Port 20000: DNP3 — The Protocol That Keeps the Lights On

Port 20000 carries DNP3 (Distributed Network Protocol version 3), the communication standard that connects SCADA master stations to the remote devices controlling electric grids, water treatment plants, and oil pipelines.¹²

When a utility operator clicks a button in a control center to open a circuit breaker 50 miles away, that command travels through port 20000.

What DNP3 Does

DNP3 enables communication between SCADA Master Stations (control centers) and field equipment: Remote Terminal Units (RTUs) and Intelligent Electronic Devices (IEDs). These are the boxes in substations and pumping stations that actually control valves, switches, and circuit breakers.³

The protocol handles both directions:

• Outbound: Commands from operators ("open this breaker," "start this pump")
• Inbound: Status updates and measurements from field devices ("voltage is 138kV," "valve position: 47% open")

Port 20000 supports both TCP (for reliable delivery) and UDP (for faster, connectionless communication).⁴

The Story Behind the Protocol

In 1993, the electric utility industry had a problem: hundreds of proprietary protocols, none of which could talk to each other. Every vendor had their own way of doing things. Interoperability was a nightmare.⁵

GE-Harris Canada (then called Westronic) took the partially completed IEC 60870-5 specifications and built something immediately implementable for North American requirements. They called it DNP3 and released it to the public domain in 1993.⁶

The goal was simple: create one open, standards-based protocol that could replace all those proprietary systems. It worked. DNP3 became the de facto standard for electric utilities in North America, then spread to water systems, oil and gas, and transportation.⁷

In 2010, IEEE ratified it as Standard 1815.⁸

Why This Port Matters

Port 20000 isn't carrying web pages or email. It's carrying the commands that keep critical infrastructure running. The protocol was designed for reliability in harsh environments—substations, remote pumping stations, places where equipment needs to work for decades.

DNP3 has evolved to handle modern concerns: IP networks instead of serial lines, cybersecurity features to prevent unauthorized control, integration with newer standards like IEC 61850.⁹

Every time you flip a light switch, there's a decent chance the power reaching your home is managed by systems communicating over port 20000.

Security Considerations

Because DNP3 controls physical infrastructure, it's a target. Unauthorized access to port 20000 could allow an attacker to send commands to field devices—opening breakers, closing valves, disabling safety systems.

Modern implementations use DNPSec (DNP3 Secure Authentication) to prevent unauthorized commands and ensure message integrity. Utilities typically isolate SCADA networks from the public Internet, but port 20000 should never be exposed without strong authentication and encryption.¹⁰

If you see port 20000 open on a system facing the Internet, that's a red flag.

Related Ports

• Port 102: IEC 60870-5-104, another SCADA protocol common in Europe
• Port 502: Modbus TCP, used in industrial automation
• Port 2404: IEC 61850 MMS, for substation automation

How to Check What's Listening

To see if DNP3 is running on port 20000:

# Linux/Mac
sudo lsof -i :20000
sudo netstat -tulpn | grep 20000

# Windows
netstat -ano | findstr :20000

If you're working with SCADA systems, you'll know if DNP3 should be running. If you're not, and port 20000 is listening, investigate immediately.