Port 704 is officially assigned to elcsd (errlog copy/server daemon), a service from ULTRIX—Digital Equipment Corporation's Unix variant that ceased development in the 1990s. The port exists in the well-known range, reserved during an era when operating system vendors needed dedicated numbers for their infrastructure daemons.
What Elcsd Was
The elcsd daemon logged hardware and system errors from the kernel's error buffer to files. It could operate in two modes:
- Local mode — Log error packets from the local system
- Remote mode — Send local error packets to a remote system, or receive and log errors from remote hosts
This was infrastructure for distributed error monitoring on ULTRIX systems. When a kernel detected a hardware fault or system error, elcsd would capture it, timestamp it, and either store it locally or forward it to a centralized logging server.1
The Assignment History
Port 704's assignment appears in RFC 1340 (July 1992) and RFC 1700 (October 1994)—the final RFC documents that contained port assignments before IANA transitioned to maintaining living online registries.2 This places the allocation in the early 1990s, when ULTRIX was still actively developed.
The well-known ports (0-1023) were allocated more liberally during this period. Operating system vendors and protocol designers requested numbers, and IANA assigned them. Many of these assignments outlived the systems they were designed for.
Why This Port Matters
Port 704 is a ghost in the registry. ULTRIX development ended in the mid-1990s when Digital Equipment Corporation was acquired by Compaq, which was later acquired by HP. The operating system is extinct. No modern system runs elcsd.
Yet the port assignment persists. It's not unassigned—it still belongs to elcsd in the official IANA registry. This reveals something about how the Internet manages its namespace: ports are rarely reclaimed. Once assigned, they tend to stay assigned, even when the service they were meant for disappears entirely.
Security Note
Like many well-known ports, port 704 has been observed in malware communications.3 Attackers sometimes use assigned-but-unused ports because they look legitimate in logs. If you see traffic on port 704, it's almost certainly not elcsd—it's either misconfiguration or something pretending to be a service that no longer exists.
How to Check What's Listening
To see if anything is actually listening on port 704:
Linux/macOS:
Windows:
If something is listening, it's worth investigating. It won't be elcsd.
The Well-Known Ports Range
Port 704 sits in the well-known ports range (0-1023), which requires root or administrator privileges to bind. These ports were historically reserved for system services and protocols that needed to be universally recognized.
IANA stopped assigning new well-known ports in 2005, recognizing that the namespace was filling with legacy assignments like this one—services that once mattered but no longer run.
Related Ports
Other well-known ports from the same era that outlived their original systems:
- Port 512-514 — BSD rexec, rlogin, rsh (largely replaced by SSH)
- Port 175 — vmnet (from a defunct VMware protocol)
- Port 526 — tempo (Newdate time protocol, obsolete)
These are archaeological layers in the port registry—evidence of systems and protocols that once shaped the Internet's infrastructure but have since been replaced or abandoned.
Frequently Asked Questions About Port 704
Port 704 is a memorial. It marks a service that once mattered enough to deserve a well-known port number, from a system that shaped Unix's evolution, maintained by a company that no longer exists. The port remains in the registry—not because elcsd might return, but because the Internet remembers.
ڇا هي صفحو مددگار هو؟