| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 8.72 MB | Adobe PDF |
Advisor(s)
Abstract(s)
This dissertation is devoted to the study of Peer-to-Peer (P2P) network traffic identification,
using Deep Packet Inspection (DPI) methods. The approach followed in this
work is based on the analysis of the content of a packet payload, being paid particular
attention to the cases where encryption or obfuscation is used.
The protocols and applications under study along this dissertation are organized
into two main categories: P2P file sharing (BitTorrent, Gnutella and eDonkey) and P2P
TV (Lvestation, TVU Player and Goalbit). The history of P2P and its major milestones
are briefly presented, along with their classification according to the functionalities
they provide and the network protocol architectures being used by them. Studies on
the evolution and current state in the detection of P2P traffic are particularly detailed,
as they were the main motivation towards the detection of both encrypted P2P file
sharing and P2P TV traffic.
The detection of Peer-to-Peer traffic is accomplished by using a set of open source
tools, emphasizing Snort, Wireshark and Tcpdump. Snort is used for triggering the
alerts concerning this kind of traffic, by using a specified set of rules. These are manually
created, based on the observed P2P traffic protocol signatures and patterns, by
usingWireshark and Tcpdump. For the storage and visualization of the triggered alerts
in a user friendly manner, two open source tools were used, respectively, MySQL and
BASE.
Finally, the main conclusions achieved in this work are briefly exposed. A section
dedicated to future work contains possible directions that may be followed in order to
improve this work.
Description
Keywords
Sistemas distribuídos Sistema peer-to-peer