1. Ports
  2. Port 1718

Port 1718: H.323 Gatekeeper Discovery — The VoIP Phone That Shouts Into the Room

What Port 1718 Does

Port 1718 is a UDP port registered with IANA for H.323 gatekeeper discovery. It is the port a VoIP endpoint uses when it doesn't know where its gatekeeper is and needs to find one.

The mechanism is multicast: the endpoint sends a Gatekeeper Request (GRQ) message as a UDP datagram addressed to port 1718 at the multicast group address 224.0.1.41. Every H.323 gatekeeper subscribed to that multicast group receives the request. One of them — or several — responds with a Gatekeeper Confirm (GCF) or Gatekeeper Reject (GRJ).

The endpoint picks a gatekeeper from the responses and registers. Then the real work moves to port 1719, which handles ongoing unicast RAS (Registration, Admission, and Status) signaling.1

The Neighbor Ports

Port 1718 is one half of a pair:

  • UDP 1718 — multicast gatekeeper discovery (this port)
  • UDP 1719 — unicast RAS signaling after discovery is complete

Think of 1718 as the "where are you?" and 1719 as the ongoing conversation once you've found each other.

What H.323 Is

H.323 is an ITU-T standard for real-time audio and video communication over packet networks. It predates SIP and was the dominant VoIP protocol through the late 1990s and 2000s. Cisco, Polycom, and most enterprise VoIP infrastructure of that era spoke H.323.

A gatekeeper is the H.323 equivalent of a SIP registrar and proxy combined — it handles endpoint registration, call admission, and address translation. Finding one is the first thing an H.323 endpoint does on startup.2

Auto-Discovery vs. Static Configuration

H.323 endpoints have two ways to find a gatekeeper:

  1. Static configuration — the administrator tells the endpoint the gatekeeper's IP address
  2. Auto-discovery — the endpoint multicasts on port 1718 and discovers the gatekeeper automatically

Auto-discovery reduces administrative overhead. When you add a phone, it finds its gatekeeper without manual configuration. The tradeoff: multicast must work across your network, which isn't always guaranteed in segmented environments.3

What's Actually Listening on This Port

On a network with H.323 infrastructure, the gatekeeper listens on 1718. On most modern networks, nothing is.

H.323 has largely been replaced by SIP, and many organizations have migrated their VoIP infrastructure. Port 1718 traffic on your network today is almost certainly legacy equipment or Cisco gear running H.323 for compatibility.

To see if anything is listening locally:

# Linux/macOS
sudo ss -ulnp | grep 1718
sudo netstat -ulnp | grep 1718

# Windows
netstat -aon | findstr :1718

To see if a remote host is accepting connections:

nmap -sU -p 1718 <target-ip>

Security Notes

Port 1718 uses UDP multicast, which means anyone on the multicast-capable network segment can receive gatekeeper discovery messages. In misconfigured networks, this can expose the existence and location of your VoIP gatekeeper to any host that joins the 224.0.1.41 multicast group.

For most environments: if you're not running H.323, block or ignore this port. If you are running H.323, ensure multicast is scoped appropriately and gatekeepers respond only to legitimate endpoint requests.

Frequently Asked Questions

Anterior

Port 1717: fj-hdnet — Claimed but Uncrowded

Următor

Port 1719: H.323 RAS — The Front Desk of Legacy Video Conferencing

A fost utilă această pagină?

😔
🤨
😃