Research On P2P Traffic Identification Based On NetFlow

P2P(Peer-to-peer) technology is a new communication model. It is developing rapidly in these years, and widely used in the sharing of network resources, instant communications, etc.. While P2P is promoting Internet's development, it is also bringing about many issues such as too much bandwidth occupying and network security problems. Therefore, we need an effective and reliable peer-to-peer monitoring and control strategy to maintain the normal operation of the network.Currently three P2P traffic identification technologies are extensively used: port matching, user payload analysis and the detection based on flow characteristics. Since more and more P2P applications are using dynamic random port numbers, the traditional port matching technology is becoming useless. The user payload analysis technology is also facing some problems. It is not very efficient, and unable to detect unknown or encrypted P2P applications. The detection technology based on flow characteristics has fixed up these shortcomings, and can be used for online and real-time identification, therefore it is the most practical method for detecting P2P traffic.This detection technology needs to be based on flow acquisition. The NetFlow technology acquires traffic through the routers by flows. The router sends expired flows to the flow collector in a certain format, providing information below the transport layer, which just fits for this detection technology. In addition, NetFlow is supported by most current mainstream equipment manufacturers, making the implementation of this detection technique more convenient.Being different from the C/S(Client/Server) structured networks, in a P2P network, each peer is playing both the server and the client dual roles. While it initiates connections to other peers, it also opens listening ports for other peers connecting to it. Besides, while it downloads data from other peers, it uploads at the same time. Basing on these facts, this paper designed and implemented a new P2P traffic detection technology based on flow characteristics. In the design, we solved the problem of the judgment between active connections and passive connections. As the existing NetFlow collectors are mostly using off-line analysis, they can't satisfy our real-time and on-line identification requirements. We designed a new NetFlow collector, which can also be used for other flow monitoring and analysis technologies.