Port 1977: TCO Address Book — A Registered Ghost

What Port 1977 Is

Port 1977 sits in the registered port range (1024–49151) and carries an official IANA assignment: a service called TCO Address Book, registered for both TCP and UDP by an individual named Allan Panitch.¹

The software itself has vanished. No documentation survives. No active deployments are known. Port 1977 is, in practice, unoccupied.

The Registered Port Range

Ports 1024 through 49151 are registered ports. Unlike well-known ports (0–1023), which require operating system privileges to bind, registered ports can be claimed by any application. IANA maintains the registry as a coordination mechanism: if you're building software that needs a consistent port, you can apply for an assignment so your choice doesn't collide with someone else's.

The system works when software endures. When it doesn't, you get entries like port 1977: a name in a database, pointing at nothing.

There are thousands of registered ports in this condition. Software companies fold. Products get deprecated. Open-source projects are abandoned. The IANA registry doesn't expire registrations, so the ghost entries accumulate. The registry is as much a historical artifact as a living directory.

What's Actually on Port 1977 in the Wild

Nothing specific. Port 1977 is not associated with any malware family, scanning campaign, or modern application in current threat intelligence databases.

If you see traffic on port 1977 on your network, it's most likely:

• A custom application that chose this port arbitrarily
• A misconfigured service
• A port scanner sweeping the registered range
• Legitimate but highly obscure software with an old IANA registration

How to Check What's Listening

If port 1977 is open on a machine you control, these commands will tell you what's using it:

Linux/macOS:

# Show what process has port 1977 open
ss -tlnp sport = :1977

# Or with lsof
lsof -i :1977

Windows:

netstat -ano | findstr :1977

The process ID in the output can then be matched against Task Manager or tasklist to identify the application.

Why Unassigned (and Ghost-Assigned) Ports Matter

The port numbering system was designed with the assumption that software would persist. A number would be claimed, a protocol would be written, and implementations would follow. For well-known ports, this largely held: port 22 still runs SSH, port 443 still carries HTTPS.

The registered range tells a different story. It's a graveyard of 1990s enterprise software, abandoned protocols, and products whose companies were acquired and their ports never returned. This isn't a flaw exactly — there's no mechanism to reclaim ports from defunct software without risking breaking something running a very old implementation somewhere.

Port 1977 is a small, honest example of this. Someone registered it. The software is gone. The number waits.