P2P流量识别与分析
|
摘要
P2P技术是一种资源分散存储与共享的新兴技术。其体系结构与C/S体系架构相对应,资源存储上化集中为分布,资源使用上化分布为集中。因此,它是一种很有创意的技术。该技术一出现便被广泛的应用到各个领域。然而正当P2P应用进行的如火如荼的时候,问题也随之而来。其中最突出的问题就是带宽占用问题。为了让P2P技术更好的发展下去,同时不损害ISP的利益,目前人们普遍采用对P2P流量进行限制和管理来缓解带宽压力的方法来解决这一矛盾。要对P2P流量进行管理,首先应该对其进行正确的识别。一开始的时侯,针对P2P流的检测是很简单的,原因是那个时侯的P2P所使用的端口是不变化的。后来,协议端口的随机选取技术被应用于多数对等网络应用中,在检测中发现有些流量中甚至出现了80、25等专用端口;这些特征的出现使得P2P流量识别变得异常困难。因此,如何更加有效识别出P2P流量成了摆在人们面前的一道难题。
本文是在局域网范围内,在利用Ethereal等抓包工具对P2P应用流量监测的背景下,对常见的P2P软件的流量特征、P2P流量识别方法等方面进行了详细的分析与研究。本文首先对P2P技术的应用与发展历程进行了详细的阐述。其次,深入而又细致的分析了目前常用的P2P流量识别技术:端口识别技术、基于流统计特征的识别技术和基于深层数据包检测的识别技术,总结了它们的优缺点及适用范围。并在局域网环境下,借助于Ethereal等网络协议分层处理工具,针对各种技术进行了相应的实际验证,得出了一些独立的结论。最后,作者通过对各种技术的分析与综合提出了一种启发式的识别模型。虽然,该模型的有效性和准确性还有待进一步验证;但是,该模型可以为P2P流量识别的研究者与网络管理人员提供一种综合识别与分析P2P流量的思路。另外,本文实验数据是在实际网络环境中的运行结果,为P2P技术研究者提供了丰富可靠的原始数据资料,同时可以帮助网络管理员进一步有效地限制、管理网络中的P2P流量,从而提高其他正常网络应用的服务质量。
P2P technology is an emerging technology of resource’s distributed storage and sharing. Corresponding with the dominant C/S (Client/Server) network architecture. This network architecture changes the way of storage from centralization to distribution, and the way of use from distribution to centralization. Therefore, it is a very innovative technology and has been applied to many areas.When the application in full swing, the problem is followed. One of the most prominent problems is that the bandwidth occupy. A large number of Internet bandwidth have been occupied by P2P applications. In order to enable P2P develop, at the same time not to harm the interests of ISP, people began to restrict and management P2P traffic to ease the bandwidth pressure. The first task is to correctly identify the P2P traffic. At first, because of early P2P protocol use of fixed TCP or UDP port, the identification for P2P is easy. However, with the continuous development of P2P technology, many P2P applications start using dynamic port and pseudo port to conceal there whereabouts. In testing, we found that some P2P traffic is even use 80, 25 ports. The emergence of these new features lead to the traditional methods of identification for P2P traffic is no longer applicable.Therefore, how to propose a more reasonable and effective method has become a difficult problem.
This article is based on the use of tools such as Ethereal to monitor traffic of P2P applications with the LAN, and carried out a detailed analysis and research on the traffic features of common P2P software and P2P traffic identification method. First, this article describes in detail the application of P2P technology and the development process. Second, this article gives the depth and detailed analysis of the current popular P2P traffic identification technology: port identification technology, based on traffic statistical features identification technology and the identification technology based on deep packet inspection (DPI), their advantages, disadvantages and application. For a variety of identification technologies, using Ethereal and other protocol analysis tool carried out corresponding experiments in the LAN environment and draw some of own conclusions. Finally, the author proposes a heuristic identification model through analysis and synthesis of various identification techniques. Although the validity and accuracy of the model remains to be verified, however, the model provides an idea about comprehensive identification and analysis of P2P traffic for P2P traffic identification researchers and network managers. In addition, the experimental data in this artical is real data running in real network environment, which is also a rich source of reliable data for the P2P technology researchers. At the same time, these datas can help network administrators to effectively limit and manage P2P network traffic and then enhance the quality of service of other normal network applications.
