Port 2173: MS Firewall Replication — A registered port for a retired product

Port 2173 sits in the registered port range (1024–49151) and carries an official IANA assignment: msfw-replica, short for Microsoft Firewall Replication. But the product that gave it that name — Microsoft ISA Server — was discontinued over two decades ago.

What It Was

Microsoft ISA Server (Internet Security and Acceleration Server) was a corporate firewall and web proxy product from the late 1990s and early 2000s. Enterprises running ISA Server could deploy multiple servers in an array configuration for high availability and load balancing.

Port 2173 was used for replication between array members — the internal communication channel that kept configuration, policy, and state synchronized across ISA Server nodes. If you had two ISA Server machines forming a redundant pair, they talked to each other on port 2173.

ISA Server was replaced by Forefront Threat Management Gateway (TMG), which itself was discontinued in 2012. Neither product is sold or supported today.

What the Port Means Now

The IANA registration for port 2173 (TCP and UDP) remains active in the registry. That's not unusual — IANA rarely revokes registrations, because removing an assignment could theoretically conflict with legacy systems still running ancient software somewhere. The port namespace keeps its history.

In practice, if you see traffic on port 2173 today, it's one of three things:

1. Genuinely ancient infrastructure — an ISA Server installation that was never decommissioned
2. Informal use — some application, game, or tool that chose this port for its own purposes, knowing IANA's msfw-replica assignment is functionally dormant
3. Malicious traffic — port scanners and malware sometimes probe registered-but-dormant ports, knowing defenders are less likely to monitor them

How to Check What's Using It

On Linux or macOS:

sudo ss -tlnp | grep 2173
sudo lsof -i :2173

On Windows:

netstat -ano | findstr :2173
Get-Process -Id (Get-NetTCPConnection -LocalPort 2173).OwningProcess

If something is listening on port 2173 on a modern system and you didn't put it there, it warrants investigation.

Why Registered Ports Have Holes Like This

The registered port range contains over 48,000 port numbers. IANA has assigned a fraction of them. The rest are either formally unassigned (available for registration) or registered for products and services that no longer exist.

This creates a practical reality: any software can choose to use any unmonitored registered port. Developers pick them for internal tools, games, development servers, and private protocols. The IANA assignment for a dormant product is functionally no different from an unassigned port — except that the name in the registry sometimes helps you understand what you're looking at.

Port 2173 is a small example of how the port namespace accumulates history. The Internet keeps running. Old registrations stay. New software makes its own choices. The map and the territory slowly diverge.