Port 565: whoami — The identity question across the network

Port 565 exists to answer one question across the network: who am I?

What Runs Here

Port 565 is officially assigned to the whoami service for both TCP and UDP protocols.¹ The service takes its name from the Unix whoami command—a concatenation of "Who am I?" that prints the effective username of the current user.²

While the Unix command is ubiquitous (found on every Unix-like system since the BSD days), the network protocol on port 565 is far less common. The service was designed to provide identity information across the network—asking a remote system to tell you who it thinks you are based on your connection.

The Identity Question

The concept is beautifully simple: connect to port 565 on a remote host, and it tells you who you are from its perspective. Your username. Your authentication status. Your identity as the remote system sees it.

This is fundamentally different from authentication protocols. Authentication says "prove who you are." The whoami service says "here's who I think you are." One demands credentials. The other just reports what it already knows.

Why This Port Exists

Port 565 was assigned during the early days of network protocols when identity verification was becoming essential. ARPANET designers recognized that users needed ways to check their identity status across network connections.³

The whoami service provided a lightweight identity check—a way to verify that the remote system recognized you correctly before attempting more complex operations. It's the network equivalent of checking your reflection before walking into a meeting.

Current Status

Port 565 is rarely used today. Modern identity and authentication protocols (like LDAP's "Who Am I?" operation defined in RFC 4532⁴) have superseded the simple whoami service. But the port remains officially assigned, a reminder of when asking "who am I?" across the network required its own dedicated protocol.

Well-Known Port Range

Port 565 sits in the well-known port range (0-1023), which means it was assigned by IANA and originally required root privileges to bind to on Unix systems. This placement reflects its role as a fundamental network service, even if that role has largely disappeared.

Security Considerations

Any service that reports identity information creates potential security concerns:

• Information disclosure — The whoami service reveals usernames and authentication status to anyone who connects
• Reconnaissance — Attackers can use port 565 to enumerate valid usernames on a system
• No authentication — The service doesn't verify who's asking the question before answering it

Most systems don't run a whoami service on port 565 today, but if you find it listening, consider whether you actually need to advertise identity information to anyone who asks.

Checking What's Listening

To see if anything is listening on port 565 on your system:

# Linux/Mac
sudo lsof -i :565

# Linux with netstat
sudo netstat -tlnp | grep :565

# Windows
netstat -ano | findstr :565

If you find something listening, investigate what's running. Port 565 isn't commonly used by legitimate modern applications.

Related Ports

• Port 43 (WHOIS) — Provides domain and IP address registration information, a different kind of "who" question
• Port 113 (Ident) — Identifies the user of a particular TCP connection
• Port 389 (LDAP) — Modern directory services that include identity queries via RFC 4532's "Who Am I?" operation⁴

The Philosophy

There's something profoundly human about port 565. "Who am I?" is the question we ask when we're lost, when we're unsure, when we need to verify our place in the world. The Internet gave that question its own port number.

The Unix whoami command prints your username in milliseconds. Port 565 tried to make that same instant verification work across networks. It's a reminder that even protocols can ask existential questions.