本文是在局域网范围内,在利用Ethereal等抓包工具对P2P应用流量监测的背景下,对常见的P2P软件的流量特征、P2P流量识别方法等方面进行了详细的分析与研究。本文首先对P2P技术的应用与发展历程进行了详细的阐述。其次,深入而又细致的分析了目前常用的P2P流量识别技术:端口识别技术、基于流统计特征的识别技术和基于深层数据包检测的识别技术,总结了它们的优缺点及适用范围。并在局域网环境下,借助于Ethereal等网络协议分层处理工具,针对各种技术进行了相应的实际验证,得出了一些独立的结论。最后,作者通过对各种技术的分析与综合提出了一种启发式的识别模型。虽然,该模型的有效性和准确性还有待进一步验证;但是,该模型可以为P2P流量识别的研究者与网络管理人员提供一种综合识别与分析P2P流量的思路。另外,本文实验数据是在实际网络环境中的运行结果,为P2P技术研究者提供了丰富可靠的原始数据资料,同时可以帮助网络管理员进一步有效地限制、管理网络中的P2P流量,从而提高其他正常网络应用的服务质量。
P2P technology is an emerging technology of resource’s distributed storage and sharing. Corresponding with the dominant C/S (Client/Server) network architecture. This network architecture changes the way of storage from centralization to distribution, and the way of use from distribution to centralization. Therefore, it is a very innovative technology and has been applied to many areas.When the application in full swing, the problem is followed. One of the most prominent problems is that the bandwidth occupy. A large number of Internet bandwidth have been occupied by P2P applications. In order to enable P2P develop, at the same time not to harm the interests of ISP, people began to restrict and management P2P traffic to ease the bandwidth pressure. The first task is to correctly identify the P2P traffic. At first, because of early P2P protocol use of fixed TCP or UDP port, the identification for P2P is easy. However, with the continuous development of P2P technology, many P2P applications start using dynamic port and pseudo port to conceal there whereabouts. In testing, we found that some P2P traffic is even use 80, 25 ports. The emergence of these new features lead to the traditional methods of identification for P2P traffic is no longer applicable.Therefore, how to propose a more reasonable and effective method has become a difficult problem.
This article is based on the use of tools such as Ethereal to monitor traffic of P2P applications with the LAN, and carried out a detailed analysis and research on the traffic features of common P2P software and P2P traffic identification method. First, this article describes in detail the application of P2P technology and the development process. Second, this article gives the depth and detailed analysis of the current popular P2P traffic identification technology: port identification technology, based on traffic statistical features identification technology and the identification technology based on deep packet inspection (DPI), their advantages, disadvantages and application. For a variety of identification technologies, using Ethereal and other protocol analysis tool carried out corresponding experiments in the LAN environment and draw some of own conclusions. Finally, the author proposes a heuristic identification model through analysis and synthesis of various identification techniques. Although the validity and accuracy of the model remains to be verified, however, the model provides an idea about comprehensive identification and analysis of P2P traffic for P2P traffic identification researchers and network managers. In addition, the experimental data in this artical is real data running in real network environment, which is also a rich source of reliable data for the P2P technology researchers. At the same time, these datas can help network administrators to effectively limit and manage P2P network traffic and then enhance the quality of service of other normal network applications.
引文
[1] Napster[EB/OL]. http://www.Napster.com/
[2] BitTorrent[EB/OL]. http:// www.bittorrent.com/
[3] Skype[EB/OL]. http://skype.tom.com/
[4] Cachelogic [EB/OL]. http://www.cachelogic.com/
[5]王逸欣,王锐等. P2P流量检测技术初探[J].计算机与数字工程, 2006, 34(6):161-164.
[6] Edonkey[EB/OL]. http://www.mldonkey.org/
[7] S Sen, O. Spatscheck, D. M Wang.“Accurate, Scalable In-Network Identi -fication of P2P Traffic Using Application Signatures”, WWW2004, New York, USA, 2004.
[8] eMule[EB/OL]. http://www.emule.com/
[9] Ethereal[EB/OL].http://www.ethereal.com/
[10] T Karagiannis, A Broido, M Faloutsos.“Transport Layer Identifica -tion of P2P Traffic”,Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, ACM Press, New York, USA, 2004, pp. 121-134.
[11] KaragiannisT, Papagiannaki D, Faloutsos M.“BLINC:Multilevel Traffic Classification in the Dark”[A], Proc of the Conf on Applications, Technologies, Architectures, and Protocols for Computer Communications[C].2005.229-240.
[12]韩涛,耿玉水.P2P技术的发展与应用[J].电脑与信息技术,2009,17(3): 78-81.
