Port 3493: NUT (Network UPS Tools) — The Port That Keeps Servers Alive

What This Port Does

Port 3493 is the default listening port for upsd, the server component of Network UPS Tools (NUT) — an open-source project that gives computers visibility into the UPS devices they depend on.

When the power fails, a UPS (uninterruptible power supply) buys time. Port 3493 is how the computer finds out it's running on borrowed time, so it can do something about it before the battery runs out.

How NUT Works

NUT follows a three-tier architecture:

1. Device drivers — Low-level processes that talk directly to UPS hardware (via USB, serial port, or SNMP)
2. upsd — The server daemon that exposes UPS status to the network, listening on port 3493/TCP
3. Clients — Tools like upsmon that query upsd, watch for critical battery states, and trigger graceful shutdowns

When upsmon sees the UPS switch to battery power and the charge drop below a threshold, it tells the system to shut down. The filesystem gets flushed cleanly. The data survives. Without NUT (or something like it), the power just stops and the OS doesn't know it's coming.

By default, upsd listens only on localhost:3493. To serve other machines on the network — a common setup where one machine with a directly-attached UPS monitors others — you configure upsd to bind to a network interface and set up client authentication.

Protocol and Port History

NUT's protocol is documented in RFC 9271, published by the IETF in August 2022 as an Informational RFC. The protocol itself is simple and text-based: clients connect, send commands like GET VAR ups battery.charge, and read plain-text responses.¹

The port number has a history. Early versions of NUT used port 3305, inherited from the original codebase. That number conflicted with other services, so in May 2002, IANA formally assigned port 3493/TCP to the NUT project.² UDP support was implemented at one point but dropped in July 2003 — authentication is impossible over UDP, making it a security liability for a system that can trigger server shutdowns.

The Registered Port Range

Port 3493 sits in the registered port range (1024–49151). These ports are registered with IANA but do not require root privileges to bind. Unlike well-known ports (0–1023), which are tightly controlled and require elevated permissions, registered ports are available to any user-level process that claims them.

IANA registration doesn't prevent conflicts — it just records intent. If your system is running something other than NUT on port 3493, that's technically allowed but unexpected.

Security Considerations

NUT's protocol includes authentication via the SET command and username/password configuration in upsd.users. However, the protocol is plaintext — credentials and UPS status travel unencrypted over the wire.

For LAN-only setups where upsd listens on localhost, this is generally acceptable. For anything crossing network boundaries, consider tunneling NUT traffic through SSH or a VPN.

The stakes are real: a client with write access to upsd can trigger an immediate system shutdown. Lock down upsd.users accordingly.

Checking What's on This Port

# See if something is listening on port 3493
ss -tlnp | grep 3493

# Or with netstat (older systems)
netstat -tlnp | grep 3493

# Test connectivity to a remote NUT server
upsc ups@hostname

# List all UPS devices on a local NUT server
upsc -l

If port 3493 is open on a machine and you weren't expecting it, you're probably looking at a NUT installation — possibly set up automatically by a homelab tool like Home Assistant, TrueNAS, or a Proxmox node monitoring a UPS.

Who Uses This

NUT on port 3493 shows up in:

• Homelab setups — Home Assistant has native NUT integration and often auto-configures this port
• TrueNAS / FreeNAS — Built-in NUT support for UPS monitoring
• Proxmox — Can be configured to shut down VMs and the host when UPS battery is low
• Enterprise Linux servers — Any server room with a UPS and sysadmins who care about clean shutdowns