Abstract: | 隨著寬頻Internet網路的普及電腦硬碟容量的大幅提升,網路用戶很自然地藉由高效率的分散式P2P檔案軟體交換VCD或DVD的影片或歌曲, 造成Internet訊務的嚴重失衡:少數P2P用戶的訊務耗盡連線頻寬,影響大部分使用者的權益,及帶來頻繁的網路財產侵權的抱怨. 由於P2P軟體已完全打破傳統主從的(Client/Server)傳輸模式.不僅將檔案切割成多個fragments,將資源分散儲存在各個particip-ate peer系統,也允� eer選取任意socket port number (0 ~ 65535 間之任意整數) 與peers建立傳輸連結,快速抓取部分內容,再結合成完整檔案.這些P2P特有的傳訊策略都使得網路管理者無法再依據特定傳輸port辨識/累計P2P訊務. TANET區網Aggregate router座於連網閘門位置, 負責轉送該地理分區大學,高中職,及數百所國中小學的Internet輸出/入訊務. 本研究擬擷取router NetFlow data,利用精簡的NetFlow轉送紀錄, 實地追蹤與分析P2P socket傳訊特徵,系統並依據P2P的並行傳輸特性,選定適當的傳訊特徵, 讀取NetFlow data累計/排序相關訊務數值,再據以偵測轉送的P2P訊務,協助管理人員監看其具體P2P傳訊量, 找出P2P主機,甚至寄發網路著作財產權宣導資料給可能的P2P用戶. P2P technology not only removes central control of such resources as communication, computation, file storage and retrieval, current P2P applications also have the ability to use arbitrary ports to camouflage their existence. The participants in the system thus could easily hide personal identifying information easily. As P2P traffic can not be classified by simply looking at the IP packet headers, This work makes use of the NetFlow data export from a aggregate router to develop P2P traffic measurement that helps identify active P2P stubs according to its significant distribution features: (1) heavy conne- ction density, (2) large mean packet size, and (3) long transmission duration. |