With the emergence of Napster in the fall of 1999, peer to peer (P2P) applications and their user base have grown rapidly in the Internet community. With the popularity of P2P and the bandwidth it consume, there is a growing need to identify P2P users within the network traffic.
Expand all |
Post comment
Identifying P2P users using traffic analysis
2005-10-01
Anonymous (1 replies)
Anonymous (1 replies)
The first paper regards peers with following traffic pattern as p2p pairs:
* traffic which source-destination IP pairs that concurrently
use both TCP and UDP during a speical time
* paris which the number of distinct connected IPs is equal to the number of distinct connected ports. for the advertised destination (IP, port) pair of host A, the number of distinct IPs connected to it will be EQUAL to the number of DISTINCT ports used to connect to it.
And this paper on SF mainly focus on UDP traffic behaviour, which could be summarized as:
*For a period of time(x), from on single IP, fixed UDP port -> many destination IP(y), fixed or random UDP ports.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1843/24#24