View all common networking ports

What is Port 5355?

by Erik Mikac | Published on June 18, 2025

In the world of computer networking, ports are like doorways. Each one serves as a communication endpoint between devices and services. With 65,536 ports available (from 0 to 65535), each serves as a logical endpoint for communication. 

Understanding specific ports is crucial for managing networks, securing systems, and troubleshooting issues. Enter Port 5355, a specialized port that plays a quiet but vital role in local network discovery. Let’s explore what makes Port 5355 tick, its history, how it works, and how to keep it secure.

What is Port 5355?

The IANA assigned port 5355 for Link-Local Multicast Name Resolution (LLMNR). LLMNR is a protocol that enables devices on the same local network to resolve each other’s names without a central DNS server.

Primary Function in Networking

Think of Port 5355 as a friendly matchmaker for devices in small networks. When a laptop needs to find “Printer1.local” or a shared folder on another computer, LLMNR uses Port 5355. LLMNR multicast queries and get answers, making plug-and-play networking seamless.

Services Associated with This Port:

  • Windows Systems: LLMNR, running on Port 5355, is a staple in Microsoft Windows (Vista and later). It's used for discovering printers, file shares, and other devices in home or small office networks.

  • Resolution Name Backup: When DNS queries fail (like when there's no DNS server available), Port 5355 steps in to resolve names.

  • Cross-Platform Use: LLMNR is mainly a Windows thing, but some Linux or macOS implementations may also use LLMNR-compatible tools.

Historical Background

The story of Port 5355 begins with the rise of peer-to-peer networking in the early 2000s. As home and small office networks grew, users needed a way to connect devices without complex DNS setups. Microsoft introduced LLMNR in Windows Vista (2007). They decided Port 5355 was good to standardize local name resolution. RFC 4795 (2007) formalized the protocol, cementing Port 5355’s role.

Evolution of Its Usage

LLMNR was initially just a Windows feature on Port 5855, but then it became a go-to for ad-hoc networks. However, its multicast nature sparked security debates, which caused some to err on the side of caution and favor DNS over LLMNR on corporate networks. 

Regardless, Port 5355 remains critical in small-scale or DNS-less setups, such as home Wi-Fi or temporary networks at conferences. The port's use has leveled off, but it hasn't grown much beyond LLMNR. 

How Port 5355 Works

Port 5355 operates over UDP on port number 5355, using multicast addresses. It’s designed for local link communication, meaning it doesn’t cross routers or subnets.

Protocols Involved

  • UDP: LLMNR relies on UDP for fast, lightweight queries. Unlike TCP, UDP doesn’t guarantee delivery, but speed is key for local name resolution. Picture UDP as tossing a quick note to nearby devices—most get it, but you don’t wait for confirmation.

  • LLMNR Protocol: Defined in RFC 4795, LLMNR sends multicast queries to all devices on the local network, asking, “Who’s got this name?” Devices with matching names respond, and the querying device picks the best answer.

Data Transmission Methods

LLMNR broadcasts queries to a multicast group. Then, the responses are unicast back to the requester. This minimizes network clutter while enabling rapid discovery. The process is stateless, with no persistent connections, keeping Port 5355 lean.

Common Applications

  • Device Discovery: Finding printers, computers, or shared resources on Windows networks.

  • Ad-Hoc Networking: Enabling name resolution in temporary or small networks without DNS.

  • IoT: Some smart home devices use LLMNR-like mechanisms on Port 5355 for local connectivity.

Troubleshooting Port 5355 Issues

Issues with Port 5355 often come from devices failing to see each other on the network. Here are common problems and how to tackle them:

  • Name Resolution Failures: A device can’t find a printer or shared folder, often due to blocked ports or disabled LLMNR.

  • Blocked Port: Firewalls may block UDP traffic on Port 5355, halting LLMNR queries.

  • Excessive Traffic: In large networks, LLMNR broadcasts can clog bandwidth, causing delays.

Troubleshooting Steps:

  • Verify Port Status: Run netstat -an | find "5355" on Windows or netstat -uln | grep 5355 for Linux to check if Port 5355 is listening for UDP.

  • Test Connectivity: Use nmap -sU -p 5355 <target-IP> or dig @224.0.0.252 <name>.local to simulate an LLMNR query and confirm responsiveness.

  • Check Firewalls: Ensure UDP Port 5355 isn’t blocked by Windows Defender Firewall or iptables. It's worth checking third-party security software, too.

  • Capture Traffic: Tools like Wireshark can reveal dropped packets or malformed queries. Pro Tip: run the following command to detect Port 5355—filter: udp.port == 5355

  • Review Logs: Check Windows Event Viewer (“System” or “Microsoft-Windows-DNS-Client”) for LLMNR errors.

