What This Port Belongs To
Port 10101 is registered with IANA for eZmeeting, a video conferencing and web meeting platform. The registration dates to March 2002, back when you had to specify your port number if you wanted reliable network communication. 1
It's a TCP/UDP service, meaning it handles both connection-oriented and connectionless traffic—important for meeting software that needs reliability but also wants to deal with voice and video, which prefer speed over perfect accuracy.
The Port Range
Port 10101 sits in the registered port range (1024-49151), which means it was assigned by IANA to a specific service upon application. These ports aren't meant for random services to grab. If you want a registered port, you ask IANA. If you get one, it's yours—on paper—forever. 1
This is the middle ground between the well-known ports (0-1023, reserved for famous services like HTTP and SSH) and the ephemeral ports (49152-65535, dynamically assigned to your applications when they need temporary connections).
What Happened to eZmeeting
eZmeeting was a legitimate videoconferencing solution in the early 2000s, before Zoom existed, before even Skype was dominant. It registered port 10101 to establish meetings between participants. That was reasonable then. That was necessary infrastructure.
Today, almost nobody uses eZmeeting. Zoom owns the videoconferencing space. Yet the port remains registered. Albert C. Yang, the original contact person, probably has no idea their port allocation is still in the global registry. 1
What Actually Uses This Port Now
This is where it gets interesting. Port 10101 isn't strictly off-limits to other services—it's just officially assigned. What you'll actually find listening on 10101 varies:
- Ubiquiti UniFi Access Points send UDP packets to port 10101 when communicating with their gateway 2
- Various applications use it unofficially because it's not firewall-blocked by default
- Malware has historically used this port—specifically, remote access trojans like Brainspy sought out semi-legitimate-looking ports to hide in 3
This is the danger of registered-but-unused ports: they become attractive to both legitimate applications and malicious actors who assume they're safe.
How to Check What's Listening
You can check if anything is listening on port 10101:
On macOS/Linux:
On Windows:
From another machine (if not firewalled):
The Real Story
Port 10101 is a ghost. It's a reminder that the Internet's port system is a historical artifact—full of allocations made decades ago for services that either died or were replaced by something better. IANA doesn't recycle port numbers. Once assigned, they stay assigned. The port is there. The name is there. The original contact is probably somewhere else now.
But here's the thing: because it's officially registered but nobody's actually using it, it becomes a gap in the security landscape. It looks legitimate enough that applications and malware alike will use it. It's available. It has the sheen of official approval.
This is why security teams monitor unresponsive ports as carefully as responsive ones. In the silence, things grow.
Var den här sidan till hjälp?