Zeroing in On Port 0 Traffic in the Wild
On this website we present additional information about our PAM 2021 paper
Zeroing in on Port 0 Traffic in the Wild and provide access to our Port 0 Active Measurement Service.
Port 0 Active Measurement Service
We provide a Port 0 Active Measurement Service where we publish
IPv6/IPv4 addresses responsive on port 0, and traceroute results to the whole IPv6 address space and one IP address in each publicly routable prefix in IPv4 to interested researchers.
The Port 0 Active Measurement Service consists of an openly accessible one and a registration-first service.
To get
free access to this registration-first service, you can send a quick
registration email.
We use the gathered data for statistical purposes and might very occasionally send a survey or other requests for feedback.
Referencing the Port 0 Service
If you are using data from the Port 0 Active Measurement Service in your publication, please refer to it with the following reference:
@inproceedings{maghsoudlou2021zeroing,
title = {Zeroing in on Port 0 Traffic in the Wild},
author = {Maghsoudlou, Aniss and Gasser, Oliver and Feldmann, Anja},
booktitle = {Proceedings of the 2021 Passive and Active Measurement Conference},
year = {2021},
location = {Cottbus, Germany},
numpages = {17},
doi = {10.1007/978-3-030-72582-2_32},
publisher = {Springer},
address = {Berlin, Germany},
}
The same reference applies to the open and registered service. [bib]
Paper
Abstract.
Internet services leverage transport protocol port numbers to
specify the source and destination application layer protocols. While using
port 0 is not allowed in most transport protocols, we see a non-negligible
share of traffic using port 0 in the Internet.
In this study, we dissect port 0 traffic to infer its possible origins and
causes using five complementing flow-level and packet-level datasets. We
observe 73 GB of port 0 traffic in one week of IXP traffic, most of which
we identify as an artifact of packet fragmentation. In our packet-level
datasets, most traffic is originated from a small number of hosts and while
most of the packets have no payload, a major fraction of packets containing
payload belong to the BitTorrent protocol. Moreover, we find unique traffic
patterns commonly seen in scanning. In addition to analyzing passive
traces, we also conduct an active measurement campaign to study how
different networks react to port 0 traffic. We find an unexpectedly high
response rate for TCP port 0 probes in IPv4, with very low response rates
with other protocol types. Finally, we will be running continuous port 0
measurements and providing the results to the measurement community.
Paper. Read the final version of our paper at arXiv.org:
arXiv:2103.13055
Authors. Aniss Maghsoudlou,
Oliver Gasser,
Anja Feldmann
Additional Plots
We provide the following additional plot for in-depth analysis accompanying the evaluations in our paper.
Hourly traffic pattern of port 80 and top 10 source ASes for port 0 in IXP dataset in IPv4
Reproducibility
We publish data and scripts to reproduce our analysis at
Edmond, Open Research Data Repository of the Max Planck Society, to guarantee long-term availability.
Dataset DOI:
10.17617/3.5f
Aniss Maghsoudlou
aniss [AT]
mpi-inf.mpg.de
Oliver Gasser
oliver.gasser [AT]
mpi-inf.mpg.de
Imprint / Data Protection