Port 2679: Sync Server SSL — A Registered Ghost

What Port 2679 Is

Port 2679 sits in the registered ports range — the block from 1024 to 49151, where applications and services claim specific numbers by filing with IANA. Unlike the well-known ports below 1024, registered ports don't require root privileges to open. Unlike the ephemeral ports above 49151, they're meant to be stable, named addresses that clients can find reliably.

Port 2679 is registered. Its name is syncserverssl — the SSL-encrypted synchronization service for a product lifecycle management (PLM) platform built by a company called MatrixOne.

The Company Behind It

MatrixOne was a Massachusetts-based PLM software company — the kind of software that helps manufacturers track every version of every part across complex supply chains. It registered port 2679 for encrypted synchronization traffic between its server components.

In 2006, Dassault Systèmes acquired MatrixOne for $408 million.¹ The software was absorbed into the 3DEXPERIENCE platform. The matrixone.com email address on the IANA registration no longer routes to an active company. The port remains registered in the IANA database with Shawn Casey listed as the contact — a record frozen in the mid-2000s.²

What This Means in Practice

Almost certainly nothing is running on port 2679 on your machine or network. If something is listening here, it warrants investigation — the port has no active community of legitimate users, which makes unexpected activity suspicious.

The IANA registration creates no obligation and enforces nothing. It's a claim, not a lock. Any software can use port 2679 for anything; the registry just documents who asked for it first.

Checking What's Listening

To see if anything is using port 2679 on your system:

macOS / Linux:

# Show the process listening on port 2679 (TCP)
sudo lsof -i TCP:2679

# Or with ss (Linux)
ss -tlnp | grep 2679

Windows:

netstat -ano | findstr :2679

If these return nothing, nothing is listening. If they return something unexpected, check the process ID against your running processes.

Why Ghost Ports Matter

The registered ports range has thousands of entries like this — services registered by companies that were acquired, pivoted, or went dark. They create a useful map of computing history: the 2000s PLM ecosystem, early enterprise SSL, the wave of acquisitions that consolidated the software industry.

They also matter practically. Security scanners treat any traffic on a registered port as potentially meaningful. If you see port 2679 in firewall logs or a network scan, someone is either running old MatrixOne software (unlikely) or using an obscure port precisely because it's unlikely to be monitored (worth noting).

Unmonitored territory on the port map is useful territory for anyone who wants to blend in.