Things to Think About:

  • Isolate the Problem: If one device fails to resolve names, check its LLMNR settings (e.g., enabled via Windows Registry). If the whole network is affected, inspect the router or firewall.

  • Restart Services: To clear glitches, restart the Windows “DNS Client” service (sc stop dnscache && sc start dnscache).

  • Ensure Local Scope: LLMNR only works within a single subnet. Misconfigured VLANs or routers can break it.

Security Risks of Port 5355

Port 5355’s multicast nature makes it a double-edged sword. While it simplifies networking, it can also be a potential attack vector. Here are three security vulnerabilities to look out for.

  • LLMNR Poisoning: Attackers can respond to LLMNR queries with fake IP addresses, redirecting traffic to malicious systems. This is common in unsecured networks like public Wi-Fi.

What-is-Port-5355-Diagram

  • Information Disclosure: LLMNR broadcasts reveal device names and network details. Believe me, attackers can (and will) harvest this for reconnaissance.

  • Man-in-the-Middle Attacks: Spoofed LLMNR responses can enable credential theft or data interception.

Vulnerabilities Associated with This Port

The primary vulnerability is LLMNR’s trust in local responses, assuming all devices are friendly. The protocol is devoid of authentication and encryption, making Port 5355 vulnerable to spoofing.

Previous Security Incidents

In 2017, LLMNR poisoning was highlighted in attacks exploiting Windows networks, often paired with NetBIOS spoofing to steal credentials. Tools like Responder made such attacks trivial on misconfigured networks.

Penetration tests will flag Port 5355 as a risk in enterprise settings, leading to recommendations to disable LLMNR.

Best Practices for Security

  • Disable LLMNR When Possible: In DNS-rich environments, turn off LLMNR via Group Policy (“Turn off multicast name resolution”) or registry edits.

  • Restrict Traffic: Use firewalls to block Port 5355 traffic to external networks and limit it to trusted subnets.

  • Network Segmentation: Place sensitive devices on separate VLANs to reduce LLMNR’s attack surface.

  • Adopt Secure Alternatives: Use DNS with DNSSEC or DNS over HTTPS to minimize reliance on LLMNR.

Tips for Securing Port 5355:

  • Patch Systems: Ensure Windows and network devices are updated to mitigate known exploits.

  • Limit Exposure: Avoid exposing Port 5355 to the internet, as LLMNR is meant for local use.

Tools and Techniques for Monitoring:

  • Intrusion Detection Systems (IDS): Tools like Snort or Windows Defender can mitigate threats via Port 5355.

  • Network Monitoring: Use Wireshark to track Port 5355 traffic for anomalies.

  • Endpoint Protection: Deploy security software that detects LLMNR spoofing attempts. One of the best for Windows is Microsoft Defender.

FAQs About Port 5355

What Services Commonly Use Port 5355?

Port 5355 is primarily used by Link-Local Multicast Name Resolution (LLMNR) in Windows for local device discovery. Think of devices like finding printers or shared folders.

How Do I Check if Port 5355 is Open on My Network?

Run netstat -an | find "5355" (Windows) or netstat -uln | grep 5355 (Linux/macOS) in a terminal. Alternatively, use nmap -sU -p 5355 <IP-address> to scan for open UDP ports.

What are the Common Security Threats Related to Port 5355?

LLMNR poisoning and spoofing are hands-down the biggest threats. In this case, attackers send fake responses to redirect traffic or steal credentials. Information disclosure via broadcasts is also a concern.

How Can I Secure My Network When Using Port 5355?

Disable LLMNR if DNS is available. Restrict Port 5355 to local subnets via firewalls or segment the networks.

Can Port 5355 be Used for Malicious Activities?

It sure can. Attackers exploit Port 5355 for LLMNR poisoning to intercept traffic or steal credentials. Proper configuration and monitoring mitigate this risk.

Conclusion

Port 5355 may not be a household name like Port 80 or Port 443, but its role in name resolution via LLMNR is indispensable in small networks. Port 5355 started with Windows Vista. Now, it helps devices find each other in ad-hoc networks. However, it also has security risks, such as LLMNR poisoning, so users need to stay alert. 

To use Port 5355 safely, you need to understand how it works and learn to troubleshoot issues step by step. It can also be secured with firewalls and monitoring. This way, you can tap into its benefits while protecting your network. Whether you’re connecting a printer or debugging a network, this unassuming port is a small but critical piece of the networking puzzle.

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

Follow us

Let's chat!

Sales | Support | General
© 2025 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522