[13]林宇等.对等网络[J].中兴通迅技术.2006.2(12):57-60.
[14] Gnutella[EB/OL]. http://www.Guntella.wego.com/
[15] Kazza[EB/OL]. http://www.kazza.com/
[16]蒋林涛.P2P技术的分析与研究[J].电信网技术,2007.03
[17]石硕,杨宝华等.P2P技术的发展与探讨[J].网络通讯与安全, 2007(14):366-367
[18] SETI@HOME[EB/OL].http://www.equn.com/seticn/.
[19]吴胜浩,钟亦平,张世永. JXTA:新型的网络计算环境[J].计算机工程, 2004. 5(9):4-6.
[20] ZHANG Xinyan, LIU Jiangchuan, LI Bo, et al. CoolStreaming/DONet: a data-driven overlay network for peer-to-peer live media streaming[C]//Proceedings of 24th Annual Joint Conference of the IEEE Computer and Communications Societies: Vol 3, Mar 13-17, Miami, FL, USA. Piscataway, NJ,USA:IEEE,2005: 2102-2111.
[21] LIU J C, RAO S, LI B, et al. Opportunities and challenges of peer-to-peer Internet video broadcast [J]. Proceedings of the IEEE, Special Issue on Recent Advances in Distributed Multimedia Communications, 2007.
[22] LIAO Xiaofei, JIN Hai, LIU Yunhao, et al. AnySee: peer-to-peer living streaming [C]//Proceedings of 25th IEEE International Conference on Computer Communications (Infocom’06), Apr 23-29, 2006, Barcelona, Spain. Piscataway, NJ, USA: IEEE, 2006: 1-10.
[23]金海,廖小飞.P2P技术原理及应用[J].中兴通迅技术, 2007(6):01-05.
[24] eMule协议规范全文.[EB/OL].http://wenku.baidu.com/
[25]崔立红. P2P技术带来的版权问题与对策研究[J].山东大学学报, 2007.4(12):149-154
[26]贺思德,申浩如.网络协议分析软件Ethereal使用手册, 2007.
[27] Cisco Sys tems Inc, NetFlow services solutions guide [EB/OL], http:∥www.cisco.com/, 2007.
[28] Allot Communications Ltd [EB/OL].http ://www.allot.com, 2007.
[29] Verso Technologies [EB/OL]. http ://www.verso.com/, 2007.
[30] Panabit[EB/OL].http://www.panabit.com/, 2009.
[31] S Sen, O. Spatscheck, D. M Wang.“Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures”, WWW2004, New York, USA, 2004.
[32] Matthew Roughan, Subhabrata Sen, Oliver Spatscheck etc. " Class - of - service mapping for Qos: a statistical signature-based approach to IP traffic classification", In IMC’04, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 135 - 148, New York, NY, USA, 2004. ACM Press.
[33] H. Bleul, E.P. Rathgeb.“A Simple, Efficient and Flexible Approach to Measure Multi-Protocol Peer-To-Peer Traffic”,IEEE International Conference on Networking (ICN' 05) 2005.
[34] T. Karagiannis, A. Broido, N. Brownlee, kc claffy, and M. Faloutsos. File-sharing in the Internet: A characterization of P2P traffic in the backbone.Technical report., 2004.
[35]徐恪等.P2P技术现状及未来发展[J].中兴通讯技术, 2007,12 (06):06~10.
[36] SAROIU S, GUMMADI P K, GRIBBLE S D.“A measurement study of peer- to- peer file sharing systems”[C], Proceedings of Multimedia Computing and Networking, Jan 18- 25, 2002, San Jose, CA, USA. 2002:156- 170.
[37] SEN S, WANG J.“Analyzing peer-to-peer traffic across large net -works”[J]. IEEE/ACM Transactions on Networking, 2004,12(2): 219- 232.
[38]周世杰等.对等网络流量检测技术研究[J].中兴通迅技术, 2007,10(5):14-18.
[39] M.S Kim, H.J Kang, J.W Hong.“Towards Peer-to- Peer Traffic Analysis Using Flows”, Lecture Notes in Computer Science, Springer, Heidelberg, Germany, 2003, pp.55-67.
[40] Fivos Constantinou, Panayiotis Mavrommatis.“Identifying known and unknown peer-to-peer traffic”[C], Proceedings of Fifth IEEE International Symposium on Network Computing and Applications, Jul 24-26,2006, Cambridge, MA, USA. Los Alamitos, CA, USA: IEEE Computer Society, 2006: 93-102.
