Slightly OT: Anyone know of a concise port list

Fred True ft at
Wed Nov 21 21:27:36 UTC 2001

> Anyone know of a concise port/port range list for profiling various client
> code out their (no /etc/services isn't the end all).  Looking for ranges for
> Napster, Audio Galaxy, BearShare, etc, besides the WKP's.

We've been tracking this dynamically for a while in order to make sense of
flow data traces - using a plethora of reliable (as well as dubious!)
sources - including running some of the more popular p2p apps to see what
ports they choose.  Of course, there are many problems with using tcp/udp
ports to identify apps - some apps use randomly assigned ports (sometimes
after negotiating the connection on a well known port; like most streaming
video protocols); some apps allow users to override ports, which many
users do in order to circumvent firewalls; and there is much duplication
across ports.

But, try the attached lists (one by port, one by app, and one shows a
grouping we use for "common application classes" e.g. "mail" or "peer to
peer" etc.).  I'd greatly appreciate fixes or updates. [NOTE: attachments
not sent to nanog-post - if you want them, email me privately.]

Of course if you really want to accurately account for traffic by
application, there is no substitute for passive sniffing of full headers
(not scaleable, and certainly can raise privacy issues).


More information about the NANOG mailing list