Port 2017: Bootclient — A Name Without a Service

What Range This Port Belongs To

Port 2017 is a registered port, in the range 1024–49151. IANA maintains this range for services that have formally requested an assignment — distinct from the well-known ports (0–1023) reserved for foundational Internet protocols like HTTP, DNS, and SSH.

Being "registered" sounds official. In practice, it means someone once filed a request. It says nothing about whether anyone is actively using the port, whether software still exists for it, or whether documentation was ever written.

Port 2017 is a case in point.

What IANA Says

IANA's Service Name and Transport Protocol Port Number Registry lists port 2017 (both TCP and UDP) as "bootclient".¹

No RFC is cited. No organization is listed as the registrant. The name suggests a client-side boot protocol of some kind — perhaps something related to network booting or device provisioning — but no documentation traces back to it. "Bootclient" on port 2017 is, for practical purposes, a name without a service.

A secondary entry in crowdsourced port databases lists port 2017/TCP as "cypress-stat", attributed to a company called Neophasis.² This appears to be a proprietary internal tool, not a public protocol. No specification has been published.

Unofficial Uses

No commonly observed unofficial use has been established for port 2017. Unlike some unassigned ports that accumulate real-world associations through popular software (game servers, dev tools, monitoring agents), port 2017 shows up in no notable application defaults.

If you see traffic on port 2017 in your environment, it is either:

• Custom application traffic — an in-house service or tool configured to use this port deliberately
• Misconfiguration — something meant for another port
• Scanning activity — automated scanners probe large port ranges and will hit 2017 as part of a sweep

None of these are inherently alarming, but none of them are "normal" in the sense of a recognized standard.

How to Check What's Listening on Port 2017

On Linux or macOS:

ss -tlnp | grep :2017
# or
lsof -i :2017

On Windows:

netstat -ano | findstr :2017

The output will show the process ID (PID) of whatever is listening. Cross-reference the PID with Task Manager (Windows) or ps aux (Linux/macOS) to identify the application.

If nothing is listening on port 2017 on your system, that's normal — and expected.

Why Unassigned Ports Matter

The registered port range contains 48,128 possible port numbers. Most of them are like port 2017 — technically assigned to something, but functionally empty. This creates two realities:

The practical upside: Developers and system administrators can configure software to listen on these ports without worrying about conflicts with established protocols. Port 2017 is safe to use for a custom internal service.

The security consideration: Ports without documented services are worth watching. If something unexpected shows up listening on port 2017 in your environment, there is no "this is normal" baseline to reassure you — which makes anomaly detection more straightforward. Unexpected traffic on an obscure registered port is a better signal than unexpected traffic on port 80.