What This Port Is
Port 3145 sits in the registered port range (1024–49151) — the middle tier of the port numbering system, where applications and services claim numbers by filing with IANA. Unlike well-known ports below 1024, registered ports don't require elevated privileges to open. Unlike ephemeral ports above 49151, they're meant to be stable addresses for specific services.
Some databases list port 3145 as assigned to csi-lfap. In practice, that assignment is vestigial. The protocol it pointed to was never finished.
The Protocol Behind the Name
CSI-LFAP stands for Cabletron Systems Inc. — Light-weight Flow Accounting Protocol.
Cabletron Systems was a major networking hardware company in the 1990s. They produced an early version of LFAP, published as RFC 2124 in 1997. The problem they were solving was real: ISPs and enterprises needed to meter network traffic at scale for billing, capacity planning, and security analysis. Every packet that transited a router carried information someone needed to account for — source, destination, size, timing. Getting that data reliably off the router and into an accounting system was harder than it sounds.
LFAP's design was straightforward: a network element (the router or switch) acts as a Connection Control Entity (CCE) and streams packet flow summaries over TCP to a Flow Accounting Server (FAS). TCP was chosen deliberately — you can't lose billing records to UDP packet drops.
Cabletron later reorganized, spinning off several divisions. Riverstone Networks inherited the LFAP work and published updated drafts in 2001–2002, including a version 5 specification and a companion MIB definition.1 Those drafts expired without becoming RFCs. The protocol never achieved wide deployment.
Port 3145 was allocated for this work and never reassigned.
What Else Has Used This Port
MyDoom (2004). The MyDoom worm — one of the fastest-spreading pieces of malware ever recorded — included a backdoor component that listened on a sequential range of TCP ports from 3127 to 3198.2 Port 3145 falls within that range. If 3145 was available on an infected machine, MyDoom could claim it. Any open port in that range on an unpatched Windows system from that era was a warning sign.
zftpserver. Some sources note informal use of port 3145 by this FTP server implementation, though this was never registered.
How to Check What's Listening on This Port
If you see activity on port 3145 and want to know what's using it:
On Linux/macOS:
On Windows:
If something is listening on 3145 and you don't recognize it, that's worth investigating — especially on older Windows systems. Legitimate software rarely uses this port today.
Why Unassigned Ports Matter
The registered port range has 48,128 entries. A meaningful fraction are exactly like 3145: allocated for protocols that were proposed, partially developed, and abandoned. The IANA registry carries those ghost reservations indefinitely unless formally de-registered.
This matters because:
- Firewalls and scanners need a ground truth. Security tools use port registries to flag unexpected traffic. A port marked "unassigned" with active traffic is an anomaly worth examining. A port marked with a defunct protocol name is ambiguous.
- Port squatting is real. Software sometimes claims unassigned ports informally, creating conflicts when something else needs that space.
- History is preserved. LFAP represents a real engineering problem from a specific moment in networking history — when ISPs were figuring out how to bill for the Internet at scale. NetFlow, sFlow, and IPFIX eventually solved the same problem. LFAP didn't survive, but the problem it addressed shaped what did.
Var den här sidan till hjälp?