Err, ignore the bits/packets bit. It's late, shush. I'll replace it with: - Did you allow for dynamic IP addresses, or is that not relevant here? On 21/02/2007, at 1:00 AM, Nathan Ward wrote:
Can you explain how you arrived at this?
Some starters: - Are you finding server ports by counting incoming packets to that port or outgoing packets from that port? - Bits or packets? (this may explain NTP, etc.) - Are these NZ, or international (you might not be able to answer that, though. I'm not asking who, of course, just locality.) - Are you looking at end users, or any endpoint IP address that you see? (ie. internal endpoints or external endpoints or both?)
On 21/02/2007, at 12:52 AM, Perry Lorier wrote:
(Sorry for the late reply to this email, I've been doing this in my spare time and it takes at least 4 hours to processes these files)
For the majority of people? No. End-to-End has been gone for a long time, as you correctly point out.
Many people run their own NAT's. That means you can configure your own port forwards, and your modem can support UPnP. People may also be avoiding nat by using USB/Internal modems.
So, how many people actually do more than just "email and web"?
Well, I ran an analysis of DSL customers[1] over the space of 24 hours [4] to see how many different protocols people were using. For each IP I kept track of the number of unique "server ports"[2] were used.[3]
10% of people use =< 5 protocols, 20% use =< 6 30% use =< 11 40% use =< 23 50% use =< 35 60% use =< 58 70% use =< 138 80% use =< 427 90% use =< 2144
At a guess, people that have more than 20 "server ports" are probably involved in some kind of p2p (which usually doesn't interact well with NAT).
Heres some of the top port groups that people use:
1 server port per IP: 21/tcp, 22/tcp, 53/udp, 123/udp, 135/tcp, 445/tcp. 2 server ports per IP: 25/tcp 110/tcp 53/udp 80/tcp 53/udp 110/tcp 53/udp 123/tcp 3 server ports per IP: 21/tcp 53/udp 123/udp 22/tcp 53/udp 80/tcp 25/tcp 53/udp 110/tcp 53/udp 80/tcp 110/tcp 53/udp 80/tcp 123/udp 53/udp 80/tcp 443/tcp 4: 22/tcp 53/udp 80/tcp 443/tcp 25/tcp 53/udp 80/tcp 110/tcp 53/udp 80/tcp 110/tcp 123/udp 53/udp 80/tcp 110/tcp 443/tcp 53/udp 80/tcp 123/udp 443/tcp 5: 22/tcp 53/udp 80/tcp 110/tcp 443/tcp 25/tcp 53/udp 80/tcp 110/tcp 123/udp 53/udp 80/tcp 110/tcp 123/udp 443/tcp 25/tcp 53/udp 80/tcp 110/tcp 443/tcp 20/tcp 21/tcp 53/udp 80/tcp 443/tcp 6: There are too many combinations to list, so heres some highlights: 9/udp, 20/tcp, 21/tcp, 25/tcp, 53/udp, 80/tcp, 110/tcp, 123/udp, 443/tcp, 1935/tcp, 8081/tcp,
Highlights from the rest of the data: 21/tcp, 22/tcp 25/tcp, 53/udp, 80/tcp, 110/tcp, 123/udp, 135/tcp, 139/tcp, 443/tcp, 445/tcp, 1433/tcp 5900/tcp, 6000/tcp 7001/udp, 8080/tcp.
Around about position #50 turns up the bittorrent default port numbers if that means anything anymore.
I must say I'm surprised at the amount of ntp (123/udp) traffic there is around, although it makes sense I guess.
If anyone can think of any other interesting stats to get from this data that might be relevant let me know and I'll see what I can do. ---- [1]: yeah, I don't have any dialup info sorry. If someone wants to give me some dialup data I'll redo the stats for them. [2]: The precise definition of server port is complicated, and to be honest, boring. Basically "port 80" "port 25", for some stuff that avoids having a fixed server port, one end is picked. [3]: This analysis is all stuff I've done in my spare time, and isn't very rigorous, so don't treat it as gospel, but I hope it's representative of whats going on. [4]: I could do longer, but then it just takes longer to get results. Hopefully 24 hours is more or less representative.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Nathan Ward
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
!DSPAM:22,45dae2dd258781537062610!
-- Nathan Ward -- Nathan Ward