This is data collected by an IP that responds to no IP packets (it receives them and silently drops them) but captures the packets and drops them into files of ca 1000 packets per file.
This body of data is then analyzed on a daily basis, building top lists of source IPs and top lists for UDP and TCP destination ports (obviously, there can be no analysis of full TCP streams, since the destination IP never responds). A summary of ICMP echo requests is also tallied.
The purpose of this is trying to get a picture of random IP probing, thus the "non-listening IP" and from there extrapolate assorted trends and the like. At the moment, development of further automated statistics and analyses of the collected data is on hold. Generated reports stay around for 30 days, though the source data is not removed, giving the option of doing more long-range analysis at a later date.
I am trying to compile annual reports. As and when, they'll get linked to from here.
The data analysis part is done using Common Lisp. The report generation is done mostly in Common Lisp, though some of this index page is generated with unix shell scripts.
The PCAP library code can be downloaded from here.
Ingvar Mattsson / ingvar @ hexapodia . net