Internet-Security.com TCP port 9301 details

Elasticsearch: its node-to-node “transport” protocol uses TCP 9300 by default and will fall back to 9301 (and higher) when 9300 is taken, e.g., when running multiple Elasticsearch nodes on the same host.
OpenSearch (the Elasticsearch fork) uses the same transport port range (9300+), so TCP 9301 commonly appears for its inter-node traffic as well.
You’ll see 9301 in real deployments of Elastic Stack/OpenSearch clusters backing tools like Kibana, Logstash, Graylog, and Wazuh, or in self-managed/AWS OpenSearch nodes communicating internally.
Security note: attackers often scan 9300–9400 (including 9301) to find exposed Elasticsearch/OpenSearch transport ports for cluster hijacking or exploitation; these ports should be restricted and TLS-protected.

TCP 9301