What is the KRYPTOLAN protocol?

I don't know any details either and never heard of the protocol before, it seems like it is arcane and long-forgotten.

Cisco has this:

Full Name: kryptolan

Description: LAN/WAN Krypto (LWK) is a infrastructure that provides two secure functions; transport protection and data object protection. It was developed by Sectra.

and it provides a reference to

http://liu.diva-portal.org/smash/get/diva2:16958/FULLTEXT01

which looks promising at the first glance since "Paul Liu" is the reference name given by the IANA for the KRYPTOLAN protocol in its published protocol numbers list, but this is just a naming coincidence since "liu" is "Linköping University" in this case. And the referenced paper does deal with authentication models, but not with the subject of protocols at all, so whoever collected the Information for the Cisco database, did a bad job here. KRYPTOLAN seems to be a trademark held by Sectra since 1993, but I do not think it relates to the protocol registred with the IANA.

If you desperately are seeking protocol details, I would suggest asking Paul Liu himself. This one seems to be the right one to ask.

Contrary to what syneticon surmises, the Sectra KRYPTOLAN is the one registered with IANA. The official listing in RFC1700 is

kryptolan       398/tcp    Kryptolan
kryptolan       398/udp    Kryptolan
#                          Peter de Laval <[email protected]>

Whatever it may once have been good for, it appears to now be defunct. A search on Sectra's own site returns no hits. Ditto for Peter Laval

If you're seeing traffic using that port, it's probably just assigned at random from the set of all free ports. If you see something listening on that port and you didn't configure it to do so, almost certainly malware. Tools such as netstat can help determine what piece of software is using the port.