Port 82 is officially assigned. It has a name: XFER Utility. It has a registrant: Thomas M. Smith of Lockheed Martin. And that is where the public record ends, because the protocol behind port 82 has never been disclosed1.
This makes port 82 one of the strangest entries in the entire IANA Service Name and Transport Protocol Port Number Registry. It occupies the well-known range, ports 0 through 1023, reserved for protocols important enough to require formal approval through IETF Review or IESG Approval2. Every other port in this range comes with an RFC, a specification, a story you can read. Port 82 comes with a name and a locked door.
The XFER Utility Mystery
The IANA registry lists port 82 for both TCP and UDP under the service name xfer, described as "XFER Utility"1. The contact is Thomas M. Smith, associated with Lockheed Martin.
When security researchers have inquired about the protocol, the response has been consistent: XFER employs a proprietary protocol that has not been publicly disclosed3. No RFC exists. No specification has been published. No open-source implementation has surfaced.
The word "XFER" almost certainly abbreviates "transfer," but what it transfers, how, and why remains unknown outside Lockheed Martin. Some in the networking community describe it as "an ancient service now rusting in disuse"4, but without documentation, even that characterization is speculation.
What Actually Runs on Port 82
In practice, port 82 has lived several unofficial lives.
Alternative HTTP
Because port 80 is the standard HTTP port and is often already occupied or filtered by firewalls, administrators sometimes run secondary web servers on nearby ports. Port 82 is a common choice for administrative interfaces, internal tools, or development servers that need to coexist with a production web server on port 803.
Torpark Control
Torpark, a portable privacy browser released by the hacker collective Hacktivismo in 2006, used port 82 for control communications5. Torpark was a modified version of Portable Firefox that routed all traffic through the Tor network, anonymizing users' connections. Its founder, Oxblood Ruffin, described it as continuing "Hacktivismo's commitment to expanding privacy rights on the Internet"6.
Torpark ran from a USB drive with no installation required. Port 82 served as its internal control channel, separate from the Tor relay traffic itself.
Netsky.Y Backdoor
The W32/Netsky.Y worm, which spread through email in 2004, listened on TCP port 82 as a backdoor. Once a machine was infected, the worm monitored port 82 and would save and execute any executable files received on it7. The Netsky family was notable for its rivalry with the Bagle worm family. Netsky variants contained insults directed at Bagle's authors and actively tried to remove Bagle infections from compromised machines.
The Well-Known Range
Port 82 sits in the well-known port range (0-1023). These ports are controlled by IANA and require formal review before assignment2. The significance of this range is practical: on Unix-like systems, binding to a port below 1024 traditionally requires root privileges. This restriction exists because these ports were intended for trusted, system-level services.
Port 82's neighbors tell you about the era in which these assignments were made:
| Port | Service | Status |
|---|---|---|
| 80 | HTTP | The web |
| 81 | Unassigned | Empty |
| 82 | XFER Utility | Proprietary, undocumented |
| 83 | MIT ML Device | Academic computing |
| 84 | Common Trace Facility | Diagnostics |
Security Considerations
Because port 82 has no widely deployed legitimate service, an open port 82 on a network scan should be treated with suspicion. Its history as a Netsky.Y backdoor means security scanners often flag it3.
If you find port 82 open on a system, investigate immediately. It could be an alternative web server, a legacy application, or something that should not be there.
How to Check What Is Listening on Port 82
Linux/macOS:
Windows:
Network scan:
The -sV flag tells nmap to probe the service and identify what is actually running, not just whether the port is open.
Why Unassigned and Proprietary Ports Matter
Port 82 occupies an unusual position: it is assigned but functionally unassigned to the public Internet. No open protocol uses it. No RFC describes it. Yet it sits in the most privileged range of the port space, consuming one of only 1,024 well-known port numbers.
The Internet's port system works because of shared agreement. Port 80 means HTTP. Port 443 means HTTPS. Port 22 means SSH. These assignments are public contracts. Port 82 is a private contract in a public registry, a reminder that even the Internet's addressing system carries artifacts of institutions that operate by different rules.
Frequently Asked Questions
Was this page helpful?