What Range This Port Belongs To
Port 2983 falls in the registered ports range (1024-49151). These ports are managed by IANA and can be claimed by application developers who want a consistent, recognized home for their software. Unlike the well-known ports (0-1023), registered ports don't require root privileges to bind on most systems, and the bar for registration is lower.
The registered range exists because the Internet needs coordination. Without it, two different applications might both decide port 2983 is theirs, collide on networks everywhere, and cause chaos. Registration is the system's way of preventing that — in theory.
What's Actually Here
Some port databases list port 2983 as assigned to a service called NETPLAN (TCP and UDP). But the registration carries no RFC number, no contact information, no documentation, and no known product anyone can identify. It predates the current IANA registration standards that require meaningful justification. 1
This is distinct from Ubuntu's Netplan network configuration tool — that's a completely unrelated piece of software that does not use port 2983.
The practical reality: port 2983 is an empty slot. The name "NETPLAN" is on a list, attached to nothing verifiable.
A Small Security Footnote
Historical trojan databases flag port 2983 as having been used by a piece of malware called Breach. 2 This appears in older security reference lists from the early-to-mid 2000s. Breach was not a significant threat and this association is largely of historical interest — but it's worth knowing if you're auditing older systems and find unexpected traffic here.
How to Check What's Listening
If you see traffic on port 2983 and want to know what's using it:
On Linux or macOS:
On Windows:
The process ID from the last column can then be looked up in Task Manager or with tasklist.
If something is listening on port 2983 and you didn't put it there, that's worth investigating. Unexpected listeners on obscure registered ports are a common pattern for malware that assumes no one is watching the quiet neighborhoods.
Why Unassigned (or Barely Assigned) Ports Matter
The port system works because of shared expectations. When a port is clearly assigned — SSH on 22, HTTPS on 443 — firewalls, monitoring tools, and engineers all know what to expect there. When a port sits in limbo like 2983, with a name but no substance, it becomes useful to anyone who wants to hide in plain sight.
Malware authors know the registered range is large and mostly unwatched. A service binding to port 2983 looks, superficially, like it might have a reason to be there. The "NETPLAN" label offers just enough cover to avoid immediate scrutiny.
This is why security monitoring doesn't stop at well-known ports. The full 65,535 need watching.
Var den här sidan till hjälp?