Port 9 runs the Discard Protocol. You send data to it. The data disappears. That is the entire protocol.
No acknowledgment. No response. No processing. You send bytes into port 9 and they cease to exist. It is the network equivalent of /dev/null, the Unix black hole that has been swallowing unwanted output since the early 1970s. Except this black hole listens on the network, accepting connections from any machine that needs somewhere to throw things.
This sounds useless. It is one of the most useful ideas in the history of networking.
How the Discard Protocol Works
The specification fits on a single page.1 That is not an exaggeration or a simplification. RFC 863 is literally one page long. Here is the entire behavior:
Over TCP: A server listens on port 9. A client connects. The client sends data. The server throws it away. This continues until the client disconnects.
Over UDP: A server listens on port 9. A datagram arrives. The server throws it away.
There is no handshake beyond TCP's own. No application-layer negotiation. No headers, no framing, no content types, no status codes. The server's only job is to accept data and forget it immediately.
This is the purest protocol on the Internet. Every other protocol adds complexity on top of the transport layer. Discard removes it. The protocol's behavior is absence.
Why Nothing Matters
If you want to test whether a network path works, you need something at the other end. Not something complicated. Just something that will accept what you send without complaining, without interpreting, without sending anything back that might confuse your measurements.
The Discard Protocol is that something.
Network engineers in the early 1980s needed to answer simple questions. Can I reach that host? Can I push data through this link? What is my throughput? How many packets am I dropping? These questions require a destination that will absorb whatever you throw at it, cleanly and without side effects.
Port 9 is a test target. A punching bag. A sponge. It exists so that the sender can learn something, even though the receiver learns nothing.
This is the key insight: sometimes the most useful thing a service can do is nothing at all.
The Man Who Numbered the Void
Jon Postel wrote RFC 863 in May 1983 at the Information Sciences Institute at the University of Southern California.1 He published it as part of a suite of seven small protocols, all released the same month:
| RFC | Port | Protocol | Purpose |
|---|---|---|---|
| 862 | 7 | Echo | Send data back to the sender |
| 863 | 9 | Discard | Throw data away |
| 864 | 19 | Chargen | Generate a stream of characters |
| 865 | 17 | QOTD | Return a quote of the day |
| 866 | 11 | Active Users | List who is logged in |
| 867 | 13 | Daytime | Return the current time as text |
| 868 | 37 | Time | Return the current time as a number |
Seven protocols. Seven tools. All designed for debugging, testing, and measurement on the young Internet. Together they form a diagnostic toolkit, each one isolating a different capability. Echo tests round-trip communication. Chargen tests sustained data flow. Daytime tests basic request-response.
And Discard? Discard tests whether you can send at all.
But the lineage goes further back. In March 1972, over a decade before RFC 863, Vint Cerf and Jon Postel at UCLA published RFC 322, calling for a catalog of well-known socket numbers on the ARPANET.2 They wanted to standardize which services lived where. The Discard service was among the first entries proposed. Postel, who called himself the "czar of socket numbers," would go on to maintain the registry of protocol assignments for nearly three decades, first informally and then as the head of IANA, the Internet Assigned Numbers Authority.3
The Economist called Postel "the god of the Internet" in 1997.4 He died the following year, at 55, from complications of heart surgery. His obituary was published as RFC 2468, written by his friend and collaborator Vint Cerf.5 The port assignments he maintained, including port 9, remain in use today, unchanged.
The Bit Bucket
The concept of discarding data predates the Internet. In the days of punch cards, the tiny paper circles punched out of cards had to go somewhere. They fell into a container. That container was the "bit bucket," a term that migrated from physical reality into computing folklore.6
Unix formalized the concept as /dev/null, a special file that accepts all input and produces no output. Reading from it returns nothing. Writing to it succeeds silently. It is the operating system's acknowledgment that sometimes you need a place to put things you do not want.
Port 9 extends this idea across the network. If /dev/null is a local black hole, port 9 is a black hole you can reach from anywhere on the Internet. Same principle, larger reach.
The Jargon File describes the bit bucket as "the universal data sink," the mythical receptacle used to catch bits when they fall off the end of a register during a shift instruction.6 Discarded, lost, or destroyed data is said to have "gone to the bit bucket."
Port 9 is the bit bucket with a network address.
The Port That Wakes the Dead
Here is the strangest twist in port 9's story.
In 1995, AMD and Hewlett-Packard developed a technology called Wake-on-LAN.7 The idea: send a special network packet, called a "magic packet," to a sleeping computer, and its network card will detect the packet and power the machine on. The magic packet contains six bytes of 0xFF followed by the target machine's MAC address repeated sixteen times.
The magic packet needs to be sent somewhere. It does not actually matter where, because the network interface card is not listening on any particular port. It is scanning raw network frames for the magic pattern. The packet just needs to reach the local network.
So where do you send it? You need a UDP port. Preferably one that will not trigger anything unexpected on any machine that happens to be awake and listening.
You need a port that does nothing.
You need port 9.
Wake-on-LAN adopted port 9 as its default destination.7 Routers use it to relay magic packets from the Internet into local networks. The port that was designed to throw everything away became the port that wakes machines from sleep. The void became a doorbell.
This was never planned. Nobody designing the Discard Protocol in 1983 imagined it would be used to wake computers in 2025. But the fact that port 9 was guaranteed to do nothing made it the safest choice for a packet that needed to arrive without side effects.
The best tool for the job was a tool designed to do no job at all.
Security
The Discard Protocol's simplicity limits its attack surface, but does not eliminate it.
Denial of service. An open port 9 accepts everything without pushback. An attacker can flood it with traffic, consuming bandwidth and resources. The server will dutifully absorb the deluge, which is exactly what it was designed to do, and exactly what makes it dangerous when exposed to the open Internet.8
Information leakage. Certain Lucent/Ascend routers running older firmware responded to specially crafted UDP packets on port 9 by leaking device information, including hostnames, MAC addresses, and IP addresses. The Discard Protocol specifies no response, but buggy implementations sometimes produced one.9
Router crashes. The same family of routers could be crashed by sending a malformed packet to UDP port 9. Ascend used port 9 for internal router discovery, and an attacker could craft a packet that triggered a reboot.9
Data tunneling. The Discard Protocol only permits client-to-server traffic. If a security monitor detects server-to-client data on a Discard flow, it indicates a protocol anomaly, possibly an attempt to tunnel data through what should be a one-way channel.8
The recommendation is simple: do not expose port 9 to the Internet. The Discard service is disabled by default on most modern operating systems. On Unix-like systems, it can be enabled through inetd or xinetd, but there is rarely a reason to do so. If you need Wake-on-LAN through port 9, restrict access to your local network.
Related Ports
Port 9 belongs to a family. Understanding its siblings clarifies what makes each one distinct.
Port 7 (Echo) is the mirror to port 9's void. Echo sends back everything it receives. Together, Echo and Discard form a pair: one reflects, one absorbs. Both are diagnostic tools, but they test different things. Echo tests round-trip path integrity. Discard tests outbound path capacity.
Port 1 (TCPMUX) is the first assigned port, the front door of the entire port numbering system.
Port 13 (Daytime) returns the current date and time as human-readable text. Like Discard, it is one of Postel's 1983 diagnostic suite.
Port 19 (Chargen) generates a continuous stream of characters. It is the opposite of Discard in spirit: Discard absorbs everything, Chargen produces endlessly.
Frequently Asked Questions
Was this page helpful?