Port 2322: ofsd — A Name Without a Story

What Range This Port Belongs To

Port 2322 falls in the registered ports range (1024–49151). These are ports that applications and services have officially claimed with IANA — the Internet Assigned Numbers Authority, the organization that keeps the global directory of port assignments.

Unlike the well-known ports (0–1023), registered ports don't require elevated system privileges to open. Any process can listen on port 2322. What keeps the range orderly is the registration system: if you want your service to have an official home here, you apply to IANA and they record your claim.

What's Registered Here

Port 2322 is officially registered under the service name ofsd, for both TCP and UDP.

That's where the official record ends. No description. No RFC. No contact. No explanation of what "ofsd" stands for or what it does.¹

This isn't unusual for older registrations. In the early years of the Internet, IANA accepted registrations with minimal documentation. Many of those entries survive in the registry today — names without context, anchors without ships.

"Ofsd" likely stands for something — possibly a file system daemon, possibly a proprietary internal service from a company that no longer exists. The name format (*fsd suggesting "file system daemon") is a common Unix convention. But without documentation, that's speculation.

What's Actually on This Port in the Wild

Because the official registration is empty, port 2322 has no strong conventional use in the wild. Security scanning databases flag it with generic observations: occasionally seen in network traffic, occasionally associated with custom application servers, occasionally appearing in older trojan port lists — though no specific named malware family is documented here.²

The honest answer is: if something is listening on port 2322 on your machine, it's almost certainly a local application that chose this port for its own reasons, not something following a standard.

How to Check What's Listening

If port 2322 shows up in a scan or connection log, these commands tell you what's using it:

macOS / Linux:

# Show what process is listening on port 2322
lsof -i :2322

# Or with ss (Linux):
ss -tlnp | grep 2322

Windows:

netstat -ano | findstr :2322

The output includes the process ID (PID). Cross-reference that with your process list to identify the application.

Why Unassigned-in-Practice Ports Matter

The registered port range has over 48,000 slots. Most of them are either unused or sparsely documented. This creates real operational value: it gives software developers a reliable space to register custom protocols without colliding with well-known services.

It also creates a practical reality: any port in this range could be running anything. A web server, a game server, a monitoring agent, a custom database protocol, or something you didn't install. The IANA registry is the starting point for investigation, not the final word.

When you see unexpected traffic on a registered port, the first question isn't "what is this port supposed to do?" — it's "what is actually running here, on this machine, right now?"