Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods

Bibliographic Details
Main Author: Carvalho, David Alexandre Milheiro de
Publication Date: 2009
Format: Master thesis
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10400.6/3870
Summary: This dissertation is devoted to the study of Peer-to-Peer (P2P) network traffic identification, using Deep Packet Inspection (DPI) methods. The approach followed in this work is based on the analysis of the content of a packet payload, being paid particular attention to the cases where encryption or obfuscation is used. The protocols and applications under study along this dissertation are organized into two main categories: P2P file sharing (BitTorrent, Gnutella and eDonkey) and P2P TV (Lvestation, TVU Player and Goalbit). The history of P2P and its major milestones are briefly presented, along with their classification according to the functionalities they provide and the network protocol architectures being used by them. Studies on the evolution and current state in the detection of P2P traffic are particularly detailed, as they were the main motivation towards the detection of both encrypted P2P file sharing and P2P TV traffic. The detection of Peer-to-Peer traffic is accomplished by using a set of open source tools, emphasizing Snort, Wireshark and Tcpdump. Snort is used for triggering the alerts concerning this kind of traffic, by using a specified set of rules. These are manually created, based on the observed P2P traffic protocol signatures and patterns, by usingWireshark and Tcpdump. For the storage and visualization of the triggered alerts in a user friendly manner, two open source tools were used, respectively, MySQL and BASE. Finally, the main conclusions achieved in this work are briefly exposed. A section dedicated to future work contains possible directions that may be followed in order to improve this work.
id RCAP_ec35c51ffc65817f62dee7884aa7c6c2
oai_identifier_str oai:ubibliorum.ubi.pt:10400.6/3870
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methodsSistemas distribuídosSistema peer-to-peerThis dissertation is devoted to the study of Peer-to-Peer (P2P) network traffic identification, using Deep Packet Inspection (DPI) methods. The approach followed in this work is based on the analysis of the content of a packet payload, being paid particular attention to the cases where encryption or obfuscation is used. The protocols and applications under study along this dissertation are organized into two main categories: P2P file sharing (BitTorrent, Gnutella and eDonkey) and P2P TV (Lvestation, TVU Player and Goalbit). The history of P2P and its major milestones are briefly presented, along with their classification according to the functionalities they provide and the network protocol architectures being used by them. Studies on the evolution and current state in the detection of P2P traffic are particularly detailed, as they were the main motivation towards the detection of both encrypted P2P file sharing and P2P TV traffic. The detection of Peer-to-Peer traffic is accomplished by using a set of open source tools, emphasizing Snort, Wireshark and Tcpdump. Snort is used for triggering the alerts concerning this kind of traffic, by using a specified set of rules. These are manually created, based on the observed P2P traffic protocol signatures and patterns, by usingWireshark and Tcpdump. For the storage and visualization of the triggered alerts in a user friendly manner, two open source tools were used, respectively, MySQL and BASE. Finally, the main conclusions achieved in this work are briefly exposed. A section dedicated to future work contains possible directions that may be followed in order to improve this work.Freire, Mário MarquesuBibliorumCarvalho, David Alexandre Milheiro de2015-10-29T09:49:08Z20092009-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10400.6/3870enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-11T14:44:20Zoai:ubibliorum.ubi.pt:10400.6/3870Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T01:20:28.238804Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
title Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
spellingShingle Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
Carvalho, David Alexandre Milheiro de
Sistemas distribuídos
Sistema peer-to-peer
title_short Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
title_full Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
title_fullStr Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
title_full_unstemmed Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
title_sort Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods
author Carvalho, David Alexandre Milheiro de
author_facet Carvalho, David Alexandre Milheiro de
author_role author
dc.contributor.none.fl_str_mv Freire, Mário Marques
uBibliorum
dc.contributor.author.fl_str_mv Carvalho, David Alexandre Milheiro de
dc.subject.por.fl_str_mv Sistemas distribuídos
Sistema peer-to-peer
topic Sistemas distribuídos
Sistema peer-to-peer
description This dissertation is devoted to the study of Peer-to-Peer (P2P) network traffic identification, using Deep Packet Inspection (DPI) methods. The approach followed in this work is based on the analysis of the content of a packet payload, being paid particular attention to the cases where encryption or obfuscation is used. The protocols and applications under study along this dissertation are organized into two main categories: P2P file sharing (BitTorrent, Gnutella and eDonkey) and P2P TV (Lvestation, TVU Player and Goalbit). The history of P2P and its major milestones are briefly presented, along with their classification according to the functionalities they provide and the network protocol architectures being used by them. Studies on the evolution and current state in the detection of P2P traffic are particularly detailed, as they were the main motivation towards the detection of both encrypted P2P file sharing and P2P TV traffic. The detection of Peer-to-Peer traffic is accomplished by using a set of open source tools, emphasizing Snort, Wireshark and Tcpdump. Snort is used for triggering the alerts concerning this kind of traffic, by using a specified set of rules. These are manually created, based on the observed P2P traffic protocol signatures and patterns, by usingWireshark and Tcpdump. For the storage and visualization of the triggered alerts in a user friendly manner, two open source tools were used, respectively, MySQL and BASE. Finally, the main conclusions achieved in this work are briefly exposed. A section dedicated to future work contains possible directions that may be followed in order to improve this work.
publishDate 2009
dc.date.none.fl_str_mv 2009
2009-01-01T00:00:00Z
2015-10-29T09:49:08Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.6/3870
url http://hdl.handle.net/10400.6/3870
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833600935786446848

Similar Items