Devices and computers need to establish a connection between each other to be able to send/recieve data on the Internet. Transport protocols are part of a stack of protocols that facilitate this connection. Diﬀerent applications and services such as Web, E-mail, FTP, etc. that require a connection, might exist in a single computer. Therefore, transport protocols use port numbers to distinguish between diﬀerent applications and services.
TCP as well as UDP, the two most widely used transport protocols, have limitations on what constitutes a valid and invalid port number. One example of an invalid port number for these protocols is port 0.
In this project, we perform active and passive measurements to investigate the origins and causes of port 0 traﬃc on the Internet. For passive measurements, we use multiple packet- and ﬂow-level datasets and use diverse Transport or Network layer ﬁelds, e.g. fragmentation header, TCP control bits, payload size, etc. to infer the causes of port 0 traﬃc.
We ﬁnd that TCP port 0 traﬃc usually does not contain any payload and is mostly one-way. Analyzing TCP control bits, we categorize most of the two-way streams as scanning traﬃc. Then, to understand how hosts/routers treat port 0 traﬃc, we leverage internet-wide scans and traceroutes. We observe unusually high response rates to TCP port 0 probes in IPv4 and also uncover the presence of port 0 packet ﬁltering.
This topic will also be presented at the PAM 2021 conference at the end of March/beginning of April 2021 ("Zeroing in on Port 0 Traﬃc in the Wild").
- A. Maghsoudlou, O. Gasser, and A. Feldmann. Reserved: Dissecting internet traﬃc on port 0. In Extended abstract of a poster presented at Passive and Active Measurement Conference (PAM) 2020, Virtual Conference, 2020. arXiv: 2004.03653.
- A. Maghsoudlou, A., Gasser, O., & Feldmann, A. (2021). Zeroing in on Port 0 Traffic in the Wild. In Passive and Active Measurement (PAM 2021). Virtual Event: Springer. doi:10.1007/978-3-030-72582-2_32