Port 956 exists in a peculiar state: officially unassigned by IANA, yet not entirely unused. It sits in the well-known ports range (0-1023), space that's supposed to be reserved for fundamental Internet services. But IANA never assigned it to anything.
That vacuum hasn't gone unfilled.
What Well-Known Ports Are
The Internet divides its 65,535 ports into three ranges:
- Well-known ports (0-1023) — Reserved for system services, assigned only through IETF Review or IESG Approval
- Registered ports (1024-49151) — Available for user applications, assigned through less rigorous processes
- Dynamic/private ports (49152-65535) — Never assigned, used temporarily for client connections
Port 956 falls in that first category—the restricted range meant for services that define how the Internet works. But according to IANA's registry, ports 954-988 (including 956) are marked "Unassigned."1
What Unassigned Actually Means
"Unassigned" doesn't mean "unused." It means IANA hasn't given anyone official permission to use this port. No RFC defines it. No protocol claims it. No organization has filed paperwork to register it.
But your firewall doesn't care about IANA's paperwork. If something wants to listen on port 956, nothing stops it except your operating system's permission system. Root access on Unix, administrator access on Windows—that's all it takes.
This is why unassigned ports have become hunting grounds for malware.
The Malware Problem
Security databases have observed port 956 being used by a trojan called "Crat Pro."2 The trojan chooses an unassigned port deliberately—it's less likely to conflict with legitimate services, less likely to be monitored by default firewall rules, less likely to appear in the typical lists that system administrators check.
If you find port 956 open on your system and you didn't explicitly open it, that's not a mystery to solve later. That's a problem to investigate immediately.
How to Check What's Listening
On Linux or macOS:
On Windows:
These commands show you what process (if any) is listening on or connected through port 956. If you see anything, note the process ID and investigate what's running. Legitimate services announce themselves clearly. Malware tries to hide.
Why Unassigned Ports Matter
The port number system only works because of scarcity and coordination. We can't have 50 different services all claiming port 80—HTTP would break. IANA exists to prevent that chaos in the well-known range.
But unassigned ports reveal something about the system: assignment is administrative, not technical. The protocol doesn't enforce IANA's authority. Your operating system will happily let any application listen on port 956 if it has the right permissions.
This is both a feature and a vulnerability. It means experimental protocols can use unassigned ports without bureaucratic approval. It also means malware can do the same.
The gaps in the registry—the unassigned spaces like port 956—aren't bugs. They're breathing room for future expansion. But until IANA assigns them, they exist in a liminal state: reserved but unclaimed, protected but undefended.
Security Recommendations
If you're running a firewall (and you should be), consider blocking inbound connections to unassigned well-known ports unless you specifically need them. The legitimate services that matter—SSH, HTTPS, DNS—use assigned ports. Traffic to port 956 has no obvious legitimate purpose.
If you're developing a new protocol, don't use port 956. Use the dynamic/private range (49152-65535) for testing, and apply for an official assignment if your protocol needs permanence.
And if you find something listening on port 956 that you didn't put there? Run your antivirus. Check your process list. Investigate before assuming it's benign.
The Honest Truth
Port 956 isn't special. It's one of thousands of unassigned ports, most of which will probably never receive official assignments. The Internet has more port numbers than it knows what to do with.
But its story illustrates something important: the port system is a social convention backed by technical infrastructure. IANA maintains the registry. RFCs define the protocols. But enforcement happens at the OS level, and your OS doesn't consult IANA before opening a port.
Trust unassigned ports the way you'd trust an unmarked door in a building: it might lead somewhere legitimate, but it's probably worth asking why it isn't labeled.
Frequently Asked Questions About Port 956
Var den här sidan till hjälp?