What Range This Port Belongs To
Port 2992 sits in the registered ports range, which runs from 1024 to 49151. These ports are neither the famous well-known ports (0-1023, reserved for HTTP, SSH, DNS, and their peers) nor the ephemeral ports that your operating system hands out temporarily for outgoing connections.
Registered ports are supposed to mean something. A developer or organization asks IANA to assign a port to their service, IANA records it, and that port becomes associated with that service. The idea is to prevent two applications from fighting over the same number.
Port 2992 went through that process. It just didn't go anywhere after.
What Is Avenyo Server?
IANA's registry lists port 2992 as belonging to Avenyo Server, registered on both TCP and UDP, with a contact named Bodo Rueskamp.1 Beyond that, the trail goes cold. Avenyo left no meaningful footprint — no documentation, no active community, no surviving product page. It's a name in a registry that time forgot.
Port databases also associate 2992 with VideoReQuest, a consumer video-on-demand appliance from the early 2000s that used a cluster of ports including 22, 2992, and 3670.2 VideoReQuest is equally extinct.
A firewall administrator on a Linux Embedded Appliance Firewall mailing list once described port 2992 as belonging to "a couple of very oddball applications" — which remains the most accurate characterization available.3
How to Check What's Listening on This Port
If you see traffic on port 2992 on your own systems, find out what's actually there:
On Linux or macOS:
On Windows:
With nmap (from another machine):
If something is listening and you don't know what it is, that's worth investigating. Legitimate software almost never uses port 2992 today.
Why Unassigned-in-Practice Ports Matter
The registered range has over 48,000 port numbers. IANA manages the registry, but enforcement is weak and the historical record is spotty. Many ports were claimed by software that died years ago. Others were registered speculatively and never used.
This matters for two reasons. First, a port scanner hitting 2992 can't rely on the registry to tell it what to expect. Second, attackers occasionally use obscure registered ports to run services that look less suspicious — betting that defenders will see a "registered" port number and not dig further.
An empty port is honest. An unexpected service on any port — registered or not — deserves scrutiny.
Esta página foi útil?