What Port 2701 Is
Port 2701 lives in the registered port range (1024–49151) — the space where applications claim addresses through the IANA registration process, rather than the well-known ports (below 1024) reserved for foundational Internet services.
IANA's official assignment: sms-rcinfo, for both TCP and UDP.
That "SMS" doesn't mean text messages. It means Microsoft Systems Management Server — the enterprise IT management platform Microsoft shipped in the 1990s, later rebranded as System Center Configuration Manager (SCCM), and now called Microsoft Endpoint Configuration Manager. It's the software large organizations use to manage thousands of Windows computers at once: deploying software, enforcing policies, and yes, taking remote control.
What Actually Runs Here
In practice, port 2701 is known for one thing: SCCM Remote Control.
When an IT administrator opens the Configuration Manager console and connects to a managed client — seeing the user's screen, moving the mouse, typing into their keyboard — that connection travels over TCP port 2701. The protocol is point-to-point, direct from the console to the client machine.1
The connection uses Kerberos for authentication by default, falling back to NTLM if Kerberos isn't available. Port 2702 travels alongside it in some configurations, handling additional remote tools traffic.2
This means port 2701 is open on any Windows machine enrolled in an SCCM-managed environment — which covers a significant portion of corporate workstations worldwide.
The Name Confusion
The IANA listing says "sms-rcinfo." Some sources call it "sms-remctrl." Both refer to the same lineage: Microsoft SMS / SCCM's remote control infrastructure. The naming inconsistency comes from the product's long history — SMS acquired this port before it became SCCM, and the IANA registration never kept pace with the rebranding.3
Security Considerations
Remote control on port 2701 requires administrative credentials and is gated by Configuration Manager's permission model. But like any remote control capability, it's a high-value target: an attacker who gains control of an SCCM server effectively has access to every managed client. Security researchers have documented ways to abuse SCCM's remote control as a lateral movement tool in enterprise networks.4
If you see unexpected traffic on port 2701, especially inbound connections, it warrants investigation.
How to Check What's Listening on This Port
On Windows:
On macOS/Linux:
If something is listening on 2701 on a corporate Windows machine, it's almost certainly the SCCM remote control agent. On a personal machine or server with no enterprise management software, nothing should be listening here.
Frequently Asked Questions
A fost utilă această pagină?