Port 2569: Unassigned — the ghost of Sonus call signaling

What This Port Is

Port 2569 sits in the registered port range — the band from 1024 to 49151 that IANA manages for applications and services to claim officially. IANA currently lists port 2569 as unassigned. No RFC defines it. No standard protocol lives here on paper.

In practice, though, multiple port databases attribute it to sonuscallsig — Sonus Call Signal — a proprietary signaling protocol used by Sonus Networks' session border controllers.¹

The Sonus Connection

Sonus Networks (acquired and rebranded as Ribbon Communications) built carrier-grade session border controllers (SBCs) — the appliances that sit at the edges of VoIP networks, managing call setup, security, and interoperability between different telephony systems. Enterprises connecting their phone systems to carriers, and carriers interconnecting with each other, ran Sonus hardware.

The sonuscallsig attribution suggests port 2569 was used internally by Sonus equipment for call control signaling — likely between components of their SBC infrastructure. It was a proprietary channel, not an open standard, which is probably why IANA never formally registered it. The equipment used it; the paperwork never caught up.

Sonus's gear was (and Ribbon's gear still is) genuinely significant telecom infrastructure. If you've made a business VoIP call over the past two decades, there's a decent chance it passed through a Sonus SBC at some point.

Security Notes

Some security databases flag port 2569 as having been used by trojans or malware historically.² This kind of flagging is common for lightly-documented registered ports — threat actors occasionally use obscure ports to avoid firewall rules tuned to well-known services. The flag is historical and not evidence of a specific, current threat.

If you see unexpected traffic on port 2569 outside a Sonus/Ribbon SBC environment, that's worth investigating.

The Registered Port Range

Ports 1024–49151 are called registered ports. The idea is that applications and vendors register their port with IANA so there's a public record of what uses what, preventing conflicts. In practice, the registry is imperfect. Vendor-specific ports get used without formal registration. Ports get claimed, abandoned, or reassigned. Informal attributions accumulate in third-party databases that outlast the products they describe.

Port 2569 is a small example of this gap: a port with a real history and a real (if proprietary) use, listed officially as empty.

How to Check What's Using Port 2569

If you need to see whether anything is listening on this port on your machine:

macOS / Linux:

# Show what process is listening on port 2569
lsof -i :2569

# Or with ss (Linux)
ss -tlnp sport = :2569

Windows:

netstat -ano | findstr :2569

The PID in the output can be matched against Task Manager or tasklist to identify the process.

To check if a remote host has port 2569 open:

nmap -p 2569 <hostname>