| Nowadays, with the rapid development of Internet, more and more critical applications of various organizations, e.g. enterprises and schools, depend on the Internet, but a majority of bandwidth is occupied by those network applications far away from the normal transactions. These facts lead to a long response time of critical applications and harm the network performance severely. In particular, the network applications become more complex lately, for example, P2P software for downloads and file transfers, taking bandwidth resources unlimited. These types of software use dynamic ports and masquerade its traffic as HTTP traffic, which make them hard to be identified by the firewalls, routers and other filtering machines.This paper presents a system solution to P2P traffic identification and control based on Netfilter in Linux firewall architecture. Through extending the Netfilter/Iptables framework, the identification of P2P connections according to the transfer layer and the application layer, and some appropriate firewall filter rules, the P2P traffic can be controlled, and as well could restrict P2P bandwidth usage together with Linux QoS tools. Thus, the network resources could be alleviated and the performance could be enhanced largely.This P2P identification and control protype system based on transfer layer and application layer analysis technology, could prohibit P2P download and restrict the P2P traffic to a predefined scope. In conclusion, this paper provides a very good solution for the monitoring or controlling of P2P download in internal network environment, and also provides a reference for research and development of similar system. |
PDF Full Text Request