Port 2371 sits in the registered port range (1024–49151). These ports are the middle tier of the port numbering system — above the well-known ports (0–1023) that require IANA assignment and root privileges, but below the ephemeral range (49152–65535) that operating systems hand out freely for outbound connections.
The registered range is governed by IANA, which maintains the Service Name and Transport Protocol Port Number Registry. Applications that want to use a registered port reliably — without conflicting with other software — are supposed to apply for registration. Many do. Port 2371 did not.1
The Unofficial Occupant
Despite having no IANA registration, port 2371 has an observed real-world use: Symantec Endpoint Protection Manager (SEPM) uses it for communication between the management server and client endpoints running Symantec Endpoint Protection (SEP).2
Symantec's endpoint security software is widely deployed in enterprises. The Manager is the central server that pushes policy updates, receives health reports, and coordinates responses across all protected machines. Port 2371 is part of that coordination layer — the channel through which managed clients check in.
This kind of informal port occupation is common in the registered range. A vendor ships a product, hardcodes a port, deploys it across thousands of networks, and the port acquires a real identity that never touches the IANA registry. Port 2371 is not unique in this respect; it's just honest about it.
Checking What's on This Port
If you see traffic on port 2371 and want to know what's using it:
On Linux/macOS:
On Windows:
Then cross-reference the process ID (PID) with Task Manager or tasklist to identify the application.
If you're on a corporate network and see port 2371 active, Symantec Endpoint Protection is the most likely explanation. If you're not running any endpoint security software and this port is open, that warrants investigation.
Why Unassigned Ports Matter
The port registry's value comes from its completeness. When a port is properly registered, any administrator seeing traffic on that port can look it up and immediately know what's running. When software colonizes unassigned ports informally, that knowledge becomes fragmented — scattered across vendor documentation, security databases, and institutional memory.
Port 2371 is a small example of this. IANA says nothing is there. Broadcom's documentation (Symantec's current parent company) says otherwise.2 Anyone investigating network traffic has to know to look in both places.
The registered range has thousands of ports in this ambiguous state: officially empty, practically occupied, with no authoritative record connecting the two facts.
Frequently Asked Questions
Esta página foi útil?