Port 2795: LiveStats — A Name Without a Protocol

What Range This Port Belongs To

Port 2795 falls in the registered port range (1024–49151), sometimes called the user port range. These ports are assigned by IANA on a first-come, first-served basis to services and applications that request them. Unlike well-known ports (0–1023), registered ports don't require root privileges to open on most operating systems, and they don't carry the same cultural weight of universal recognition.

The registered range is enormous — over 48,000 ports — and the reality is that most of them are quiet. Many were registered decades ago by software that no longer exists. Some were registered speculatively. Some have registrations with no surviving documentation.

Port 2795 is one of those.

The "LiveStats" Registration

Some port databases list port 2795 as "LiveStats."¹ The assignment exists in secondary sources, but there is no RFC defining the protocol, no official documentation describing what LiveStats does, and no active software known to use this name on this port.

Around 2002–2003, users on security forums reported seeing port scans hitting 2795 and wondering what it was.² No clear answer emerged then. None exists now.

What this suggests: at some point, someone registered the name "LiveStats" for this port with IANA, built something (or intended to), and then the software either never shipped, died quietly, or moved to a different port. The registration remains. The service does not.

This is not unusual. The registered port space is full of fossil names — identifiers that outlasted the software they pointed to.

Whether It's a Security Concern

An open port 2795 on your system is worth investigating — not because the port itself is dangerous, but because any unexpectedly open port deserves explanation. The port has appeared in some port scanners' lists of ports associated with trojans, but this is pattern-matching from the era of early firewall tools that flagged anything unexpected.³ There is no credible malware family specifically associated with 2795.

If you see it open, find out what opened it.

How to Check What's Listening

On Linux or macOS:

sudo ss -tlnp | grep 2795
# or
sudo lsof -i :2795

On Windows:

netstat -aon | findstr :2795

The output will show you the process ID (PID) holding the port open. From there:

# Linux/macOS — find the process name
ps aux | grep <PID>

# Windows — find the process name
tasklist | findstr <PID>

If nothing is listening, the port is closed. That's the expected state for port 2795 on most systems.

Why Unassigned Ports Matter

The port numbering system only works because most software honors it. When applications pick arbitrary ports — or squat on registered ports whose original owners vanished — they create friction: firewalls flag the traffic, administrators investigate the anomaly, and the overall legibility of network traffic degrades.

Port 2795 is a small example of a larger truth: the IANA registry is a living document in a decaying ecosystem. Services come and go. Registrations persist. The gap between "assigned" and "actively used" grows wider every decade.

The registered port range was designed to bring order. What it actually produced is 48,000 ports with varying degrees of legitimacy — from HTTP/2 on 8443 to ghost registrations like this one.