Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
This forum is in permanent archive mode. Our new active community can be found here.
P2P packet behavior
I was trying to explain to Nineless how you can identify a bittorent user if you can monitor a their connection, assuming the stream is encrypted but you can see the behavior of the packet streams as well as their destination IP addresses.
As best I can understand it, a P2P connection's distinguishing features are that is attempts many connections to several different IPs then maintains a continual stream of data to several at once, sometimes upwards of 20 simultaneous connections at once and usually over a long period of time.
Knowing this, you could devise a system that looks for such behavior and throttle down any connection doing such a thing. Such systems are the reason I can only seed the Tribes 2 torrent late at night.
Questions:
1) Are there any other types of connections that could be confused with a P2P connection?
2) Did I miss anything out compared to more realistic systems?
As best I can understand it, a P2P connection's distinguishing features are that is attempts many connections to several different IPs then maintains a continual stream of data to several at once, sometimes upwards of 20 simultaneous connections at once and usually over a long period of time.
Knowing this, you could devise a system that looks for such behavior and throttle down any connection doing such a thing. Such systems are the reason I can only seed the Tribes 2 torrent late at night.
Questions:
1) Are there any other types of connections that could be confused with a P2P connection?
2) Did I miss anything out compared to more realistic systems?
Comments
EDIT: