Port 1622 lives in the registered range (1024-49151)—the middle territory between the famous well-known ports and the free-for-all ephemeral range. It's claimed for a specific purpose, but chances are you've never seen traffic on it.
What Uses Port 1622
This port is the default agent listening port for NetIQ Security Solutions on IBM iSeries (AS/400) systems.1 When the ZPSE subsystem is active on an iSeries server, the NetIQ agent listens here for security management requests. The agent then sends results back on either port 1621 (standard) or port 1626 (SSL encrypted).
NetIQ Security Solutions provides identity management, access governance, and security monitoring for enterprise systems. On IBM's iSeries platform (formerly AS/400), the software uses port 1622 as its control channel.
The Registered Range
Port 1622 sits in the registered port range—ports that IANA has assigned to specific services or applications, but that aren't universally standardized like the well-known ports (0-1023). Think of it as a claim stake: NetIQ registered this port for their iSeries agent, but there's no guarantee every system respects that claim.
This is the nature of registered ports. They're meant for specific applications, but enforcement is voluntary. On a random server, you might find something completely different listening on 1622.
Security Considerations
Like many registered ports, 1622 has occasionally been misused. Some malware has used this port for command and control communications, taking advantage of the fact that most networks don't actively monitor traffic on obscure registered ports.2
If you see unexpected traffic on port 1622 and you're not running NetIQ on iSeries systems:
- Investigate what process is listening
- Check if it's legitimate software or potential malware
- Block the port at your firewall if it's not needed
Checking What's Listening
On Linux or macOS:
On Windows:
If something is listening and you don't recognize it, investigate before assuming it's malicious. It could be legitimate enterprise software you weren't aware of—but it's worth verifying.
Why Unassigned Ports Matter
Most ports in the registered range are like 1622—claimed for specific purposes but unknown to most of the Internet. They serve narrow use cases: enterprise software, legacy systems, proprietary protocols. This specialization is actually useful. It means:
- Predictability — NetIQ can document "use port 1622" and it usually won't conflict with other software
- Flexibility — The registered range provides thousands of ports for applications that need consistent port numbers without claiming well-known status
- Choice — Developers can register a port or just pick an unused one, depending on their needs
The reality is that most of these ports see very little traffic. They exist for specific environments—a factory floor running industrial control software, a hospital with legacy medical devices, an IBM mainframe shop with decades-old applications still running.
Related Ports
- Port 1621 — NetIQ iSeries core listening port (standard)
- Port 1626 — NetIQ iSeries core listening port (SSL)
These three ports work together in the NetIQ iSeries security architecture: 1622 for inbound agent requests, 1621 or 1626 for outbound results.
Frequently Asked Questions About Port 1622
此頁面對您有幫助嗎?