期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2007
卷号:7
期号:8
页码:188-192
出版社:International Journal of Computer Science and Network Security
摘要:P2P file sharing is one of the major causes of network congestion. Because most of the P2P file sharing software do not bind to a specific port number, it is difficult to identify the P2P file sharing by using layer 3/4 header information. When we use the layer 7 information to find out P2P file sharing, the most difficult thing is to capture all the packets in the network because of the large traffic volume. In this paper, we focus on the feature of eMule and BitTorrent protocol, and using the layer 3/4 information such as UDP packet count and packet size to find out the suspected file sharing activities. When one IP address is suspected in performing file sharing, we only need to capture and analyze the layer 7 information for that IP address. When the payload is extracted, we can make sure that the IP address is running the P2P file sharing software. We do not need to capture all the packets in the network and can still find out the P2P file sharing efficiently and solve the network overload problem.
