Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang 2007.11.16.

Published byDonna Pope Modified over 8 years ago

Similar presentations

Presentation on theme: "Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang 2007.11.16."— Presentation transcript:

1 Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang 2007.11.16

2 Reference Transport layer identification of P2P traffic. Proc. of the 4th ACM SIGCOMM Conf. on Internet Measurement. 2004. pp.121-134. Thomas Karagiannis (UC Riverside) Andre Broido (CAIDA, SDSC) Michalis Faloutsos (UC Riverside) Kc Claffy (CAIDA, SDSC)

3 P2P Traffic Profiling (PTP) Features Flow patterns and characteristics of P2P behavior No examination of user payload Effectiveness (compared to payload analysis) 99% of P2P flows More than 95% of P2P bytes False positives: <10%.

4 P2P Traffic Profiling (PTP) Capable of identifying P2P flows missed by payload analysis Identifying approximately 10% additional P2P flows over payload analysis HTTP requests Encryption Other P2P protocols Unidirectional traces

5 Characteristic Bit Strings of P2P Packet Format

6 Methodology Based on the five-tuple key {source IP, destination IP, protocol, source port, destination port} and 64-second flow timeout, examine two primary heuristics: TCP/UDP IP pairs {IP, port} pairs

7 TCP/UDP IP Pairs Look for pairs of source-destination hosts that use both TCP and UDP, Excluding

8 {IP, Port} Pairs for the advertised destination {IP, port} pair of host A, the number of distinct IPs connected to host A will be equal to the number of distinct ports used to connect to host A. 2 IPs = 2 Ports {B, 15} {C, 10}

9 Exclusion For HTTP server, a client will initiate usually more than one concurrent connection in order to download objects in parallel. A higher ratio of the number of distinct ports versus number of distinct IPs 4 ports / 2 IPs = 2 {B, 15} {B, 30} {C, 10} {C, 20}

10

11 Evaluation CAIDA’s Backbone Data Kit (BDK), consisting of packet traces captured at an OC-48 link of a Tier 1 US ISP connecting POPs from San Jose, California to Seattle, Washington.

12 Method Captured 44 bytes of each packet, which includes IP and TCP/UDP headers and an initial 4 bytes of payload for some packets. approximately 60%-80% of the packets with an extra 4-byte MPLS label capture the February and April 2004 traces (D11 and D13) with 16 bytes of TCP/UDP payload which allows us to evaluate our non- payload methodology.

13 Combine and cross-validate identification methods fixed ports signature-based payload analysis transport layer dynamics

14 http://www.cww.net.cn/tech/html/2007/10/24/2 0071024218482376.htm

Download ppt "Transport layer identification of P2P traffic Victor Gau Yi-Hsien Wang 2007.11.16."

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
4123702 Data Communications System By Ajarn Preecha Pangsuban.

Data Communications System By Ajarn Preecha Pangsuban.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 28 Real-Time Traffic over the Internet.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 28 Real-Time Traffic over the Internet.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - (http://www.TCPIPGuide.com) Version 3.0 - Version.

UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.

Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.

1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.

Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,

Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.

A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.
A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.

A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.

Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Review: –What is AS? –What is the routing algorithm in BGP? –How does it work? –Where is “policy” reflected in BGP (policy based routing)? –Give examples.

Review: –What is AS? –What is the routing algorithm in BGP? –How does it work? –Where is “policy” reflected in BGP (policy based routing)? –Give examples.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Similar presentations

Ads by Google