Analyzing Web Traffic

Web traffic will always have two endpoints, with source and destination IP addresses and a TCP or UDP port number, which signifies the type of traffic. There are several resources that can be leveraged to glean more information about network traffic, visit the Links page on this website for more information.

Can you locate the Address of an IP Address?

Not easily. Internet Service Providers do keep records that can be subpoenaed by law enforcement. So if you have the appropriate authority, and you know the IP address and the exact time when it was used, you could find out. For the rest of us, a standard search will provide rough location based information, such as the country, region and city where the IP address is located. This process of mapping an IP (OSI layer 3) or MAC address (OSI layer 2) to a physical address is referred to as IP-based Geolocation.

What are Common Internet Destinations?

For the sake of argument, let us assume that the source traffic in this analysis is your device (PC/ Server/ Cell et cetera). Hopefully you have an idea where your device is located. But what about the destination traffic?

Please see the below list of some of the most common domain destinations, and what the organization is know for.

  • Akamai Technologies – Internet content delivery network (CDN), serving 30% of all web traffic. Company rents capacity on their servers to customers whom want their websites to work faster. Customers have included: Facebook, Bing, Twitter, healthcare.gov et cetera.
  • 1e100.net – Google-owned domain used to identify the servers on Google’s network. This is a single domain name used to identify their servers across all Google products, including: youtube.com, blogger.com, google.com et all. (1e100 is scientific notation for 1 googol).
  • Redplaid – Managed cloud hosting services, including: OS, virtualization, database, email/collaboration and application/web servers.
  • Comcast – Largest Mass media and communications company in the world by revenue.
  • Amazon Web Services (AWS) – Collection of web services that together make up a cloud computing platform. The service is advertised as providing a large computing capacity – much faster and cheaper than building a physical server farm.
  • NOAA.gov – National Oceanic & Atmospheric Administration – Scientific agency within the US Dept. of Commerce focused on the conditions of the oceans and atmosphere.
  • Amazon CloudFront – A pay as you go content delivery network (CDN). Competes with Akamai and Limelight Networks.
  • PJM – a regional transmission organization (RTO) in the eastern United States that operates the world’s largest competitive wholesale electricity market.
  • Intellicast – Local and national weather forecast, radar, maps and severe report.
  • Genscape – Leading Global provider of energy information for the commodity and financial markets.

TCP and UDP Port numbers

So you know where your device is, and you have an idea of where the traffic is going, so what type of traffic is it exactly? If you’re browsing the web, you will likely be using HTTP (port 80) or HTTPS (port 443) protocols. There are however thousands of registered public and unregistered private ports.

Port numbers 0 to 1023, used by system processes, are the well known or system ports, while numbers 1024 through 49151 are user ports registered with the Internet Assigned Numbers Authority, or IANA. Ports 49152 through 65535 are those never assigned by the IANA, referred to as Dynamic ports, also known as private or Ephemeral ports. It’s important to point out that traffic using registered ports might not be from the assigned service.

For a complete list of service name and transport protocol port number registry, last updated by IANA on 12-13-17, please see below Attachments:

Port Numbers Service Names

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s