1.1 Background
P2P is the abbreviation of peer-to-peer. Peer has the meaning of "(status, ability, etc.) equivalent", "colleague" and "partner" in English. In this way, P2P can also be understood as "partner-to-partner", or peer-to-peer networking. At present, people think that it has great prospects in strengthening the exchange of people on the Internet, file exchange, and distributed computing.
P2P is still point-to-point download. It is a download term, which means that while you download it yourself, your computer must continue to do host upload. This download method, the more people, the faster the speed, but the disadvantage is right Your hard disk damage is relatively large (you must read while writing), and it also takes up more memory for you, affecting the speed of the whole machine!
Ipoque, a German Internet research institute, said that P2P has completely ruled the Internet today, and 50-90% of its total traffic comes from P2P programs. In the P2P program, BitTorrent has exceeded eDonkey (including eMule), accounting for 50 ~ 70% of P2P traffic, and the latter has a share of 5 ~ 50% according to different regions, but in some places, eDonkey is still the first choice for P2P.
Since the emergence of P2P (Peer-to-Peer) technology, it has been rapidly popularized and developed, especially the most widely used P2P file sharing technology. As P2P software is constantly updated, new P2P software is also emerging, and the files shared by P2P users are mostly the latest or most popular, more and more people are attracted to the P2P camp, P2P traffic is in the whole The proportion of network traffic is increasing day by day. According to statistics, in just a few years, P2P traffic has occupied more than 60% of the bandwidth in the fixed network, posing a serious threat to other network services such as Web and Email. Therefore, how to identify P2P traffic and control it has gradually become a problem that people are more concerned about.
Software developed based on P2P technology has the following typical characteristics:
1. There are many types of software, and the communication protocol used is not standardized and standard;
2. Each host is both a server and a client, there is no obvious central control unit, and the flow has a mesh connection feature, which is difficult to identify;
3. The network evades the control of P2P services by operators, etc., and generally adopts technologies such as encrypted transmission and frequent update of protocol features, which makes identification and control difficult.
1.2 Traditional P2P application identification and control methods
So far, the traditional P2P application identification and control methods mainly have the following four categories:
The first type of technology: the use of ports for P2P traffic identification is to study the corresponding traffic of various P2P software and summarize one or more commonly used fixed ports (such as the common commercial port of KuGoo software is 7000). Then in the process of traffic detection, once it is found that the end date of the flow is the same as the summarized port, it can be determined that the flow belongs to P2P flow and belongs to a certain type of P2P software. However, for the use of ports to identify P2P traffic, most P2P software no longer uses fixed ports, or uses dynamic ports, or has a port setting function in the software for users to set ports themselves, and even some P2P software uses 8O and other services Fixed port number to spoof traffic detection equipment.
The second type of technology: using keywords to identify P2P traffic is also based on studying the corresponding traffic of various P2P software. At this time, the purpose of the traffic research is no longer to summarize the feature ports, but to summarize the feature strings or keywords that are included in all the data packets of the traffic or have the highest frequency, and the location of the general keywords is also strictly required. Then in the process of traffic detection, deep inspection of the data packet. If the keyword matches successfully, it can be determined that the traffic belongs to P2P traffic and the software category to which it belongs. However, with the continuous development of P2P technology, the above methods have appeared obvious drawbacks. For the use of keywords to identify P2P traffic, some or all bytes of the key character string may change with the operating environment and version of the software.
The third type of technology is the technology that uses the number of TCP / UDP ports greater than 1024 for P2P identification. However, this method cannot distinguish P2P services from port scanning and DdoS attacks.
The fourth type of technology: the technology of P2P identification of the number of peer IP addresses of the communication connected by the IP address. However, this method cannot distinguish whether an IP address belongs to a device that provides servers for many users, or whether a user initiates a large number of P2P connections.
Therefore, in summary, the traditional P2P application recognition technology can no longer cope with the development and changes of the P2P technology itself.
Detachable Earbuds,Earphones With Detachable Cable,Earbuds With Detachable Cable,Earbuds With Replaceable Cable
Dongguang Vowsound Electronics Co., Ltd. , https://www.vowsound.com