Port 2865: pit-vpn — A Ghost in the Registry

What Port 2865 Is

Port 2865 sits in the registered port range (1024–49151). These ports are available for use by applications and services, and anyone can formally request one from IANA — the Internet Assigned Numbers Authority — by submitting an application.

According to the IANA Service Name and Transport Protocol Port Number Registry, port 2865 is assigned to a service called pit-vpn, registered for both TCP and UDP, with a contact named Norbert Sendetzky.¹

That's essentially where the paper trail ends.

The Honest Story

"pit-vpn" doesn't appear to have an RFC, a public codebase, an active project page, or meaningful documentation anywhere on the public Internet. The registration exists. The service, for all practical purposes, does not — or at least not publicly.

This is more common than it sounds. The registered port range contains thousands of entries from projects that were proposed, partially built, quietly abandoned, or never widely deployed. IANA doesn't reclaim ports when projects go dark. The entry stays in the registry indefinitely. Port 2865 is, to all appearances, one of these: officially claimed, effectively a ghost.

It is not to be confused with RFC 2865, which defines RADIUS (Remote Authentication Dial In User Service) — a completely separate and very much alive authentication protocol.² RFC numbers and port numbers occupy different namespaces. The similarity is coincidence.

If You See Port 2865 in the Wild

If something is listening on port 2865 on a system you control, it isn't pit-vpn — it's almost certainly a custom application, a development server, or malware that chose an obscure port precisely because it looks like noise.

To check what's using it:

On Linux or macOS:

sudo ss -tlnp | grep 2865
# or
sudo lsof -i :2865

On Windows:

netstat -ano | findstr :2865

The output will show the process ID. Cross-reference that with Task Manager or ps aux to identify the application.

Why Unassigned and Ghost Ports Matter

The registered port range was designed to bring order to a chaotic middle ground — not as privileged as the well-known ports (0–1023), not as ephemeral as the dynamic ports (49152–65535). Anyone can register here, but unlike the well-known range, registration doesn't guarantee the service ever materialized.

This matters for security. Obscure port numbers provide no real protection. A port that looks empty in a registry might be actively used by legitimate software on your network, or by something that specifically chose it to avoid scrutiny. Trust what's actually listening on a port, not what a registry says should be there.