P2P
From BluWiki
A pure P2P network does not have the notion of clients or servers but only equal peer nodes that simultaneously function as both "clients" and "servers" to the other nodes on the network. This model of network arrangement differs from the client-server model where communication is usually to and from a central server. A typical example of a file transfer that is not P2P is an FTP server where the client and server programs are quite distinct: the clients initiate the download/uploads, and the servers react to and satisfy these requests.
This project mainly involves eDonkey and Gnutella Networks.
Contents |
[edit] Motivation
The growth of Traffic through the Internet creates several problems world wide. One of the main reason of this growth is data sharing using the popular peer-to-peer (P2P) networks. Network administrators are fighting P2P applications due to technical (bandwidth) and legal reasons. P2P applications use various technologies to improve connectivity and provide robustness.
[edit] Goals
Find a simple way to detect P2P communication, and provide a proof of correctness simulation which shows the detection method is feasible.
[edit] Gnutella
Gnutella (pronounced with a silent "g") is a file sharing network used primarily to exchange music, films and software. It is a true peer-to-peer network; it operates without a central server. Files are exchanged directly between users. Gnutella client programs connect to the network and share files. Search queries are passed from one node to another in round-robin fashion. Gnutella clients are available for a number of platforms.
[edit] eDonkey network
eDonkey network (also called eDonkey2000 network or ed2k) is a file sharing network used primarily to exchange music, films and software. Like most file sharing networks, it is decentralized; files are not stored on a central server but are exchanged directly between users based on the peer to peer principle. eDonkey client programs connect to the network and share files. eDonkey servers act as communication hubs for the clients and allow users to locate files within the network. Both eDonkey clients and servers are available for Windows, Macintosh, and Linux and other UNIX variants. Anyone can add a server to the network. Because of constant changes to the server network, clients update their server lists reguarly. eDonkey uses a compound MD4 hash checksum to identify files which permits identification of identical files with different filenames. Another feature of eDonkey is that it shares file segments before the download completes; this speeds up file distribution throughout the network. To ease file searching, some websites list the checksums of sought-after files in the form of an ed2k link. Some of those websites also have lists of active servers for users to update.
[edit] Detection Methods
Because P2P networks find themselves in the gray area of the law, their creators try to keep their network activity undetected. Therefore, whenever a new method of detecting such programs is implemented, new versions of P2P software will adjust and overcome this method.
[edit] Crawlers
In order to detect P2P action we can join the P2P network as an active client. A crawler is a client of the P2P system modified to measure the system activity. The crawler join the P2P network like all other clients, and then tries to learn the system’s structure, the IP addresses, ports numbers and all the data it can learn from the protocol (like how many new users, how many searches and how much data transferred in a period of time). The crawler must be fast enough to learn about the structure before it changes (due to the flexibility of the network structure), if the crawler’s operation takes too long, too many nodes will join and leave the network, making the results irrelevant.
Advantage: • Can identify all computers (IPs) working in the P2P network with a high level of certainty and disconnect them.
Disadvantage: • Detect and block only one specific P2P network. • Need to run the program itself in our network, requires deep knowledge of the P2P protocol. • If the program isn’t open source, or even encrypted, the building of a crawler becomes almost an impossible task. • Uses an extreme amount of resources (CPU & memory), due to the enormous size of the P2P networks structures (millions of nodes).
