b'@online{Maghsoudlou_2103.13055,'b'\nTITLE = {Zeroing in on Port 0 Traffic in the Wild},\nAUTHOR = {Maghsoudlou, Aniss and Gasser, Oliver and Feldmann, Anja},\nLANGUAGE = {eng},\nURL = {https://arxiv.org/abs/2103.13055},\nEPRINT = {2103.13055},\nEPRINTTYPE = {arXiv},\nYEAR = {2021},\nABSTRACT = {Internet services leverage transport protocol port numbers to specify the<br>source and destination application layer protocols. While using port 0 is not<br>allowed in most transport protocols, we see a non-negligible share of traffic<br>using port 0 in the Internet. In this study, we dissect port 0 traffic to infer<br>its possible origins and causes using five complementing flow-level and<br>packet-level datasets. We observe 73 GB of port 0 traffic in one week of IXP<br>traffic, most of which we identify as an artifact of packet fragmentation. In<br>our packet-level datasets, most traffic is originated from a small number of<br>hosts and while most of the packets have no payload, a major fraction of<br>packets containing payload belong to the BitTorrent protocol. Moreover, we find<br>unique traffic patterns commonly seen in scanning. In addition to analyzing<br>passive traces, we also conduct an active measurement campaign to study how<br>different networks react to port 0 traffic. We find an unexpectedly high<br>response rate for TCP port 0 probes in IPv4, with very low response rates with<br>other protocol types. Finally, we will be running continuous port 0<br>measurements and providing the results to the measurement community.<br>},\n}\n'