[41] Thomas Karagiannis.“Is P2P dying or just hiding?”[E], www.caida.org /outreach/ papers/2004/p2p-dying/p2p-dying.pdf/
[42] Yu-shui Geng, Tao Han, Xu-song Jiang,“The research of P2P Traffic Identification Technology”, IEEE 2009 International Conference on E-Business and Information System Security, Wuhan, China, 2009,323-326.
[43] IPP2P[EB/OL]. http://www.ipp2p.org/
[44]刘洪涛.校园网中P2P流量的识别及其控制[J],武汉船舶职业技术学院学报,2007,(4):37-39
[45]李锋.校园网中P 2 P流量监管与控制[J],网络安全技术与应用,2008.3:75-76.
[46] NAT[EB/OL], http://midcom-P2P.sourceforge.net/draft-ford-midcom P2P-01.txt/
[47]罗杰文. Peer to Peer(P2P)综述[I].北京:中科院计算技术研究所, 2005,11.
[48]柳斌,李之棠.基于访问控制列表的BitTorrent流量控制策略[J].计算机应用与软件, 2006, 23(5):19-20.
[49]李君,王攀等.P2P业务流量识别、分析和控制研究[J].计算机工程, 2006,6:122-124.
[50]韦安明,王洪波等.高速网络中P2P流量检测及控制方法[J],北京邮电大学学报, 2007, 10:117-120.
[51]柳斌,李之棠,李佳.一种基于流特征的P2P流量实时识别方法[J].厦门大学学报, 2007,11:132-135.
[2] BitTorrent[EB/OL]. http:// www.bittorrent.com/
[3] Skype[EB/OL]. http://skype.tom.com/
[4] Cachelogic [EB/OL]. http://www.cachelogic.com/
[5]王逸欣,王锐等. P2P流量检测技术初探[J].计算机与数字工程, 2006, 34(6):161-164.
[6] Edonkey[EB/OL]. http://www.mldonkey.org/
[7] S Sen, O. Spatscheck, D. M Wang.“Accurate, Scalable In-Network Identi -fication of P2P Traffic Using Application Signatures”, WWW2004, New York, USA, 2004.
[8] eMule[EB/OL]. http://www.emule.com/
[9] Ethereal[EB/OL].http://www.ethereal.com/
[10] T Karagiannis, A Broido, M Faloutsos.“Transport Layer Identifica -tion of P2P Traffic”,Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, ACM Press, New York, USA, 2004, pp. 121-134.
[11] KaragiannisT, Papagiannaki D, Faloutsos M.“BLINC:Multilevel Traffic Classification in the Dark”[A], Proc of the Conf on Applications, Technologies, Architectures, and Protocols for Computer Communications[C].2005.229-240.
[12]韩涛,耿玉水.P2P技术的发展与应用[J].电脑与信息技术,2009,17(3): 78-81.
[13]林宇等.对等网络[J].中兴通迅技术.2006.2(12):57-60.
[14] Gnutella[EB/OL]. http://www.Guntella.wego.com/
[15] Kazza[EB/OL]. http://www.kazza.com/
[16]蒋林涛.P2P技术的分析与研究[J].电信网技术,2007.03
[17]石硕,杨宝华等.P2P技术的发展与探讨[J].网络通讯与安全, 2007(14):366-367
[18] SETI@HOME[EB/OL].http://www.equn.com/seticn/.
[19]吴胜浩,钟亦平,张世永. JXTA:新型的网络计算环境[J].计算机工程, 2004. 5(9):4-6.
[20] ZHANG Xinyan, LIU Jiangchuan, LI Bo, et al. CoolStreaming/DONet: a data-driven overlay network for peer-to-peer live media streaming[C]//Proceedings of 24th Annual Joint Conference of the IEEE Computer and Communications Societies: Vol 3, Mar 13-17, Miami, FL, USA. Piscataway, NJ,USA:IEEE,2005: 2102-2111.
[21] LIU J C, RAO S, LI B, et al. Opportunities and challenges of peer-to-peer Internet video broadcast [J]. Proceedings of the IEEE, Special Issue on Recent Advances in Distributed Multimedia Communications, 2007.
[22] LIAO Xiaofei, JIN Hai, LIU Yunhao, et al. AnySee: peer-to-peer living streaming [C]//Proceedings of 25th IEEE International Conference on Computer Communications (Infocom’06), Apr 23-29, 2006, Barcelona, Spain. Piscataway, NJ, USA: IEEE, 2006: 1-10.
