Port 1189 sits in the registered range (1024-49151), ports assigned by IANA for specific services. But this port tells a different story—it's a remnant from the 1990s, when Novell NetWare dominated corporate file sharing and "the network" often meant NetWare.
What Runs on Port 1189
Port 1189 is used for unencrypted NetWare Core Protocol (NCP) traffic.1 NCP was Novell's protocol for everything file servers did: accessing files, printing, directory services, clock synchronization, and messaging between NetWare servers and clients.
The "unencrypted" part matters. Early NetWare client software sent passwords over the network in plaintext—readable by anyone with a packet sniffer.2 Port 1189 carries that legacy traffic.
The NetWare Era
Novell NetWare was the dominant network operating system through the 1990s. Before Windows Server, before Active Directory, there was NetWare. It originally ran on IPX/SPX (Novell's own network protocol stack) before switching to TCP/IP with NetWare 5 in 1998.3
The encrypted version of NCP typically used different ports and methods. By the time NetWare switched to TCP/IP as its primary protocol, the standard NCP port was 524, not 1189.4 This makes port 1189 even more of a historical artifact—it's associated with a specific era and configuration of NetWare systems.
Why This Port Matters Today
It mostly doesn't. NetWare has been discontinued. Micro Focus (who acquired Novell) ended support for the last NetWare version years ago. But ports like 1189 matter for two reasons:
Archaeological significance — Old NetWare servers still exist in forgotten corners of corporate networks. Some organizations discovered NetWare servers running in closets during Y2K audits and again during IPv6 migrations. If you see traffic on port 1189, you've found either a legacy system or someone testing historical protocols.
The registered range — Port 1189's assignment shows how the registered range (1024-49151) works. These ports are assigned by IANA for specific services, but unlike well-known ports (0-1023), they don't require special privileges to use. Any application can listen here, which is why you'll find both official assignments and unofficial uses scattered throughout this range.
Security Considerations
If you find port 1189 actually in use on your network, that's a security concern. Unencrypted NCP means:
- Passwords transmitted in plaintext
- File contents transferred without encryption
- No authentication of server or client identity
- Protocols designed before modern security threats existed
This isn't theoretical. These vulnerabilities are real, documented, and exploitable.2
How to Check What's Listening
On Linux or macOS:
On Windows:
If something is listening on port 1189, investigate. It's either a legacy NetWare system (which should probably be migrated) or something else using this port unofficially.
The Bigger Picture
Port 1189 represents a specific moment in networking history—when file servers were their own thing, when protocols were proprietary, when security meant keeping people out of the server room rather than encrypting the wire.
The registered port range is full of these stories. Protocols that mattered intensely for five years and then vanished. Standards that never caught on. Services that solved problems we don't have anymore.
Every port number is a door. Some doors see billions of packets per second. Others haven't been opened in decades. Port 1189 is mostly closed now, but it's still there, still assigned, still carrying the occasional packet from a NetWare server that nobody remembers installing.
Related Ports
- Port 524 — Modern NCP over TCP/IP (the successor to port 1189)
- Port 427 — Service Location Protocol (SLP), used for NetWare service discovery
- Port 213 — IPX, the protocol NetWare used before TCP/IP
Frequently Asked Questions About Port 1189
Nakatulong ba ang pahinang ito?