Port 656: Unassigned — A gap in the well-known range

Port 656 is unassigned. It sits in the well-known port range (0-1023)—the carefully managed registry where IANA assigns port numbers to established protocols—but nobody ever claimed it officially. It's one of the gaps in the registry, a number without a protocol attached to it.

That doesn't mean nothing uses it.

What Range This Port Belongs To

Port 656 falls within the well-known ports range (0-1023). This range is reserved for system services and standardized protocols assigned by the Internet Assigned Numbers Authority (IANA). Ports in this range are supposed to be used only by officially recognized services—things like HTTP on port 80, HTTPS on port 443, SSH on port 22.¹

But port 656 has no official assignment for either TCP or UDP. It's an empty chair at a table reserved for important protocols.

Unofficial Uses

When a port has no official owner, informal uses emerge:

Mac OS X NetInfo — Apple's Mac OS X systems have used port 656 for NetInfo, an RPC-based directory service that predated modern LDAP implementations. NetInfo handled user accounts, network configuration, and other directory services on older Mac systems.²

I2P Anonymous Network — Port 656 has been associated with I2P (Invisible Internet Project), a network layer that provides anonymous communication. I2P routes traffic through volunteer-run nodes to obscure the origin and destination of packets.²

Malware Activity — Port 656 has been flagged in the past for use by trojans and viruses. This doesn't mean the port itself is dangerous—just that malicious actors have exploited it for command-and-control communication or data exfiltration.³ Finding port 656 open on a system doesn't automatically indicate infection, but it's worth investigating what's listening.

Why Unassigned Ports Matter

The well-known ports range exists to prevent chaos. If every application picked random ports for its services, clients wouldn't know where to connect. Port 80 for HTTP works because everyone agrees that's where web servers listen.

Unassigned ports like 656 represent potential—numbers waiting for protocols that might emerge, or simply gaps that never got filled. Sometimes unofficial uses become so widespread that IANA eventually grants official recognition. Sometimes ports remain in limbo, claimed by no one but used by many.

The danger of unassigned ports is ambiguity. When a port has no official service, you can't assume what should be listening there. If you see port 656 open, you need to investigate: Is it NetInfo on an old Mac? I2P traffic? Or something that shouldn't be there at all?

How to Check What's Listening

On Linux or macOS, use lsof or netstat:

# Show what's listening on port 656
sudo lsof -i :656

# Or with netstat
sudo netstat -tulpn | grep :656

On Windows, use netstat:

# Show what's listening on port 656
netstat -ano | findstr :656

If something is listening on port 656, verify what process owns it. On systems where NetInfo or I2P are legitimately running, this is expected. On others, it's worth understanding why the port is open.

The Honest Truth About Port 656

Port 656 is a reminder that the Internet's nervous system has gaps—numbers allocated but never claimed, spaces where unofficial services take root. It's not inherently dangerous, but it's also not protected by the clarity of an official assignment.

When you find port 656 open, you're encountering a part of the port range where convention matters less than investigation. What's supposed to be there? Nothing officially. What might actually be there? NetInfo, I2P, legacy RPC services, or something you need to remove.

Unassigned ports are the wild spaces in a carefully organized system. Port 656 is one of them.