An Analysis of Logical Network Distance on Observed Packet Counts for Network Telescope Data

This paper investigates the relationship between the logical distance between two IP addresses on the Internet, and the number of packets captured by a network telescope listening on a network containing one of the addresses. The need for the computation of a manageable measure of quantification of this distance is presented, as an alternative to the raw difference that can be computed between two addresses using their Integer representations. A number of graphical analysis tools and techniques are presented to aid in this analysis. Findings are presented based on a long baseline data set collected at Rhodes University over the last three years, using a dedicated Class C (256 IP address) sensor network, and comprising 19 million packets.