Port 1917: nOAgent — A Reserved Port for Abandoned Software

Port 1917 is a registered port, assigned by IANA to nOAgent, the agent component of netOctopus, a network management system built by Netopia, Inc. in the late 1990s.

The software no longer exists. The port registration does.

What netOctopus Was

netOctopus was a Mac-centric enterprise systems management tool. It consisted of two pieces: a central administrator application and a lightweight agent (nOAgent) installed on every managed machine. The agent communicated back to the administrator over TCP and UDP on port 1917, handling tasks like hardware inventory, software deployment, and remote configuration.

Netopia released several versions through the early 2000s. In February 2007, Motorola acquired Netopia. The network management product line was eventually discontinued.

If you see traffic on port 1917 today, it is almost certainly not netOctopus. ¹

The Registered Port Range

Port 1917 sits in the registered ports range (1024–49151). This range works differently from the well-known ports below 1024:

• Well-known ports (0–1023) require IANA assignment and root/administrator privileges to bind
• Registered ports are documented by IANA but don't require elevated privileges to use
• Any application can open a registered port without special permission

IANA maintains these registrations indefinitely. When a company or product disappears, the port number doesn't get recycled. It stays in the registry, frozen, a forwarding address for software that no longer picks up mail. ²

What Might Actually Be on This Port

If port 1917 is open on a machine you're examining, the candidates are:

• Misconfigured or custom application: Developers sometimes pick port numbers without consulting IANA, especially in this range
• Malware or backdoor: Port databases flag 1917 as occasionally associated with malicious software, though no specific widespread threat is documented
• Nothing meaningful: Many port scanners will show ports as "open" when a process has bound to a dynamically assigned port that happens to be 1917

The number itself carries no guarantee of what's behind it.

How to Check What's Listening

On Linux or macOS:

# Show what process is bound to port 1917
sudo lsof -i :1917

# Or with ss (Linux)
sudo ss -tlnp sport = :1917

On Windows:

netstat -ano | findstr :1917

Then cross-reference the process ID against Task Manager or ps aux to identify the application.

Why Unassigned (or Abandoned) Ports Matter

The registered port range has 48,128 slots. Most are empty, and a meaningful number hold registrations for products that no longer exist. This creates a practical problem: when you see an unfamiliar port open on a system, you can't assume the IANA registration is current or that the software is what it claims to be.

Unassigned and abandoned ports are useful precisely because of their ambiguity. Malware authors know that a connection on port 1917 is unlikely to trigger automated alerts (no well-known service, no common firewall rule). For defenders, that same ambiguity means any unexpected traffic on an obscure registered port deserves a second look.