[23]金海,廖小飞.P2P技术原理及应用[J].中兴通迅技术, 2007(6):01-05.
[24] eMule协议规范全文.[EB/OL].http://wenku.baidu.com/
[25]崔立红. P2P技术带来的版权问题与对策研究[J].山东大学学报, 2007.4(12):149-154
[26]贺思德,申浩如.网络协议分析软件Ethereal使用手册, 2007.
[27] Cisco Sys tems Inc, NetFlow services solutions guide [EB/OL], http:∥www.cisco.com/, 2007.
[28] Allot Communications Ltd [EB/OL].http ://www.allot.com, 2007.
[29] Verso Technologies [EB/OL]. http ://www.verso.com/, 2007.
[30] Panabit[EB/OL].http://www.panabit.com/, 2009.
[31] S Sen, O. Spatscheck, D. M Wang.“Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures”, WWW2004, New York, USA, 2004.
[32] Matthew Roughan, Subhabrata Sen, Oliver Spatscheck etc. " Class - of - service mapping for Qos: a statistical signature-based approach to IP traffic classification", In IMC’04, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 135 - 148, New York, NY, USA, 2004. ACM Press.
[33] H. Bleul, E.P. Rathgeb.“A Simple, Efficient and Flexible Approach to Measure Multi-Protocol Peer-To-Peer Traffic”,IEEE International Conference on Networking (ICN' 05) 2005.
[34] T. Karagiannis, A. Broido, N. Brownlee, kc claffy, and M. Faloutsos. File-sharing in the Internet: A characterization of P2P traffic in the backbone.Technical report., 2004.
[35]徐恪等.P2P技术现状及未来发展[J].中兴通讯技术, 2007,12 (06):06~10.
[36] SAROIU S, GUMMADI P K, GRIBBLE S D.“A measurement study of peer- to- peer file sharing systems”[C], Proceedings of Multimedia Computing and Networking, Jan 18- 25, 2002, San Jose, CA, USA. 2002:156- 170.
[37] SEN S, WANG J.“Analyzing peer-to-peer traffic across large net -works”[J]. IEEE/ACM Transactions on Networking, 2004,12(2): 219- 232.
[38]周世杰等.对等网络流量检测技术研究[J].中兴通迅技术, 2007,10(5):14-18.
[39] M.S Kim, H.J Kang, J.W Hong.“Towards Peer-to- Peer Traffic Analysis Using Flows”, Lecture Notes in Computer Science, Springer, Heidelberg, Germany, 2003, pp.55-67.
[40] Fivos Constantinou, Panayiotis Mavrommatis.“Identifying known and unknown peer-to-peer traffic”[C], Proceedings of Fifth IEEE International Symposium on Network Computing and Applications, Jul 24-26,2006, Cambridge, MA, USA. Los Alamitos, CA, USA: IEEE Computer Society, 2006: 93-102.
[41] Thomas Karagiannis.“Is P2P dying or just hiding?”[E], www.caida.org /outreach/ papers/2004/p2p-dying/p2p-dying.pdf/
[42] Yu-shui Geng, Tao Han, Xu-song Jiang,“The research of P2P Traffic Identification Technology”, IEEE 2009 International Conference on E-Business and Information System Security, Wuhan, China, 2009,323-326.
[43] IPP2P[EB/OL]. http://www.ipp2p.org/
[44]刘洪涛.校园网中P2P流量的识别及其控制[J],武汉船舶职业技术学院学报,2007,(4):37-39
[45]李锋.校园网中P 2 P流量监管与控制[J],网络安全技术与应用,2008.3:75-76.
[46] NAT[EB/OL], http://midcom-P2P.sourceforge.net/draft-ford-midcom P2P-01.txt/
[47]罗杰文. Peer to Peer(P2P)综述[I].北京:中科院计算技术研究所, 2005,11.
[48]柳斌,李之棠.基于访问控制列表的BitTorrent流量控制策略[J].计算机应用与软件, 2006, 23(5):19-20.
[49]李君,王攀等.P2P业务流量识别、分析和控制研究[J].计算机工程, 2006,6:122-124.
[50]韦安明,王洪波等.高速网络中P2P流量检测及控制方法[J],北京邮电大学学报, 2007, 10:117-120.
[51]柳斌,李之棠,李佳.一种基于流特征的P2P流量实时识别方法[J].厦门大学学报, 2007,11:132-135.