CN102035750B - Peer-to-peer (P2P) flow recognizing method and device - Google Patents
Peer-to-peer (P2P) flow recognizing method and device Download PDFInfo
- Publication number
- CN102035750B CN102035750B CN2010106243403A CN201010624340A CN102035750B CN 102035750 B CN102035750 B CN 102035750B CN 2010106243403 A CN2010106243403 A CN 2010106243403A CN 201010624340 A CN201010624340 A CN 201010624340A CN 102035750 B CN102035750 B CN 102035750B
- Authority
- CN
- China
- Prior art keywords
- session
- message
- node
- flow
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a peer-to-peer (P2P) flow recognizing method and device. The method comprises the steps of: receiving a TCP (Transmission Control Protocol) message of a source or destination node as a local node, judging whether the message is a conversation first message and is in an entering direction, if yes, judging whether the information of the destination node of the message exists in a P2P node list, if yes, marking the local conversation as the P2P conversation, if not, recognizing the message by adopting a preset P2P flow recognizing method, if the message is recognized to adopt the P2P flow, marking the local conversation as the P2P conversation, and adding the information of the destination node of the message into the P2P node list; and if the message does not adopt the P2P flow, judging whether the conversation is marked as the P2P conversation, if not, recognizing the message by adopting the preset P2P flow recognizing method, if the message is recognized to adopt the P2P flow, judging whether the direction of the local conversation is the entering direction, if yes, marking the local conversation as the P2P conversation, and adding the information of the destination node of the first message of the local conversation into the P2P node list. The invention accelerates the recognition of the P2P flow.
Description
Technical field
The present invention relates to the flow distinguishment technical field, be specifically related to point-to-point method for recognizing flux and device.
Background technology
In point-to-point (P2P, Peer to Peer) network, all nodes all are reciprocity, and direct interconnection is shared information resources or carried out file interaction between the node, need not to rely on centralized server.With respect to transmission control protocol (TCP; Transmission Control Protocol); UDP (UDP; User Datagram Protocol) be a kind of connectionless agreement, have characteristics such as transmission speed is fast, resource occupation is low, the P2P agreement of the overwhelming majority and application software all support to use UDP transmission data at present.
Along with constantly popularizing of internet (Internet), the P2P technology has obtained using very widely.According to authoritative institution's statistics, the flow above 80% all is the P2P flow among the Internet at present.The P2P flow has taken massive band width, causes network congestion, reduces network performance greatly, deterioration network service quality, hindered normal Network to carry out and key application, had a strong impact on application such as the normal Web of user, E-mail.
At present, mainly use deep-packet detection (DPI, Deep PacketInspection) method of identification, use the decrypted key data flow or based on the recognition methods of behavioural characteristic for the identification of the P2P flow of encrypting for the identification of expressly P2P flow.Wherein:
DPI method of identification:, in tcp data bag or the load of UDP message bag, search the feature string that a P2P agreement is different from other agreement and discern the P2P flow through packet deep layer scanning.
The decrypted key data flow: the critical data stream that deciphering P2P software produces, obtain local nodal information and the distant-end node information monitored, be used for the identification of follow-up encrypting traffic.
Based on behavioural characteristic: in a period of time, during TCP that the user keeps or UDP connect, destination interface at the linking number more than 1024 and destination interface at the ratio of the linking number below 1024 greater than threshold value, think that then the user transmitting the P2P flow.
The shortcoming of prior art scheme is following:
All need adopt a kind of identification the in the said method for each session, higher to the performance requirement of equipment like this, recognition speed is also slower.
Summary of the invention
The present invention provides P2P method for recognizing flux and device, to improve the speed of P2P flow identification.
Technical scheme of the present invention is achieved in that
A kind of point-to-point P2P method for recognizing flux, this method comprises:
A, reception sources node or destination node are the transmission control protocol TCP message of local node, judge that whether this message is that report for the first time literary composition and conversation direction of session is Inbound, if, execution in step B; Otherwise, execution in step C;
B, judge this message destination node information whether in the P2P node listing, if this session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow, then this session of mark is the P2P session, and the destination node information of this message is added in the P2P node listing;
C, judge whether this session is marked as the P2P session, if confirm that this message is the P2P flow; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Judge whether this conversation direction is Inbound; If Inbound, then this session of mark is the P2P session, and the civilian destination node information of reporting for the first time of this session is added in the P2P node listing.
