Port 1887: FileX Listening Port — A Registered Name With Nothing Behind It

What Port 1887 Is

Port 1887 sits in the registered port range (1024–49151). IANA lists it under the service name filex-lport — the FileX Listening Port — assigned for both TCP and UDP.¹

That's where the official record ends. FileX, whatever it was, left almost no trace. No active software, no community, no RFC, no documentation that survives in accessible form. The registration exists; the software it names does not.

What the Registered Port Range Means

The registered port range is the middle tier of the port numbering system. Below it sit the well-known ports (0–1023), which require root or administrator privileges to bind and carry the Internet's core infrastructure — HTTP, HTTPS, SSH, SMTP. Above it sit the ephemeral ports (49152–65535), which operating systems assign on the fly to outgoing connections.

The registered ports are for everything else: applications and services that need a stable, predictable number so clients can find them, but that aren't foundational enough to claim a well-known slot. Anyone can submit an application to IANA; the bar is low. The result is a range that includes both widely-used protocols and ports like 1887 — registered once, then forgotten.²

What You Might Find on Port 1887 Today

Because the official occupant is effectively absent, port 1887 has no dominant unofficial use either. If something is listening on this port on your machine or network, it's almost certainly:

• Application-configured — software that picked this port arbitrarily or via a configuration file
• Development or testing — a local service that needed a free port
• Misconfiguration — something that shouldn't be exposed

There's no known malware family that specifically uses 1887, and no major application that defaults to it.

How to Check What's Listening on Port 1887

On Linux or macOS:

ss -tlnp | grep 1887
# or
lsof -i :1887

On Windows:

netstat -ano | findstr :1887

The output will show the process ID. Cross-reference it with your process list (tasklist on Windows, ps aux on Linux/macOS) to identify what's actually there.

Why Unassigned and Abandoned Ports Matter

Port numbers are a finite resource — 65,535 of them across TCP and UDP. IANA manages registrations to prevent collisions, but the registry accumulates registrations for software that no longer exists, companies that went under, and protocols that never gained traction.

Port 1887 is an example of this drift: officially occupied, practically free. It's not dangerous by itself — a port number is just a number. But when something unexpected is listening on a port with no known purpose, that's worth investigating. The absence of a well-known occupant means you lose the context that would help you recognize whether the traffic is normal.