From: "Arvid Stüwe" <arvid@michaelishof.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Intelligent P2P detection
Date: Thu, 27 Mar 2003 21:34:48 +0000 [thread overview]
Message-ID: <marc-lartc-104880126815699@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104857984213566@msgid-missing>
On Don, 27 Mär 2003, Matthias Weingart wrote:
>Maybe another way is better. What is the most common of P2P traffic? It
>makes much much traffic.
Not really. Well, it depends on your users, if all they do is surfing, you
are right, but not if they are mirroring www.kernel.org.
A better criteria for finding P2P traffic is the number of different IPs
involved. A P2P-Tool usually sends packets to many other hosts (eDonkey and
Overnet in particular). That's how we detect them at our dormitory. Here are
some scripts running here that count the number of IPs a host has sent to
and received from (tcpdump, grep, and some perl). When this number
gets too high too fast, all traffic from that IP gets a special treatment.
>I guess it will be _very_ difficult to find and mark all packets of P2P
>software (and you will always be behind if new software or new versions are
>published).
You don't need *all* packets. You just need to recognize the initial
handshake the programs do to log into the p2p-network. Then you can proceed
by tracking the following packets between the two hosts involved.
cu
Arvid
--
in bunten Bildern wenig Klarheit,
viel Irrtum und ein Fünkchen Wahrheit
(Johann Wolfgang v. Goethe)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-03-27 21:34 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-25 8:08 [LARTC] Intelligent P2P detection Luman
2003-03-25 10:21 ` Kim Jensen
2003-03-25 10:53 ` Luman
2003-03-25 12:20 ` Kim Jensen
2003-03-25 12:24 ` Luman
2003-03-25 12:30 ` Luman
2003-03-25 12:44 ` Matthias Weingart
2003-03-25 12:51 ` Robert Kryczało
2003-03-25 12:56 ` Luman
2003-03-25 13:05 ` Robert Kryczało
2003-03-25 15:27 ` Robert Kryczało
2003-03-26 21:37 ` Dawid Kuroczko
2003-03-26 21:50 ` Dawid Kuroczko
2003-03-27 9:24 ` Luman
2003-03-27 9:35 ` Luman
2003-03-27 10:16 ` Gordan Bobic
2003-03-27 15:20 ` Robert Kryczalo
2003-03-27 15:32 ` Robert Kryczało
2003-03-27 16:04 ` Gordan Bobic
2003-03-27 16:38 ` Robert Kryczało
2003-03-27 16:43 ` Gordan Bobic
2003-03-27 20:15 ` Matthias Weingart
2003-03-27 21:34 ` Arvid Stüwe [this message]
2003-03-28 8:14 ` Robert Kryczało
2003-03-31 12:10 ` Szymon Miotk
2003-03-31 12:32 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104880126815699@msgid-missing \
--to=arvid@michaelishof.de \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.