Internet-Security.com TCP port 902 details

VMware ESXi/vSphere uses TCP 902 for management data channels.
vCenter Server connects to ESXi hosts on 902/TCP for NFC (Network File Copy) over SSL to upload/download ISOs and VMDKs, and to clone or cold‑migrate VMs (e.g., ESXi 6.x/7.x/8.x with vCenter 6.x/7.x/8.x).
The vSphere Client and VMware Remote Console (VMRC) open 902/TCP to an ESXi host for VM console traffic after obtaining a ticket over 443.
Backup products using VMware’s VDDK—such as Veeam Backup & Replication, Commvault, and Veritas NetBackup—transfer VM disks over NBD/NBDSSL on 902/TCP when they can’t use hot‑add or direct storage paths.
Older VMware deployments exposed the VMware Authentication Daemon (vmauthd/vmware‑authd) on 902/TCP, and modern ESXi still uses the port for hostd/NFC operations.
Security note: attackers often scan 902/TCP to fingerprint ESXi hosts, and historic vulnerabilities in vmauthd on legacy ESX versions enabled DoS or code execution, so the port appears in exploitation playbooks.

TCP 902