Port 1739: webaccess — A Name Without a Protocol

What Port 1739 Is

Port 1739 sits in the registered port range (1024–49151). IANA lists it under the service name "webaccess" for both TCP and UDP, assigned to a private individual named Christian Saether.¹

That's where the trail ends. No RFC documents it. No widely deployed software ships with it. No protocol specification explains what "webaccess" on port 1739 was meant to do.

The Registered Port Range

Ports 1024 through 49151 are "registered" ports — a middle tier between the well-known ports (0–1023, which require root/administrator access to bind) and the ephemeral ports (49152–65535, which operating systems hand out temporarily for outgoing connections).

Anyone can apply to IANA to register a port in this range. The bar is low: fill out a form, describe your intended use, and pay nothing. IANA records the assignment but doesn't verify that the software actually ships or that the protocol gets documented. The result is a registry full of entries like port 1739 — names attached to nothing.²

Known Unofficial Uses

None confirmed. Some port scanning databases flag port 1739 as historically associated with generic "virus" activity, but this is true of hundreds of unoccupied ports — malware occasionally squats in quiet neighborhoods precisely because nobody is watching.³

There is no known legitimate application that defaults to port 1739.

How to Check What's Listening

If you see traffic on port 1739 and want to know the source:

On Linux/macOS:

# Show what process is listening on port 1739
sudo ss -tlnp | grep 1739
# Or with lsof:
sudo lsof -i :1739

On Windows:

netstat -ano | findstr :1739

The process ID in the output can be matched to a program in Task Manager or with tasklist.

Why Unassigned-in-Practice Ports Matter

The registered port range holds 48,128 port numbers. Most are actively used. Some are stranded registrations from projects that never launched — and that creates a real problem.

When you configure a firewall or write a security policy, you have to decide: block everything unusual, or allow everything not explicitly malicious? A port like 1739 forces the question. Its IANA entry gives it a patina of legitimacy, but no documentation tells you what legitimate traffic actually looks like.

The honest answer: if you see unexpected traffic on port 1739, treat it as suspicious until proven otherwise. A legitimate "webaccess" application on this port would be extraordinarily rare.