1. Ports
  2. Port 3652

Port 3652: VxCR NBU — The Ghost Registration

What Port 3652 Is

Port 3652 sits in the registered port range (1024-49151). This range is managed by the Internet Assigned Numbers Authority (IANA), which maintains the official list of who claims what. Unlike the well-known ports (0-1023), registered ports don't require root or administrator privileges to open, and their assignments are less strictly enforced.

According to the IANA registry, port 3652 is assigned to VxCR NBU Default Port, registered in January 2003.1 NBU almost certainly stands for Network Backup Utility. Beyond that, the trail goes cold.

The Ghost

There is no publicly available documentation for VxCR NBU. No product pages. No vendor website. No support forums. No mentions in backup software communities. The software was registered with IANA, which means someone believed in it enough to stake a claim on a port number, and then it disappeared — or more likely, never shipped widely enough to leave a footprint.

This happens more than you'd think. The registered port range has thousands of entries from the 1990s and 2000s, many from companies that were acquired, products that were abandoned, or software that served a single enterprise customer and never went further. The IANA registry is a graveyard as much as a directory.

Port 3652 is not dangerous. It's not associated with any known malware or attack campaigns. It's just... quiet.

If You See This Port in Use

If port 3652 shows up on a system you're monitoring, it's almost certainly not VxCR NBU. More likely candidates:

  • A custom application that picked an obscure registered port to avoid conflicts
  • Development or testing software using a non-standard port
  • Something that genuinely needs investigating

To find out what's actually using it:

On Linux or macOS:

sudo lsof -i :3652
sudo ss -tlnp | grep 3652

On Windows:

netstat -ano | findstr :3652
# Then look up the PID:
tasklist | findstr <PID>

Why Unassigned (and Ghost-Assigned) Ports Matter

The registered port range exists to reduce collisions — two pieces of software accidentally choosing the same port and fighting over it. The system works imperfectly. Registrations lapse, companies disappear, software evolves onto different ports.

The practical result: most software running on registered ports is doing so legitimately. But "registered" doesn't mean "active," and "unregistered" doesn't mean "suspicious." Context — the process, the traffic, the system — matters far more than the port number itself.

Frequently Asked Questions

Önceki

Port 3651: XRPC Registry — Assigned but Absent

Sonraki

Port 3653: TSP — the Tunnel Negotiator

Bu sayfa faydalı oldu mu?

😔
🤨
😃