TU Berlin

Internet Network ArchitecturesJuhoon Kim's Publications

Page Content

to Navigation

Juhoon Kim's Publications

eDonkey and Kad Traffic Analysis based on Semantic Protocol Identification
Citation key K-EKTASPI-10
Author Kim, Juhoon
Year 2010
Address Berlin, Germany
Month April
School Technische Universit├Ąt Berlin
Abstract The purpose of this thesis is to classify and analyze eDonkey/Kad traffic based on the semantic protocol classification. Since the popularity of the eDonkey protocol is known to be very high, analyses and measurements of this protocol are continuously made each year. However, many of those previous measurements were using network ports to classify Internet traffic. This way of classification causes false negatives when applications use non-standard port numbers. Another approach to the classification of the protocol is a signature-based classification. A signature-based method is said to be a more accurate method for the classification of Internet traffic. In spite of that, this way of classification causes false positives if the signature of the protocol is not long enough. A well-known signature of the eDonkey protocol is the first byte of the payload. However, the one-byte long signature is doubtlessly too weak to classify the eDonkey traffic accurately. In this thesis, we first introduce the analyzer which detects the eDonkey and the Kad traffic from the overall Internet traffic. For an accurate classification, we combine multiple protocol identification methods. Our fundamental approach to detect TCP connections of the eDonkey protocol is a semantic protocol identification, however the analyzer can be easily switched to perform with a signature-based identification. We briefly compare the two methods by running them on the same set of traces. After that we evaluate the characteristics of eDonkey and Kad traffic with regard to user behavior, traffic behavior, and the distribution of content. The analyzer implemented for this thesis identifies TCP and UDP packets of eDonkey traffic as well as UDP packets of Kad traffic and distinguishes it from all Internet traffic. Kad is a DHT-based peer-to-peer file sharing network and it is integrated in several eDonkey applications. Thus, we expect that this analysis covers almost all traffic that is produced by eDonkey applications in our measurement environment.
Bibtex Type of Publication Master Thesis
Download Bibtex entry


Quick Access

Schnellnavigation zur Seite über Nummerneingabe