Port 634: ginad — A Ghost From Apple's Past

Port 634 is a technological fossil. It was officially assigned to ginad, a network service that supported NetInfo—Apple's distributed directory database in Mac OS X systems up through Tiger (10.4). The service disappeared in 2007 when Mac OS X Leopard replaced NetInfo with modern directory services, yet the port remains registered in the IANA well-known ports registry.

What ginad Was

The name "ginad" likely stood for a network information daemon that worked with NetInfo—Apple's hierarchical distributed database for managing system configuration.¹ NetInfo kept track of administrative data: user accounts, groups, email configurations, network filesystems (NFS), printers, and other network resources.

Port 634 was used for RPC-based communication between NetInfo clients and servers, allowing processes on a Mac to query the directory for information about users, services, and network resources.

The NetInfo Era

NetInfo came from NeXTSTEP and was part of Mac OS X from its inception until Mac OS X Tiger (10.4).² It was a directory service—a way for the operating system to know who you are, what printers exist, what servers are available, and how everything is configured.

In Mac OS X Server 10.2, Apple began including OpenLDAP as part of Open Directory as an alternative to NetInfo. By Mac OS X Leopard (10.5) in 2007, NetInfo was completely phased out and replaced by a new local search node called dslocal.³

When NetInfo died, port 634 became irrelevant.

Why This Port Matters

Port 634 is an example of permanent infrastructure marking temporary technology. The IANA port registry doesn't delete assignments when services become obsolete—the number remains reserved even though nothing uses it anymore.

If you see traffic on port 634 today, it's either:

• A legacy Mac OS X system running Tiger or earlier (extremely rare)
• Software that hardcoded the port for some other purpose
• Potentially malicious activity—old, unused ports sometimes get repurposed by malware because administrators aren't monitoring them

Security Considerations

Because ginad hasn't been a legitimate service since 2007, any traffic on port 634 should be investigated. Attackers sometimes use abandoned well-known ports because they're less likely to trigger alerts.

If you see port 634 listening on a modern system:

# Check what's listening
lsof -i :634
netstat -an | grep 634

# Linux/macOS: See which process owns it
sudo ss -tulpn | grep :634

The Port's Place in History

Port 634 belongs to the well-known ports range (0-1023), which are assigned by IANA and typically require root/administrator privileges to bind to. This range contains the Internet's core services—HTTP on 80, HTTPS on 443, SSH on 22.

Port 634 was assigned during an era when Apple was building out network services for Mac OS X. It was never widely used outside the Apple ecosystem, and even within that ecosystem, it only mattered for about seven years—from Mac OS X's launch in 2001 to Leopard's release in 2007.

Related Ports

NetInfo used several ports for communication:

• Port 1033: NetBoot used this port for network information services
• Port 687: Used by some NetInfo implementations

Modern macOS systems use:

• Port 389: LDAP (Lightweight Directory Access Protocol)
• Port 636: LDAPS (LDAP over SSL/TLS)