Said destination node information is purpose IP address, destination interface sign and the protocol type of message.
Said method further comprises:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
A kind of point-to-point P2P method for recognizing flux, this method comprises:
Reception sources node or destination node are the UDP UDP message of local node;
When finding that this message is that session is reported for the first time literary composition and conversation direction when being Inbound, whether the destination node information of judging this message is in the P2P node listing, if this session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow, then this session of mark is the P2P session, and the destination node information of this message is added in the P2P node listing;
When finding that this message is that session is reported for the first time literary composition and conversation direction when being outgoing direction, whether the source node information of judging this message is in the P2P node listing, if this session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow, then this session of mark is the P2P session, and the source node information of this message is added in the P2P node listing;
When finding that this message is the session subsequent packet, judge whether this session is marked as the P2P session, if confirm that this message is the P2P flow; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Judge that then this conversation direction is Inbound or outgoing direction; If Inbound, this session of mark is the P2P session, and the civilian destination node information of reporting for the first time of this session is added in the P2P node listing; If outgoing direction, this session of mark is the P2P session, and the civilian source node information of reporting for the first time of this session is added in the P2P node listing.
Said destination node information is purpose IP address, destination interface sign and the protocol type of message;
The source IP address that said source node information is message, source port sign and protocol type.
Said method further comprises:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
A kind of P2P flow recognition device, this device comprises:
First module: reception sources node or destination node are the transmission control protocol TCP message of local node, judge that whether this message is that report for the first time literary composition and conversation direction of session is Inbound, if; Whether the destination node of judging this message is in the P2P of Unit second node listing; If, this session of mark is the P2P session, if do not exist; Adopt predetermined this message of P2P flow method of identification identification; If be identified as the P2P flow, then this session of mark is the P2P session, and the destination node of this message is added in the P2P node listing of Unit second; Otherwise, judge whether this session is marked as the P2P session, if be labeled; Confirm that this message is the P2P flow,, adopt predetermined this message of P2P flow method of identification identification if be not labeled; If be identified as the P2P flow, judge whether this conversation direction is Inbound, if Inbound; This session of mark is the P2P session, and the civilian destination node of reporting for the first time of this session is added in the P2P node listing of Unit second;
Unit second: storage P2P node listing.
Said destination node information is purpose IP address, destination interface sign and the protocol type of message.
Said Unit second is further used for:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
Said device is positioned on the Bandwidth Management equipment of local node.
A kind of P2P flow recognition device, this device comprises:
First module: reception sources node or destination node are the UDP UDP message of local node; When finding that this message is that session is reported for the first time literary composition and conversation direction when being Inbound, the destination node information of judging this message whether in the P2P node listing, if; This session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Then this session of mark is the P2P session, and the destination node information of this message is added in the P2P node listing; When finding that this message is that session is reported for the first time literary composition and conversation direction when being outgoing direction, the source node information of judging this message whether in the P2P node listing, if; This session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Then this session of mark is the P2P session, and the source node information of this message is added in the P2P node listing; When finding that this message is the session subsequent packet, judge whether this session is marked as the P2P session, if; Confirm that this message is the P2P flow, otherwise, predetermined this message of P2P flow method of identification identification adopted; If be identified as the P2P flow, judge that then this conversation direction is Inbound or outgoing direction, if Inbound; This session of mark is the P2P session, and the civilian destination node information of reporting for the first time of this session is added in the P2P node listing, if outgoing direction; This session of mark is the P2P session, and the civilian source node information of reporting for the first time of this session is added in the P2P node listing;
Unit second: storage P2P node listing.
Said destination node information is purpose IP address, destination interface sign and the protocol type of message;
The source IP address that said source node information is message, source port sign and protocol type.
Said Unit second is further used for:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
Said device is positioned on the Bandwidth Management equipment of local node.
