Port 2804: DVR-ESM — The Surveillance Manager's Back Channel

What Runs on Port 2804

Port 2804 is registered with IANA for DVR-ESM, the communication protocol used by March Networks' Digital Video Recorders and Enterprise Service Manager (ESM) software.¹

March Networks is a commercial video surveillance company. Their Enterprise Service Manager is server software that centrally manages large deployments of security cameras and digital video recorders across multiple physical locations — the kind of system you'd find behind the scenes at banks, retail chains, and hospitals.

Port 2804 is how the ESM software talks to the recorders it manages: pushing configuration changes, pulling health status, managing user permissions, and keeping tabs on the state of every camera in the fleet.

It's a real, actively registered port. It just operates in a corner of the industry most network engineers never encounter.

What Range This Port Belongs To

Port 2804 falls in the registered ports range (1024–49151). This is the middle tier of the three-part port system:

• Well-known ports (0–1023): Reserved for major protocols — HTTP, HTTPS, SSH, DNS. Requires root/administrator privileges to bind on most systems.
• Registered ports (1024–49151): Assigned by IANA on request for specific applications. No privilege required to bind, but IANA maintains the registry to avoid conflicts. This is where DVR-ESM lives.
• Dynamic/ephemeral ports (49152–65535): Temporary ports your OS assigns to outgoing connections. Nothing is registered here by design.

Registration means someone filed the paperwork with IANA. It doesn't mean the software is common — just that March Networks claimed the port number in 2004 to avoid stepping on other applications.²

How to Check What's Listening

If you see port 2804 open on a machine and want to know what's using it:

On Linux/macOS:

# Show the process listening on port 2804
sudo ss -tlnp sport = :2804

# Or with lsof
sudo lsof -i :2804

On Windows:

netstat -ano | findstr :2804

The process name in the output will tell you if it's March Networks software or something else entirely. Commercial software often uses registered ports, but there's nothing enforcing exclusivity — any application can bind to 2804 if nothing else is using it.

Why Obscure Registered Ports Matter

Most security tools and firewalls maintain lists of "known" ports. When port 2804 shows up open, automated scanners frequently flag it as suspicious or unknown because it's outside the commonly memorized set of major services.

This creates a real operational problem: legitimate commercial software (surveillance systems, industrial controllers, medical devices) runs on registered-but-obscure ports that intrusion detection systems don't recognize. Network teams either whitelist the traffic without fully understanding it, or block it and wonder why the security cameras stopped reporting.

The honest answer when you see an unfamiliar open port is the same as when you see port 2804: look at what process bound it, check IANA's registry, and then decide. The registry exists precisely so that "unknown" doesn't have to mean "suspicious."