English
 
Help Privacy Policy Disclaimer
  Advanced SearchBrowse

Item

ITEM ACTIONSEXPORT

Released

Paper

Zeroing in on Port 0 Traffic in the Wild

MPS-Authors
/persons/resource/persons243011

Maghsoudlou,  Aniss
Internet Architecture, MPI for Informatics, Max Planck Society;

/persons/resource/persons243019

Gasser,  Oliver
Internet Architecture, MPI for Informatics, Max Planck Society;

/persons/resource/persons211491

Feldmann,  Anja
Internet Architecture, MPI for Informatics, Max Planck Society;

External Resource
No external resources are shared
Fulltext (restricted access)
There are currently no full texts shared for your IP range.
Fulltext (public)

arXiv:2103.13055.pdf
(Preprint), 9KB

Supplementary Material (public)
There is no public supplementary material available
Citation

Maghsoudlou, A., Gasser, O., & Feldmann, A. (2021). Zeroing in on Port 0 Traffic in the Wild. Retrieved from https://arxiv.org/abs/2103.13055.


Cite as: https://hdl.handle.net/21.11116/0000-0009-7436-8
Abstract
Internet services leverage transport protocol port numbers to specify the
source and destination application layer protocols. While using port 0 is not
allowed in most transport protocols, we see a non-negligible share of traffic
using port 0 in the Internet. In this study, we dissect port 0 traffic to infer
its possible origins and causes using five complementing flow-level and
packet-level datasets. We observe 73 GB of port 0 traffic in one week of IXP
traffic, most of which we identify as an artifact of packet fragmentation. In
our packet-level datasets, most traffic is originated from a small number of
hosts and while most of the packets have no payload, a major fraction of
packets containing payload belong to the BitTorrent protocol. Moreover, we find
unique traffic patterns commonly seen in scanning. In addition to analyzing
passive traces, we also conduct an active measurement campaign to study how
different networks react to port 0 traffic. We find an unexpectedly high
response rate for TCP port 0 probes in IPv4, with very low response rates with
other protocol types. Finally, we will be running continuous port 0
measurements and providing the results to the measurement community.