[44383] in North American Network Operators' Group
Re: Slightly OT: Anyone know of a concise port list
daemon@ATHENA.MIT.EDU (Fred True)
Wed Nov 21 16:28:28 2001
Date: Wed, 21 Nov 2001 16:27:36 -0500 (EST)
From: Fred True <ft@research.att.com>
To: <nanog@merit.edu>
Message-ID: <Pine.SOL.4.33.0111211627030.9790-100000@windsor.research.att.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> Anyone know of a concise port/port range list for profiling various client
> code out their (no /etc/services isn't the end all). Looking for ranges for
> Napster, Audio Galaxy, BearShare, etc, besides the WKP's.
We've been tracking this dynamically for a while in order to make sense of
flow data traces - using a plethora of reliable (as well as dubious!)
sources - including running some of the more popular p2p apps to see what
ports they choose. Of course, there are many problems with using tcp/udp
ports to identify apps - some apps use randomly assigned ports (sometimes
after negotiating the connection on a well known port; like most streaming
video protocols); some apps allow users to override ports, which many
users do in order to circumvent firewalls; and there is much duplication
across ports.
But, try the attached lists (one by port, one by app, and one shows a
grouping we use for "common application classes" e.g. "mail" or "peer to
peer" etc.). I'd greatly appreciate fixes or updates. [NOTE: attachments
not sent to nanog-post - if you want them, email me privately.]
Of course if you really want to accurately account for traffic by
application, there is no substitute for passive sniffing of full headers
(not scaleable, and certainly can raise privacy issues).
-fred
