Item

Abstract

Internet services leverage transport protocol port numbers to specify the
source and destination application layer protocols. While using port 0 is not
allowed in most transport protocols, we see a non-negligible share of traffic
using port 0 in the Internet. In this study, we dissect port 0 traffic to infer
its possible origins and causes using five complementing flow-level and
packet-level datasets. We observe 73 GB of port 0 traffic in one week of IXP
traffic, most of which we identify as an artifact of packet fragmentation. In
our packet-level datasets, most traffic is originated from a small number of
hosts and while most of the packets have no payload, a major fraction of
packets containing payload belong to the BitTorrent protocol. Moreover, we find
unique traffic patterns commonly seen in scanning. In addition to analyzing
passive traces, we also conduct an active measurement campaign to study how
different networks react to port 0 traffic. We find an unexpectedly high
response rate for TCP port 0 probes in IPv4, with very low response rates with
other protocol types. Finally, we will be running continuous port 0
measurements and providing the results to the measurement community.