Based On The Dual Characteristics Of P2p Traffic Detection And Control Technology

With the continuous development of the Internet, P2P network applications developed rapidly. According to statistics, P2P applications has devoured 60% -80% of the bandwidth. However, there is no effective method to detect P2P traffic. Therefore, accurate identification of P2P traffic makes great sense for efficient network management and reasonable utility of network resources.Based on the above premise, this thesis reviews the developments and current status of the technology of P2P network traffic identification, analyzes the principles and technical characteristics of current P2P traffic identification method and system, and proposes an identification method based on twofold features, namely traffic features and payload features, which is by Netfilter/iptables framework, transparent bridge, and netlink communication technology in linux. It also designed and implemented the P2P traffic detection and control system. Deep packet inspection technology can accurately identify variety of widely used P2P applications, while traffic feature detection technology can identify encrypted and unknown P2P traffic. It improved the system performance and accuracy by comprehensive use of two kinds of technology.The detailed design of the detect system including network traffic acquisition module, the P2P traffic identification module based on deep packet inspection technology, the P2P traffic identification module based on the transport layer features and traffic control module. Traffic acquisition and control modules which are the basis of the system, responsible for acquiring and controlling network traffic, while the two detection module is the most important part of the system. The thesis described the design and implementation of the two parts in detail. The key technology of deep packet inspection module includes ports identification, reorganization of IP fragmentation, connection tracking, improvements of KMP algorithm and deep packet inspection technology. With peer analysis and comparative analysis of uploading and downloading traffic characteristics detection module can identified the P2P peer. In this thesis, all the contents of the above were described in detail with charts and parts of the core code.In LAN environment, we test the system's performance and effectiveness. Test results show that: the system can accurately and efficiently identify and detect the traffic of Thunder4, Thunder5, BitComet, eDonkey, eMule and other P2P applications. According to measurement data, some of the parameters were modified to further improve the system's detection speed and accuracy.