Port 2345: Unassigned — A blank port with a history

What This Port Is

Port 2345 is a registered port — in the range from 1024 to 49151 — but IANA has not assigned it to any specific service. It has no official owner, no RFC, no standard protocol.

That doesn't mean it's empty.

The Registered Port Range

The 1024–49151 range exists for services that are real enough to want a semi-permanent home but haven't gone through (or don't need) formal IANA standardization. Registered ports are "soft reservations" — IANA keeps a registry so that widely-deployed applications don't accidentally collide, but enforcement is nonexistent. If you want to run your service on port 2345, nothing stops you.

The ports below 1024 are different. Those are well-known ports, historically restricted to root on Unix systems. HTTP lives at 80. SSH lives at 22. Those assignments have weight.

Port 2345 has no such weight. It's a blank square on the map.

Known Unofficial Uses

GDB remote debugging (Azure Sphere)

Microsoft's Azure Sphere IoT platform uses port 2345 for GDB remote debugging sessions. When an Azure Sphere application launches in debug mode, it opens a GDB server on 192.168.35.2:2345. Developers connect their local GDB client to that address to step through code running on the device. Port 2342 handles console output on the same device.¹

This is a narrow but legitimate use — if you're debugging embedded applications on Azure Sphere hardware, port 2345 is where your debugger talks.

Doly Trojan (late 1990s)

Port 2345 appears in trojan port lists from the late 1990s as the command-and-control port for the Doly Trojan, a remote access and keylogging tool that targeted Windows NT systems. The trojan also exploited a buffer overflow in HP OpenView Network Node Manager's Alarm service, which ran on TCP port 2345 by default.²

The Doly Trojan is thoroughly obsolete. It's in historical malware databases, not active threat feeds. But its presence on port 2345 is why this port occasionally shows up flagged in older security scanners.

How to Check What's Listening Here

If you see traffic on port 2345 and want to know why:

On Linux/macOS:

# Show what process is listening on port 2345
ss -tlnp | grep 2345

# Or with lsof
lsof -i :2345

On Windows:

netstat -ano | findstr :2345

The process ID in the output will tell you who owns it. If you're not running Azure Sphere tools and nothing obvious is there, it's worth investigating.

Why Unassigned Ports Matter

The port space has 65,535 slots. Roughly 1,000 are well-known. Another few thousand are officially registered. That leaves tens of thousands sitting unclaimed — and unclaimed doesn't mean unused.

Applications pick ports for internal reasons (easy to remember, sequential from another port, not obviously taken) without registering them. Two different applications independently choosing the same unassigned port is common enough that firewall rules, container configurations, and debugging setups regularly collide.

Port 2345 is a small illustration of the larger truth: the port registry is a suggestion system. The Internet runs on convention, not enforcement.