This is ancient. It is not wrong. The world has changed a lot, and this was instrumental in a little bit of that change.
Here is some software, cttest-0.4.tar.gz, which can be used to reproduce the following pictures. Both datasets analyzed in the following links, are from real production systems. The first set uses a dataset from a squid+REDIRECT transparent proxy service, serving dialup users. The second set is a consolidated view on all connections at one instant for a large web server farm, with all connections going to one IP's port 80. Both datasets have roughly 70000 entries to hash.
|happily working for|