Port 3302: MCS Fastmail — Registered, Then Forgotten

What Port 3302 Is

Port 3302 sits in the registered port range (1024–49151). These ports aren't reserved by default — you don't need root or administrator privileges to bind them — but they are registered with IANA, the organization that keeps track of who claimed what.

IANA's registry lists port 3302 under the service name mcs-fastmail, described simply as "MCS Fastmail," supporting both TCP and UDP. That's where the trail goes cold.

The Ghost Registration

There is no RFC for mcs-fastmail. There is no public documentation, no known open-source implementation, no company still actively using it under this name. "MCS" likely referred to a company or product that registered the port years ago and has since changed, dissolved, or moved on.

This isn't unusual. The registered port range contains hundreds of entries like this — names without specifications, claims without implementations. The Internet moves fast, and IANA's registry keeps names long after the things they named have disappeared.

(Note: this port is unrelated to Fastmail, the modern email service, which uses standard IMAP/SMTP ports.)

What Might Actually Be on Port 3302

If you see traffic on port 3302 in the wild, it's almost certainly something custom — internal tooling, a development server, or an application that picked this port because it was available. Some security scanners have flagged it in association with remote access tools, but there's no definitive attribution.

The absence of a real specification means anyone can use port 3302 for anything. And they do.

How to Check What's Listening

If port 3302 is open on a system you care about, find out what's actually there:

On Linux/macOS:

# Show what process is listening on port 3302
ss -tlnp | grep 3302
# or
lsof -i :3302

On Windows:

netstat -ano | findstr :3302

Then take the process ID from the output and look it up:

# Linux/macOS
ps aux | grep <PID>

# Windows
tasklist | findstr <PID>

If something is listening on 3302 and you didn't put it there, that's worth investigating.

Why Unassigned-in-Practice Ports Matter

The registered port range was designed to give applications a stable, non-conflicting address. The registration system works when services document what they do. When a name gets registered without a specification — or when the service behind it disappears — the port becomes a kind of no man's land.

Attackers know this. Ports with no well-known service are less likely to be scrutinized by firewalls and intrusion detection systems tuned to known protocols. A legitimate service running on port 3302 looks identical to malware doing the same. Context is everything.

• IANA Service Name and Transport Protocol Port Number Registry
• SpeedGuide — Port 3302
• GRC Port Authority — Port 3302