Page d'accueil

P2P detection on nprobe

Most current netflow probes are usually able to classify traffic using only transport-layer information. Most of the time, this information relies on the TCP/UDP well-known port numbers. With the increasing use of P2P applications, VoIP and other applications using dynamic port numbers, multiples sessions and sometimes encrypted payload, this kind of basic classification is not reliable anymore. Therefore other methods have to be implemented, for example, pattern matching on the data payload or statistical analysis of the packet flows are of paramount importance. As the need for higher bandwidth arises, applying pattern matching on data payload becomes quite resource intensive and cannot be handled by a single common CPU. Companies like Sensory Networks, (Eneo's partner), have developed specific hardware to handle such tasks. An implementation using this hardware in an open source netflow probe called pmacct will be carried out during this project. If time permits, the statistical approach using only transport-layer information to classify flows at the collector level could be studied and implemented. Requirements: Linux network, C Programming, Netflow Support: Besides IICT professors, the student will get support from Eneo specialists and partners Project specifications: The project consists in the development of a reliable IP traffic classification using pattern matching and/or statistical analysis. The following tasks will be fulfilled: 1. Reading and understanding of the protocols allowing detection 2. Discussion of the different available methodologies 3. Implementation of one of those methodologies 4. Benchmarks and measures of the chosen method 5. Writing of a research report