internet's naming and numbering systems. In the early days, he tracked every assigned address on scraps of paper4.
In 1997, The Economist called him "the god of the Internet."3 The Jonathan B. Postel Service Award, given annually by the Internet Society, was first awarded to Postel himself, posthumously, in 1999.
He is perhaps best known for Postel's Law, the Robustness Principle: "Be conservative in what you send, be liberal in what you accept."5 The Echo Protocol is the purest embodiment of this: it accepts anything at all, and sends back exactly what it received. No judgment. No filtering. No opinion.
The Protocol That Taught a Network to Listen
Before ICMP ping existed as a widely available tool, network administrators used port 7 to answer the most fundamental question in networking: Is the other side there?
You would connect to port 7 on a remote host, type something, and wait. If the same characters came back, the path worked. The network carried your data there and back. Every router, every link, every interface between you and the destination was functioning. If nothing came back, something was broken, and you knew it.
This is diagnostic testing reduced to first principles. No protocol overhead. No interpretation layer. Just the raw question: does the round trip work?
On Unix systems, the Echo service was built into inetd, the Internet superserver daemon. It was one of the default services available on virtually every networked Unix machine6. When a student in 1985 connected to port 7 on a remote university server and saw their own words reflected back, they were witnessing the network prove itself functional in the most elemental way possible.
Security: When Reflection Becomes a Weapon
The same property that makes Echo useful for diagnostics, it reflects everything, makes it dangerous when exposed to an adversarial Internet.
The Fraggle Attack
In the late 1990s, attackers discovered they could weaponize port 7. The Fraggle attack, named after the Jim Henson television show Fraggle Rock, was a UDP-based distributed denial-of-service attack that targeted the Echo service7.
The attack worked like this: an attacker sends a UDP packet to the broadcast address of a network, addressed to port 7, with the source IP address forged to be the victim's address. Every machine on that network with the Echo service enabled responds, sending data to the victim. If the network has 200 hosts, a single forged packet generates 200 responses. The amplification is devastating.
The Echo-Chargen Loop
An even more vicious attack paired port 7 (Echo) with port 19 (Character Generator). CERT documented this in advisory CA-1996-018. An attacker sends a forged UDP packet from port 19 on Host A to port 7 on Host B, with a spoofed source address. Host B echoes the data back to port 19 on Host A. Host A's Character Generator service treats the incoming data as a trigger and sends a stream of characters back to port 7 on Host B. Host B echoes it back. The two machines lock into an infinite loop, generating escalating traffic until one or both crash.
Two of Postel's gentle diagnostic tools, designed to help, turned against each other in a feedback loop of destruction.
The Smurf Attack Connection
The Fraggle attack was the UDP cousin of the Smurf attack9, which used ICMP echo requests (ping) instead of UDP port 7. Dan Moschuk wrote the original Smurf attack tool in 1997. In 1998, a Smurf attack targeting the University of Minnesota caused widespread disruption across the Minnesota Regional Network9.
These attacks are the reason port 7 is disabled on virtually every modern system. The Echo service was too honest, too willing to reflect, and a hostile Internet exploited that openness.
A Second Life: Wake-on-LAN
Port 7 found an unexpected second purpose. The Wake-on-LAN protocol, developed by AMD and Hewlett-Packard in 199510, uses "magic packets" to wake sleeping computers over a network. These magic packets are typically sent as UDP datagrams to port 0, 7, or 9.
Why port 7? Because the magic packet does not need to be parsed by a protocol stack. It just needs to arrive. Port 7 (Echo) and port 9 (Discard) are convenient destinations: low-numbered, well-known, and unlikely to cause trouble if something responds. Many consumer routers use port 7 or port 9 as the default relay port for WoL proxy forwarding10.
So port 7, disabled for its original diagnostic purpose on most systems, quietly persists as the port that wakes machines from sleep. There is something poetic about that: the port that once proved machines were alive now brings them back from the dead.
Port 7 Today
The Echo Protocol is functionally obsolete for its original purpose. Modern diagnostic tools, ICMP ping, traceroute, mtr, application-layer health checks, have replaced it entirely. No production system should have port 7 open. Every major firewall blocks it by default. Every security audit flags it.
And yet.
RFC 862 remains one of the most commonly referenced RFCs in networking education. It is the "hello world" of socket programming. When a textbook needs to teach students how to build a TCP server, it starts with an echo server on port 7. When a developer needs to test a network library, they write an echo server. When someone learns what a protocol even is, the first one they encounter is often the Echo Protocol.
The simplest protocol became the most effective teacher.
Related Ports
| Port | Protocol | Relationship |
|---|---|---|
| 9 | Discard | Echo's silent twin. Port 9 accepts data and throws it away. Where Echo reflects, Discard absorbs. Both were part of Postel's 1983 diagnostic suite. |
| 19 | Character Generator (CHARGEN) | Echo's dangerous partner. The echo-chargen loop attack paired these two protocols in a destructive feedback cycle. |
| 13 | Daytime | Another of Postel's six diagnostic protocols. Returns the current date and time. |
| 17 | Quote of the Day (QOTD) | Returns a short text message. The most whimsical of the diagnostic suite. |
| 11 | Active Users | Reports logged-in users. The most informational of the six. |
Frequently Asked Questions
Was this page helpful?