Port 3038: Santak UPS — Power Monitoring from Shenzhen

What Port 3038 Is

Port 3038 is registered with IANA under the service name santak-ups, assigned to Santak Corporation — a Shenzhen-based manufacturer of uninterruptible power supplies (UPS). The registration covers both TCP and UDP.

If you've never heard of Santak, that's geography at work. Santak has been China's dominant UPS brand since the 1980s. In 2008, Eaton acquired Phoenixtec, Santak's Taiwanese parent company, folding Santak into one of the largest power management portfolios in the world.¹ Outside of Asia, though, Santak hardware is rare — and so is this port.

What It Does

The santak-ups service is used by Santak's power monitoring software to communicate with UPS devices. UPS monitoring typically involves polling the device for status: battery charge, input voltage, load percentage, estimated runtime. When power events occur — a sag, a surge, an outage — the software needs to know immediately so it can signal servers to shut down gracefully before the battery runs out.

Santak's management software runs on a host machine connected to the UPS (usually via USB or serial), then exposes a network interface so other systems can query device status. Port 3038 is where that network interface listens.

The protocol details are not publicly documented in an RFC. This is proprietary software talking to proprietary hardware — common in the UPS industry, where vendors have little incentive to publish their communication specs.

The Registered Port Range

Port 3038 sits in the registered port range (1024–49151). These ports require IANA registration but not the same level of standardization as well-known ports (0–1023). Anyone can apply.²

The registered range is where most application-layer services live: databases, game servers, monitoring agents, industrial control systems. Some entries are backed by open standards and widely deployed software. Others, like santak-ups, are vendor-specific and quietly occupy their slot in the registry for decades without attracting much attention.

Is Anything Else Using It?

Possibly. Unregistered use of ports in the registered range is common — developers pick numbers that aren't obviously taken, sometimes without checking the IANA list. Port scanners have flagged port 3038 appearing on systems with no Santak hardware present, which suggests some applications have adopted it informally.

Security databases have noted historical associations with malware on this port, but that's true of almost any port above 1024. Malware tends to use whatever port happens to be available.³

Checking What's on This Port

If you see port 3038 open on a system, check what's listening:

Linux/macOS:

ss -tlnp | grep 3038
# or
lsof -i :3038

Windows:

netstat -ano | findstr :3038
# then look up the PID:
tasklist | findstr <PID>

If it's Santak management software, you'll likely see a process related to a UPS monitoring agent. If you don't have any Santak hardware and something is listening here, it's worth investigating.