Port 3115: MCTET Master — A Registered Ghost

What Range This Port Belongs To

Port 3115 sits in the registered ports range (1024–49151). This middle tier of the port numbering system was designed for well-known applications that aren't core Internet infrastructure. Unlike the well-known ports below 1024 (which require root/administrator privileges to bind on most operating systems), registered ports are freely bindable by any user-level process.

IANA maintains the registry for this range. Companies and developers can submit a registration to claim a port for their protocol. The process creates official record — a service name, a contact, a date — but it doesn't require ongoing documentation or proof of deployment. Once registered, a port is registered.

The Official Registration: MCTET Master

IANA lists port 3115 as MCTET Master (service name: mctet-master), registered in January 2005 by Portnoy Boxman at BMC Software. ¹

Two sibling ports came with it:

The three-port cluster suggests a real architecture: a master node, a gateway, and a Java service. Someone designed something. But what?

BMC Software is a major enterprise IT management company, known for products like Remedy and TrueSight — software that monitors servers, orchestrates IT workflows, and manages large infrastructure deployments. MCTET was likely a proprietary internal communication protocol for one of these products. But no RFC was ever filed. No public documentation exists. No forum posts describe troubleshooting it. The acronym doesn't appear in any technical standard.

MCTET is a registered ghost.

What This Means in Practice

If you see port 3115 open on a machine, it almost certainly isn't running MCTET. That protocol either never shipped, was replaced before reaching production, or lives only inside private BMC customer environments — silently doing its job with no public footprint.

More likely explanations for port 3115 traffic:

• A development server running on an arbitrary high port
• A game, VPN, or application that picked this port because it was available
• Something custom — an internal tool, a microservice, a tunnel

The registered status offers no practical guidance here. The registration is real; the protocol is not findable.

How to Check What's Listening on Port 3115

If you see port 3115 active on your system or network, check what's actually using it:

On Linux/macOS:

# Show what process has port 3115 open
ss -tlnp | grep 3115

# Alternative with lsof
lsof -i :3115

On Windows:

netstat -ano | findstr :3115

Then look up the process ID to identify the application. The port number tells you almost nothing — the process name tells you everything.

On a remote host:

# Check if port 3115 is open from outside
nmap -p 3115 <hostname>

# Attempt to grab a banner (if a service responds)
nc -zv <hostname> 3115

Why Registered-But-Abandoned Ports Matter

The registered port range has 48,128 slots. Many are actively used. Some — like port 3115 — are claimed by services that never materialized publicly, or that existed inside corporate walls where they'll never be seen.

This matters for a few reasons:

Security scanning can produce false positives. If a vulnerability scanner flags port 3115 as "MCTET Master," that label is technically correct but practically meaningless. Don't let the name mislead you into thinking you know what's running.

Port selection for new services. Developers picking a high port for a new service should still check the IANA registry, even knowing that some registrations are ghosts. An open registration might still mean something runs there in some environment.

The registry is a historical artifact. It captures intent — someone, somewhere, cared enough to register these three ports. The record of that intent outlasts the protocol itself.