Re: Slightly OT: Anyone know of a concise port list
Anyone know of a concise port/port range list for profiling various client code out their (no /etc/services isn't the end all). Looking for ranges for Napster, Audio Galaxy, BearShare, etc, besides the WKP's.
We've been tracking this dynamically for a while in order to make sense of flow data traces - using a plethora of reliable (as well as dubious!) sources - including running some of the more popular p2p apps to see what ports they choose. Of course, there are many problems with using tcp/udp ports to identify apps - some apps use randomly assigned ports (sometimes after negotiating the connection on a well known port; like most streaming video protocols); some apps allow users to override ports, which many users do in order to circumvent firewalls; and there is much duplication across ports. But, try the attached lists (one by port, one by app, and one shows a grouping we use for "common application classes" e.g. "mail" or "peer to peer" etc.). I'd greatly appreciate fixes or updates. [NOTE: attachments not sent to nanog-post - if you want them, email me privately.] Of course if you really want to accurately account for traffic by application, there is no substitute for passive sniffing of full headers (not scaleable, and certainly can raise privacy issues). -fred
might also check out http://www.portsdb.org/ and coralreef's list: http://www.caida.org/tools/measurement/coralreef/dists/coral-3.4.7-public.ta... (untar; get from etc/Application_ports_Master.txt) k On Wed, Nov 21, 2001 at 04:27:36PM -0500, Fred True wrote:
Anyone know of a concise port/port range list for profiling various client code out their (no /etc/services isn't the end all). Looking for ranges for Napster, Audio Galaxy, BearShare, etc, besides the WKP's.
We've been tracking this dynamically for a while in order to make sense of flow data traces - using a plethora of reliable (as well as dubious!) sources - including running some of the more popular p2p apps to see what ports they choose. Of course, there are many problems with using tcp/udp ports to identify apps - some apps use randomly assigned ports (sometimes after negotiating the connection on a well known port; like most streaming video protocols); some apps allow users to override ports, which many users do in order to circumvent firewalls; and there is much duplication across ports. But, try the attached lists (one by port, one by app, and one shows a grouping we use for "common application classes" e.g. "mail" or "peer to peer" etc.). I'd greatly appreciate fixes or updates. [NOTE: attachments not sent to nanog-post - if you want them, email me privately.] Of course if you really want to accurately account for traffic by application, there is no substitute for passive sniffing of full headers (not scaleable, and certainly can raise privacy issues). -fred
participants (2)
-
Fred True
-
k claffy