Port 771: rtip — The forgotten assignment

What Lives Here

Port 771 sits in the well-known ports range (0-1023), the space reserved for services important enough to warrant IANA's official blessing. In 1992, when RFC 1340 documented the Internet's assigned numbers, port 771 was given to something called "rtip."¹

The problem: nobody seems to remember what rtip actually was.

The Ghost Protocol

Historical records show "rtip" assigned to both TCP and UDP on port 771, but the protocol itself left almost no trace. No detailed RFC specification. No widespread implementation. No community of users who remember it fondly.

It might have stood for "Real-Time Information Protocol" or something similar—the "rt" prefix suggests real-time functionality. But unlike RTP (Real-Time Transport Protocol), which powers modern video conferencing and streaming, rtip never took hold.

Some sources mention port 771 being used by Mac OS X for RPC-based services like NetInfo,² but this appears to be an unofficial appropriation of an abandoned assignment rather than the original purpose.

Why This Matters

Port 771 represents something important about Internet infrastructure: not every assignment succeeds.

The Internet Assigned Numbers Authority (IANA) maintains the official registry of port numbers.³ When a protocol gets assigned a well-known port, it's meant to be permanent—a stable address that everyone can rely on. But what happens when the protocol dies?

Usually, nothing. The port just sits there. Reserved but unused. A tombstone in the registry.

Port 771 is likely one of these—officially assigned, technically reserved, practically forgotten.

What's Actually Using This Port

If you find port 771 active on your network, it's probably:

1. Legacy Mac OS X services — Older Apple systems used this port for RPC-based network information services
2. Custom applications — Developers sometimes reuse obscure assigned ports for internal tools
3. Nothing — Most systems have this port closed

To check what's listening on port 771 on your system:

On Linux or Mac:

sudo lsof -i :771

On Windows:

netstat -ano | findstr :771

Using nmap:

nmap -p 771 localhost

The Well-Known Range

Port 771 belongs to the well-known ports (0-1023), which require root/administrator privileges to bind to on Unix-like systems. This range was meant for standardized services that the entire Internet would recognize.

The reality is messier. Some well-known ports carry global services used by billions of devices. Others, like 771, carry mostly history.

Security Considerations

Because port 771 has no active, widely-deployed service:

• It shouldn't be open on Internet-facing systems unless you have a specific reason
• If it's open, investigate what's using it
• Attackers rarely target it because there's no standard service to exploit

The absence of a well-known service is actually a security advantage here. There's no default behavior to exploit.

Related Ports

• Port 772 — Also assigned to a service called "cycleserv2" in some registries, with similarly sparse documentation
• Port 770 — Sits unassigned or with minimal documentation
• Ports 0-1023 — The well-known range, though "well-known" is increasingly aspirational

The Honest Truth

Not every port has a rich history. Not every assignment leads to something meaningful. Port 771 is a reminder that the Internet's infrastructure includes not just the protocols we use every day, but also the ones we tried and abandoned, or never really used at all.

The registry keeps them anyway. Forever reserved. Waiting for a service that isn't coming back.