To search, Click below search items.


All Published Papers Search Service


Using UDP Packets to Detect P2P File Sharing


Tsang-Long Pao, Jian-Bo Chen


Vol. 7  No. 8  pp. 188-192


P2P file sharing is one of the major causes of network congestion. Because most of the P2P file sharing software do not bind to a specific port number, it is difficult to identify the P2P file sharing by using layer 3/4 header information. When we use the layer 7 information to find out P2P file sharing, the most difficult thing is to capture all the packets in the network because of the large traffic volume. In this paper, we focus on the feature of eMule and BitTorrent protocol, and using the layer 3/4 information such as UDP packet count and packet size to find out the suspected file sharing activities. When one IP address is suspected in performing file sharing, we only need to capture and analyze the layer 7 information for that IP address. When the payload is extracted, we can make sure that the IP address is running the P2P file sharing software. We do not need to capture all the packets in the network and can still find out the P2P file sharing efficiently and solve the network overload problem.


P2P file sharing, NetFlow, eMule, BitTorrent