direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Publications by Type: Master Theses

eDonkey and Kad Traffic Analysis based on Semantic Protocol Identification
Zitatschlüssel K-EKTASPI-10
Autor Kim, Juhoon
Jahr 2010
Adresse Berlin, Germany
Monat April
Schule Technische Universität Berlin
Zusammenfassung The purpose of this thesis is to classify and analyze eDonkey/Kad traffic based on the semantic protocol classification. Since the popularity of the eDonkey protocol is known to be very high, analyses and measurements of this protocol are continuously made each year. However, many of those previous measurements were using network ports to classify Internet traffic. This way of classification causes false negatives when applications use non-standard port numbers. Another approach to the classification of the protocol is a signature-based classification. A signature-based method is said to be a more accurate method for the classification of Internet traffic. In spite of that, this way of classification causes false positives if the signature of the protocol is not long enough. A well-known signature of the eDonkey protocol is the first byte of the payload. However, the one-byte long signature is doubtlessly too weak to classify the eDonkey traffic accurately. In this thesis, we first introduce the analyzer which detects the eDonkey and the Kad traffic from the overall Internet traffic. For an accurate classification, we combine multiple protocol identification methods. Our fundamental approach to detect TCP connections of the eDonkey protocol is a semantic protocol identification, however the analyzer can be easily switched to perform with a signature-based identification. We briefly compare the two methods by running them on the same set of traces. After that we evaluate the characteristics of eDonkey and Kad traffic with regard to user behavior, traffic behavior, and the distribution of content. The analyzer implemented for this thesis identifies TCP and UDP packets of eDonkey traffic as well as UDP packets of Kad traffic and distinguishes it from all Internet traffic. Kad is a DHT-based peer-to-peer file sharing network and it is integrated in several eDonkey applications. Thus, we expect that this analysis covers almost all traffic that is produced by eDonkey applications in our measurement environment.
Typ der Publikation Master Thesis
Download Bibtex Eintrag

Zusatzinformationen / Extras


Schnellnavigation zur Seite über Nummerneingabe