Internet-Security.com TCP port 9300 details

Elasticsearch uses TCP 9300 by default for its internal transport protocol (node-to-node communication and the legacy Java Transport Client), while the REST API is on 9200.
OpenSearch (and Amazon OpenSearch Service) also uses TCP 9300 for internal cluster transport traffic.
Logstash (when configured with the Elasticsearch transport client) connects to Elasticsearch on 9300 instead of HTTP 9200.
Older Graylog deployments commonly used the Elasticsearch transport client on 9300 to talk to their Elasticsearch clusters.
Security add-ons like Elastic’s Shield/X-Pack transport TLS and the third‑party Search Guard secure the 9300 transport channel.
Managed offerings (Elastic Cloud, Amazon OpenSearch Service) keep 9300 for intra-cluster use and do not expose it publicly.
Hacking/exploitation: Exposed 9300 has been abused for unauthorized cluster joins and, in outdated Elasticsearch versions or insecure plugins, remote code execution; it should be restricted and secured with TLS/auth.

TCP 9300