Port 2745 has no official assignment. IANA's registry lists it as unassigned in the registered port range. No RFC defines a protocol for it. No vendor ships software that uses it by design.
But that doesn't mean it's quiet.
What Range This Port Belongs To
Port 2745 sits in the registered ports range (1024–49151). These ports are neither the tightly controlled well-known ports (0–1023, requiring root on most systems) nor the ephemeral ports (49152–65535, used for outbound connections). Registered ports are supposed to be claimed through IANA for specific services, but the registry has gaps — ports that were never applied for, never assigned, never spoken for.
Port 2745 is one of those gaps. Which made it attractive.
The Bagle Worm
In January 2004, a worm appeared. First called Beagle, then renamed Bagle to spite its author, it spread through email and opened a backdoor on port 2745.1
The mechanism had a certain elegance. The worm would install itself, open TCP port 2745, and wait. A remote attacker connecting to that port had to send a specific "magic string" — an authentication handshake — before the backdoor would respond. If the string matched, the backdoor would accept a URL and fetch whatever the attacker pointed it at.2
Bagle spread fast. Thirty-five variants by July 2004. Over a hundred by April 2005.3 Millions of machines. All of them listening on 2745.
The choice of an unassigned port was deliberate. A firewall rule blocking, say, port 80 would knock out web browsing. A rule blocking 2745 blocked nothing anyone needed — but only if the administrator knew to write that rule at all.
Why Unassigned Ports Matter
The 65,535 ports aren't all filled. Thousands sit empty, officially unassigned, waiting. For the most part they stay quiet — the gap between "IANA has no record of this" and "something is using this" is exactly where malware has historically operated.
Port 2745 is a good example of this logic. Nothing legitimate runs there, so traffic on 2745 is either a misconfigured application or something that chose obscurity on purpose. Neither is reassuring.
Most modern security tools flag unexpected activity on unassigned ports for exactly this reason. The absence of a legitimate use is itself a signal.
How to Check What's Listening
If you want to see whether anything on your machine has claimed port 2745:
macOS / Linux:
or
Windows:
Then match the PID against Task Manager or:
An empty result is the correct result. If something is there, find out what it is.
Security Considerations
Port 2745 has no legitimate use. If you see traffic on this port:
- Something on your network may be infected with a Bagle variant (unlikely in 2025, but legacy systems persist)
- An application has chosen this port informally for its own purposes and documented it poorly
- A port scanner is probing your network
Block inbound 2745 at your perimeter if you have no specific reason to allow it. You won't break anything.
Frequently Asked Questions
Var den här sidan till hjälp?