Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang 2007.11.16.

Slides:



Advertisements
Similar presentations
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Advertisements

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
Data Communications System By Ajarn Preecha Pangsuban.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 28 Real-Time Traffic over the Internet.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
CCNA 1 v3.1 Module 11 Review.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.
A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Review: –What is AS? –What is the routing algorithm in BGP? –How does it work? –Where is “policy” reflected in BGP (policy based routing)? –Give examples.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.
Chabot College ELEC Ports (Layer 4).
11 Automatic Discovery of Botnet Communities on Large-Scale Communication Networks Wei Lu, Mahbod Tavallaee and Ali A. Ghorbani - in ACM Symposium on InformAtion,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
I. Basic Network Concepts. I.1 Networks Network Node Address Packet Protocol.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
The Transport Layer.
TCP/IP Transport and Application (Topic 6)
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
Heuristics to Classify Internet Backbone Traffic based on Connection Patterns Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering.
1 UDP : User Datagram Protocol Computer Network System Sirak Kaewjamnong.
Internet 1) Internet basic concepts 2) The IP protocol stack 3) The IP datagram header (IPv4 and IPv6) 4) Addressing and routing 5) Example: downloading.
1 Figure 3-27: Use of TCP and UDP Port Number Client From: :50047 To: :80 SMTP Server Port 25 Webserver.
Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.
Transport Layer 3-1 Chapter 3 Outline r 3.1 Transport-layer services r 3.2 Multiplexing and demultiplexing r 3.3 Connectionless transport: UDP.
MULTIPLEXING/DEMULTIPLEXING, CONNECTIONLESS TRANSPORT.
Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.
1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,
Analysis of UDP Traffic Usage on Internet Backbone Links* Min Zhang Maurizio Dusi Wolfgang John *This study was performed while authors visited CAIDA at.
Performance Limitations of ADSL Users: A Case Study Matti Siekkinen, University of Oslo Denis Collange, France Télécom R&D Guillaume Urvoy-Keller, Ernst.
1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.
IP - Internet Protocol No. 1  Seattle Pacific University IP: The Internet Protocol Kevin Bolding Electrical Engineering Seattle Pacific University.
© 2001, Cisco Systems, Inc. CSPFA 2.0—5-1 Chapter 5 Cisco PIX Firewall Translations.
Unit-7 The Transport Layer.
A quick intro to networking
Due: a start of class Oct 12
OSI Protocol Stack Given the post man exemple.
Understand the OSI Model Part 2
Due: a start of class Oct 26
Networking for Home and Small Businesses – Chapter 6
Working at a Small-to-Medium Business or ISP – Chapter 7
CS 1652 Jack Lange University of Pittsburgh
Net431:advanced net services
Networking for Home and Small Businesses – Chapter 6
Working at a Small-to-Medium Business or ISP – Chapter 7
Transport Layer Identification of P2P Traffic
Internet Control Message Protocol (ICMP)
I. Basic Network Concepts
Working at a Small-to-Medium Business or ISP – Chapter 7
When you connect with DHCP, you are assigned a
CSCD 330 Network Programming
Networking for Home and Small Businesses – Chapter 6
INFORMATION FLOW ACROSS THE INTERNET
Transport Layer Identification of P2P Traffic
16EC Computer networks unit II Mr.M.Jagadesh
Chapter 3 Transport Layer
Computer Networks Protocols
Presentation transcript:

Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang

Reference Transport layer identification of P2P traffic. Proc. of the 4th ACM SIGCOMM Conf. on Internet Measurement pp Thomas Karagiannis (UC Riverside) Andre Broido (CAIDA, SDSC) Michalis Faloutsos (UC Riverside) Kc Claffy (CAIDA, SDSC)

P2P Traffic Profiling (PTP) Features Flow patterns and characteristics of P2P behavior No examination of user payload Effectiveness (compared to payload analysis) 99% of P2P flows More than 95% of P2P bytes False positives: <10%.

P2P Traffic Profiling (PTP) Capable of identifying P2P flows missed by payload analysis Identifying approximately 10% additional P2P flows over payload analysis HTTP requests Encryption Other P2P protocols Unidirectional traces

Characteristic Bit Strings of P2P Packet Format

Methodology Based on the five-tuple key {source IP, destination IP, protocol, source port, destination port} and 64-second flow timeout, examine two primary heuristics: TCP/UDP IP pairs {IP, port} pairs

TCP/UDP IP Pairs Look for pairs of source-destination hosts that use both TCP and UDP, Excluding

{IP, Port} Pairs for the advertised destination {IP, port} pair of host A, the number of distinct IPs connected to host A will be equal to the number of distinct ports used to connect to host A. 2 IPs = 2 Ports {B, 15} {C, 10}

Exclusion For HTTP server, a client will initiate usually more than one concurrent connection in order to download objects in parallel. A higher ratio of the number of distinct ports versus number of distinct IPs 4 ports / 2 IPs = 2 {B, 15} {B, 30} {C, 10} {C, 20}

Evaluation CAIDA’s Backbone Data Kit (BDK), consisting of packet traces captured at an OC-48 link of a Tier 1 US ISP connecting POPs from San Jose, California to Seattle, Washington.

Method Captured 44 bytes of each packet, which includes IP and TCP/UDP headers and an initial 4 bytes of payload for some packets. approximately 60%-80% of the packets with an extra 4-byte MPLS label capture the February and April 2004 traces (D11 and D13) with 16 bytes of TCP/UDP payload which allows us to evaluate our non- payload methodology.

Combine and cross-validate identification methods fixed ports signature-based payload analysis transport layer dynamics

htm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.