Port 3559: CCTV Control — A Registered Ghost

What This Port Is

Port 3559 is registered with IANA under the service name cctv-port, described as a "CCTV control port." The registration was submitted in July 2002 by John Skidmore of Vicon Industries, a manufacturer of professional security cameras and video management systems.¹

Both TCP and UDP are registered.

The Company Behind It

Vicon Industries (later Vicon Security) makes network video surveillance equipment — cameras, digital video recorders, and the software to manage them. In the early 2000s, as surveillance systems moved from dedicated analog cabling to IP networks, manufacturers needed ports for their proprietary management protocols. Registering with IANA was the right thing to do. Vicon did it.

Whether port 3559 ever saw significant deployment, or whether Vicon's protocol changed over the years as their product line evolved, isn't publicly documented. Their current systems use a different set of ports — 80, 443, and 554 for RTSP streaming — and port 3559 doesn't appear in any current Vicon documentation.²

This is common. A protocol gets a number, the product gets updated, and the IANA registration becomes a historical artifact.

What Range This Port Belongs To

Port 3559 sits in the registered ports range (1024–49151). These are not reserved for critical infrastructure like the well-known ports below 1024. They're a registry — a first-come, first-served list where organizations can claim a number so their application has a consistent, known home on the network.

Registration doesn't mean the port is actively used. It means someone, at some point, had a protocol and wanted a number for it.

Is Anything Using Port 3559 Today?

Possibly. Older Vicon DVR systems may still be running in the field. Security camera infrastructure is notoriously long-lived — cameras installed in 2005 sometimes run until the hardware physically fails. If you find port 3559 open on a system, a legacy Vicon surveillance device is a plausible explanation.

It's also possible it's something else entirely. Unregistered software picks ports opportunistically, and 3559 is as likely a choice as any other number in the registered range.

How to Check What's Listening

To see if anything on your machine is using port 3559:

Linux / macOS:

# Show process listening on port 3559
lsof -i :3559

# Alternative
ss -tulpn | grep 3559

Windows:

# Show process ID listening on port 3559
netstat -ano | findstr :3559

# Then look up the process
Get-Process -Id <PID>

If something unexpected is listening, identify the process before assuming the worst. Legitimate software uses unusual ports all the time.

Why Unassigned (and Lightly Used) Ports Matter

The registered ports range exists as a coordination mechanism. Without it, two popular applications might independently choose port 3559, and every firewall and network administrator would have to figure out which one they're dealing with. The registry prevents that collision — at least in theory.

In practice, the registry is incomplete. Plenty of software uses ports without registering. Plenty of registered ports are obsolete. The registry is a map of intent, not a live census of what's actually running.

Port 3559 is a minor footnote in that map: evidence that in 2002, someone at a surveillance company thought their protocol deserved a permanent home on the Internet.