Port 3196: ncu-2 — A Registration with No Memory

What Port 3196 Is

Port 3196 sits in the registered ports range (1024–49151). These ports are assigned by IANA to specific services upon request — anyone with a protocol can apply for a registration. Unlike the well-known ports (0–1023), registered ports don't require elevated privileges to use, and their assignments vary widely in how active and meaningful they are.

Port 3196 is officially assigned to a service called ncu-2 (Network Control Unit) for both TCP and UDP. The registration contact points to an address at rdsrv.reco.com.tw, a Taiwanese host. Beyond that, the record goes quiet. No RFC. No documentation. No known implementation. No community awareness of what this service does or whether it ever shipped.

This happens more than you'd expect. The registered ports range contains thousands of assignments made over decades — some for thriving protocols, some for products that were quietly discontinued, and some that appear to have never launched at all.¹

What You'll Actually Find on Port 3196

If you see traffic on port 3196, it almost certainly isn't ncu-2. Applications frequently use ports opportunistically — especially in the dynamic/ephemeral range — but registered ports sometimes get conscripted too. Common candidates when an unrecognized registered port shows activity:

• A custom application or internal tool using a convenient port number
• A misconfigured or legacy service
• Malware that picked an obscure registered port to blend in

None of these are the intended "Network Control Unit." They're just squatters in a vacant lot.

How to Check What's Listening

On Linux or macOS:

# Show which process is listening on port 3196
sudo lsof -i :3196

# Or with ss (faster on modern Linux)
sudo ss -tlnp sport = :3196

On Windows:

# Find the process using port 3196
netstat -ano | findstr :3196
# Then look up the PID
tasklist | findstr <PID>

If something is listening, check the process name. If it's unfamiliar, that's worth investigating.

Why This Matters

Port 3196 is a small example of a broader truth about the registered ports range: registration does not equal relevance. IANA's registry is a historical record as much as it's an active directory. Ports get claimed, services get abandoned, companies disappear — but the registration persists.

This matters for security. A port that looks legitimate because it has an IANA entry isn't automatically trustworthy. The name "Network Control Unit" sounds official. The reality is a registration with no backing documentation and no known users. If something shows up on this port, the registry gives you almost nothing to work with — which is itself useful to know.