Compared with prior art, the present invention utilizes the handling characteristics of UDP, tcp port to quicken the identification of P2P flow, has improved the handling property of Bandwidth Management equipment greatly.
Description of drawings
The method flow diagram of the P2P flow of TCP is adopted in the identification that Fig. 1 provides for the embodiment of the invention;
The conversation direction exemplary plot that Fig. 2 provides for the embodiment of the invention;
The method flow diagram of the P2P flow of UDP is adopted in the identification that Fig. 3 provides for the embodiment of the invention;
Fig. 4 for the embodiment of the invention provide when the UDP message is the session subsequent packet, to the P2P method for recognizing flux flow chart of this message;
The device composition diagram of the P2P flow of TCP is adopted in the identification that Fig. 5 provides for the embodiment of the invention.
Embodiment
P2P software is when starting, in order to need to create the listening port that can handle connection request for other node provides download service.For the P2P flow that adopts TCP; The source port of TCP connection request is Random assignment, and destination interface can be specified, therefore; Inbound; Be that the TCP connection request of ecto-entad direction can use local listening port, outgoing direction, promptly the TCP connection request of direction can use the listening port of far-end from inside to outside; For the P2P flow that adopts UDP, the source port of UDP connection request and destination interface all can appointments, and therefore, the UDP connection request of Inbound and outgoing direction all can use the listening port of this locality.Utilize above-mentioned characteristic, provide the following embodiment of the invention:
Below provide the scheme that identification is adopted the P2P flow of TCP, adopted the P2P flow of UDP respectively.
The method flow diagram of the P2P flow of TCP is adopted in the identification that Fig. 1 provides for the embodiment of the invention, and as shown in Figure 1, its concrete steps are following:
Step 101: Bandwidth Management equipment receives a source node or destination node is the TCP message of local node.
Step 102: Bandwidth Management equipment judges whether that this message is that report for the first time literary composition and conversation direction of session is Inbound, if, execution in step 103; Otherwise, execution in step 108.
Conversation direction is that to refer to session be that distant-end node is initiated to local node to Inbound.Fig. 2 has provided a conversation direction exemplary plot, and is as shown in Figure 2, reports for the first time literary composition from interface 1 entering when session, thinks that then conversation direction is an Inbound.
Step 103: Bandwidth Management equipment is searched purpose IP address, destination slogan and the protocol type of this message in the P2P node listing, judges whether to find, if, execution in step 104; Otherwise, execution in step 105.
Step 104: Bandwidth Management equipment confirms that this message is the P2P flow, and simultaneously, this session of mark is the P2P session, and this flow process finishes.
Because for a session, literary composition shows then that for the P2P flow whole session is the P2P flow if it is reported for the first time; Therefore, after the literary composition of reporting for the first time is identified as the P2P flow, be the P2P session just with this session tokens; Like this, when receiving the subsequent packet of this session, just can be directly according to this mark; Confirm that this subsequent packet is the P2P flow, need not to adopt again predetermined P2P flow method of identification to carry out the identification of P2P flow.
Step 105: Bandwidth Management equipment adopts predetermined P2P flow method of identification that this message is carried out the identification of P2P flow, judges whether this message is identified as the P2P flow, if, execution in step 106; Otherwise, execution in step 107.
Predetermined P2P flow method of identification is an existing P 2P flow method of identification, like: DPI method of identification, decrypted key data flow method, based on the behavioural characteristic method etc.
Step 106: Bandwidth Management equipment confirms that this message is the P2P flow, and purpose IP address, destination slogan and the protocol type of this message recorded in the P2P node listing, and simultaneously, this session of mark is the P2P session, and this flow process finishes.
Step 107: Bandwidth Management equipment confirms that this message is not the P2P flow, and this flow process finishes.
Step 108: Bandwidth Management equipment judges whether this session is marked as the P2P session, if, execution in step 109; Otherwise, execution in step 110.
At this moment, message maybe for the session subsequent packet or for report for the first time literary composition and conversation direction of session be outgoing direction.
Step 109: Bandwidth Management equipment confirms that this message is the P2P flow, and this flow process finishes.
Step 110: Bandwidth Management equipment adopts predetermined P2P flow method of identification that this message is carried out the identification of P2P flow, judges whether this message is identified as the P2P flow, if, execution in step 111; Otherwise, execution in step 114.
