Slightly OT: Anyone know of a concise port list

Fred_True · November 21, 2001, 9:27pm

Anyone know of a concise port/port range list for profiling various client
code out their (no /etc/services isn't the end all). Looking for ranges for
Napster, Audio Galaxy, BearShare, etc, besides the WKP's.

We've been tracking this dynamically for a while in order to make sense of
flow data traces - using a plethora of reliable (as well as dubious!)
sources - including running some of the more popular p2p apps to see what
ports they choose. Of course, there are many problems with using tcp/udp
ports to identify apps - some apps use randomly assigned ports (sometimes
after negotiating the connection on a well known port; like most streaming
video protocols); some apps allow users to override ports, which many
users do in order to circumvent firewalls; and there is much duplication
across ports.

But, try the attached lists (one by port, one by app, and one shows a
grouping we use for "common application classes" e.g. "mail" or "peer to
peer" etc.). I'd greatly appreciate fixes or updates. [NOTE: attachments
not sent to nanog-post - if you want them, email me privately.]

Of course if you really want to accurately account for traffic by
application, there is no substitute for passive sniffing of full headers
(not scaleable, and certainly can raise privacy issues).

-fred

k_claffy1 · November 21, 2001, 11:24pm

might also check out
http://www.portsdb.org/

and
coralreef's list:
http://www.caida.org/tools/measurement/coralreef/dists/coral-3.4.7-public.tar.gz

(untar; get from etc/Application_ports_Master.txt)

k

  > Anyone know of a concise port/port range list for profiling various client
  > code out their (no /etc/services isn't the end all). Looking for ranges for
  > Napster, Audio Galaxy, BearShare, etc, besides the WKP's.

  We've been tracking this dynamically for a while in order to make sense of
  flow data traces - using a plethora of reliable (as well as dubious!)
  sources - including running some of the more popular p2p apps to see what
  ports they choose. Of course, there are many problems with using tcp/udp
  ports to identify apps - some apps use randomly assigned ports (sometimes
  after negotiating the connection on a well known port; like most streaming
  video protocols); some apps allow users to override ports, which many
  users do in order to circumvent firewalls; and there is much duplication
  across ports.

  But, try the attached lists (one by port, one by app, and one shows a
  grouping we use for "common application classes" e.g. "mail" or "peer to
  peer" etc.). I'd greatly appreciate fixes or updates. [NOTE: attachments
  not sent to nanog-post - if you want them, email me privately.]

  Of course if you really want to accurately account for traffic by
  application, there is no substitute for passive sniffing of full headers
  (not scaleable, and certainly can raise privacy issues).

  -fred