Port 10179: BGP Monitoring Protocol — The Internet's Route Watchdog

What Runs Here

Port 10179 is the standard listening port for BGP Monitoring Protocol (BMP), defined in RFC 7854 ¹. It's how network operators and ISPs monitor the health, stability, and behavior of BGP (Border Gateway Protocol)—the protocol that decides how packets find their way across the Internet's backbone.

How It Works

BMP is unidirectional and purpose-built for visibility. Here's the flow:

A router (or any BGP speaker) is configured to send monitoring data to a BMP collector. The router acts as a client, establishing a TCP connection to the collector listening on port 10179 and streaming real-time BGP session information:

• Initiation messages that identify the router, its hostname, and software version
• Peer Up messages announcing when BGP neighbors come online
• Route Monitoring messages that dump the Adj-RIBs-In—the BGP routes a router has received from its neighbors, before any local filters

The collector sits and receives. No acknowledgments. No back-and-forth. Just the raw state of BGP sessions flowing in.

Why This Matters

BGP decides which path your packets take across the Internet. It decides if traffic goes through your ISP's network or a competitor's. It decides if a hijack attack succeeds or fails. Without visibility into BGP decisions, network operators are flying blind.

BMP solves this. By listening on port 10179, a network operator can:

• Detect when a BGP peer goes down before customers call complaining
• Spot route announcements that look wrong (a sign of misconfiguration or attack)
• Track the evolution of the routing table in real-time
• Debug complex multi-path routing issues without waiting for syslog

A single large ISP or Internet Exchange Point (IXP) might have dozens of routers streaming BMP data to one or more collectors. Millions of route changes per second, flowing to port 10179, being indexed and analyzed.

The Registration

Port 10179 is registered with IANA, assigned officially to BMP ¹. It's in the registered port range (1024-49151), meaning it requires no special privileges to listen on—unlike ports below 1024—but it's been officially allocated so services can rely on it not being reassigned.

Where You Find It

• Network Operations Centers (NOCs) of ISPs and large enterprises
• Internet Exchange Points (IXPs) that need visibility across hundreds of member networks
• BGP monitoring tools like Akvorado, NTOP, and open-source collectors built on FRRouting ²
• Juniper routers, Cisco routers, Nokia devices—most modern BGP implementations support BMP

Related Ports

• Port 179 (BGP) — The port where BGP sessions themselves happen. Port 10179 watches port 179.
• Port 514 (Syslog) — Where BGP routers send text logs. Less structured than BMP, but older.
• Port 8080 (HTTP) — Where many BMP collectors expose dashboards and APIs for viewing the collected data.

How to Check

To see if something is listening on port 10179:

# macOS / Linux
netstat -an | grep 10179
lsof -i :10179

# Comprehensive check with service info
ss -tlnp | grep 10179

If you see connections, you're likely looking at a BGP monitoring setup. The connection initiators (clients) are routers; the listeners (servers) are BMP collectors.