Port 3352: Scalable SQL — The Database Port Almost No One Knows

What This Port Does

Port 3352 is IANA-registered to SSQL (Scalable SQL), the relational networking layer of Pervasive.SQL — a database engine that once powered a significant chunk of small-business accounting software in the late 1990s and early 2000s.¹

If you see traffic on port 3352, something is almost certainly running Pervasive.SQL (or its successor, Actian PSQL).

The Database Behind the Port

Pervasive.SQL has an unusual lineage. It descended from Btrieve, a key-indexed record management system created by SoftCraft in 1982 — before SQL was even a mainstream concept. Novell eventually acquired Btrieve, and the technology evolved into Pervasive.SQL, which added a proper SQL interface on top of the original record-based storage engine.²

The result was a two-layer database:

• Btrieve (transactional): The original record engine, operating on port 3351
• SSQL (relational): The SQL layer sitting on top, operating on port 3352

Both ports work together. If you find 3351 open, 3352 is often nearby.

Pervasive.SQL targeted small and mid-sized businesses — particularly accounting and ERP software vendors who needed an embeddable database that could run reliably without a dedicated database administrator. It was genuinely good at that. Companies like Sage and dozens of smaller vertical-market software vendors shipped products built on it.

Pervasive Software was eventually acquired by Actian Corporation, and the product lives on as Actian PSQL.³ It still ships. It still listens on these ports. There are businesses running it right now, on hardware purchased before some readers were born.

Why Most Databases List It as "Unassigned"

Port 3352 occupies a strange middle ground: IANA assigned it to Scalable SQL with Pervasive Software's Chuck Talk as the registered contact.¹ But Pervasive.SQL was never mainstream enough for the port to become widely documented. Security databases flag it as "unknown" or "possibly malicious" simply because they don't recognize what's using it — a circular problem where obscurity breeds suspicion.

If a security scanner flags port 3352, the most likely explanation is Pervasive.SQL, not a trojan.

What Range This Port Belongs To

Port 3352 falls in the registered ports range (1024–49151). These ports require registration with IANA and are intended for specific services, but unlike well-known ports (0–1023), they don't require root or administrator privileges to open. Any process can bind to port 3352. IANA's assignment tells you what's supposed to use it — not what actually is.

How to Check What's Listening

Linux/macOS:

ss -tlnp | grep 3352
# or
lsof -i :3352

Windows:

netstat -ano | findstr :3352

With nmap (from another machine):

nmap -sV -p 3352 <target-ip>

If Pervasive.SQL is running, nmap -sV will often identify it by banner. If something else is using the port, you'll see a generic service or nothing — investigate further.

Should You Be Concerned?

If you're running Pervasive.SQL: no. This is expected behavior.

If you find port 3352 open on a server that shouldn't have a database engine: worth investigating. Like any open port attached to a database, it represents a potential attack surface if Pervasive.SQL is misconfigured or running with weak credentials.

If you find it open and can't explain why: run the commands above, identify the process, and decide from there.