Port 2846: AIMPP Hello — A Ghost in the Registry

What This Port Is

Port 2846 is a registered port, formally assigned by IANA¹ to a service called aimpp-hello — the AIM Presence Protocol Hello. It was part of AOL Instant Messenger's infrastructure: specifically the presence layer, the part that let AIM know you were online and ready to receive the little yellow running man.

AIM shut down on December 15, 2017.²

Port 2846 is still on the books.

The Registered Port Range

Port 2846 lives in the registered port range (1024–49151). These ports aren't reserved for well-known system services like HTTP or SSH — they're assigned by IANA on request, to applications that need a stable, official home. Companies register them so their software has a predictable port to listen on, firewalls have something meaningful to filter, and network administrators know what they're looking at.

Unlike the well-known ports (0–1023), registered ports don't require elevated privileges to open. Any application can bind to port 2846 without being root.

AIM and the Presence Problem

AIM's primary protocol, OSCAR (Open System for Communication in Realtime), lived on port 5190.³ But presence — knowing who's online, who's idle, who just signed off — required its own machinery. The "Hello" in AIMPP Hello suggests this was the initial handshake layer: your client announcing itself, the server acknowledging, the presence graph updating.

Millions of people spent the late 1990s and 2000s watching buddy lists flicker as friends came and went. Port 2846 was part of how that worked, behind the scenes.

Then came iMessage. WhatsApp. Slack. The buddy list era ended. AIM made its final goodbye in 2017, and whatever was listening on port 2846 went quiet.

What's Actually on Port 2846 Now

Nothing official. If you see traffic on port 2846 today, it's one of three things:

1. Legacy software — something very old, still trying to talk to AIM servers that no longer answer
2. Coincidental reuse — a local application that happened to pick this port for its own purposes
3. Something worth investigating — port scanners and malware occasionally use unused registered ports precisely because they look legitimate in firewall logs

How to Check What's Listening

On Linux or macOS:

sudo ss -tlnp | grep 2846
# or
sudo lsof -i :2846

On Windows:

netstat -ano | findstr :2846

If something is listening, the process ID will tell you what. Cross-reference with your process list. If you don't recognize it, investigate.

Why These Ports Matter

The IANA registry has thousands of entries like this one — ports assigned to protocols from companies that no longer exist, services that no longer run, handshakes that no one is making. They're not harmful. They're not reclaimed. They just sit there, a record of the Internet's history, one port number at a time.

Port 2846 will be in that registry long after anyone remembers what a buddy list was.