It's been a while, but back when I did full-time sysadmin, I used a port-knocking daemon that picked a random port > 1024 (with carve-outs for some known ports) and sent that port # to my pager.

As you suggest, though, the port-knocking daemon itself ran on port 2222.

I haven't seen a case where the port is 2222.

And I've seen a few cases because I helped quite a few people with firewalld/SELinux issues related to changing the SSH port.

How many cases set up by how many operators have you actually seen?