Step 111: Bandwidth Management equipment judges whether this conversation direction is Inbound, if, execution in step 112; Otherwise, execution in step 113.
Step 112: Bandwidth Management equipment confirms that this message is the P2P flow, purpose IP address, destination slogan and the protocol type of the literary composition of reporting for the first time of this session recorded in the P2P node listing, and be the P2P session with this session of tense marker, this flow process finishes.
Step 113: Bandwidth Management equipment confirms that this message is the P2P flow, and this flow process finishes.
Step 114: Bandwidth Management equipment confirms that this message is not the P2P flow, and this flow process finishes.
Can find out from embodiment illustrated in fig. 1: for arbitrary local P2P node; The TCP session of initiating to this this locality P2P node when arbitrary distant-end node is also unrecognized when being the P2P session; Bandwidth Management equipment can adopt predetermined P2P flow method of identification that the TCP message in this conversation procedure is carried out the identification of P2P flow, and when being identified as the P2P flow, Bandwidth Management equipment can write down the information of this this locality P2P node; Purpose IP address, destination slogan and the protocol type of the literary composition of reporting for the first time of this TCP session just; Like this, the TCP session message of after this issuing this this locality P2P node is during through Bandwidth Management equipment, all can be directly be identified as the P2P flow according to the P2P nodal information of this record; Obviously, recognition speed has been accelerated greatly.
The method flow diagram of the P2P flow of UDP is adopted in the identification that Fig. 3 provides for the embodiment of the invention, and as shown in Figure 3, its concrete steps are following:
Step 301: Bandwidth Management equipment receives a source node or destination node is the UDP message of local node.
Step 302: Bandwidth Management equipment judges that whether this message is the session literary composition of reporting for the first time, if, execution in step 303; Otherwise, carry out step 401~407 in embodiment illustrated in fig. 4.
Step 303: Bandwidth Management equipment judges that this conversation direction is Inbound or outgoing direction, if the former, execution in step 304; If the latter, execution in step 309.
Conversation direction is that to refer to session be that local node is initiated to distant-end node to outgoing direction.
Step 304: Bandwidth Management equipment is searched purpose IP address, destination slogan and the protocol type of this message in the P2P node listing, judges whether to find, if, execution in step 305; Otherwise, execution in step 306.
Step 305: Bandwidth Management equipment confirms that this message is the P2P flow, and simultaneously, this session of mark is the P2P session, and this flow process finishes.
Step 306: Bandwidth Management equipment adopts predetermined P2P flow method of identification that this message is carried out the identification of P2P flow, judges whether this message is identified as the P2P flow, if, execution in step 307; Otherwise, execution in step 308.
Step 307: Bandwidth Management equipment confirms that this message is the P2P flow, and purpose IP address, destination slogan and the protocol type of this message recorded in the P2P node listing, and simultaneously, this session of mark is the P2P session, and this flow process finishes.
Step 308: Bandwidth Management equipment confirms that this message is not the P2P flow, and this flow process finishes.
Step 309: Bandwidth Management equipment is searched source IP address, source port number and the protocol type of this message in the P2P node listing, judges whether to find, if, execution in step 310; Otherwise, execution in step 311.
Step 310: Bandwidth Management equipment confirms that this message is the P2P flow, and simultaneously, this session of mark is the P2P session, and this flow process finishes.
Step 311: Bandwidth Management equipment adopts predetermined P2P flow method of identification that this message is carried out the identification of P2P flow, judges whether this message is identified as the P2P flow, if, execution in step 312; Otherwise, execution in step 313.
Step 312: Bandwidth Management equipment confirms that this message is the P2P flow, and source IP address, source port number and the protocol type of this message recorded in the P2P node listing, and simultaneously, this session of mark is the P2P session, and this flow process finishes.
Step 313: Bandwidth Management equipment confirms that this message is not the P2P flow, and this flow process finishes.
Fig. 4 for the embodiment of the invention provide when the UDP message is the session subsequent packet, to the P2P method for recognizing flux flow chart of this message, as shown in Figure 4, its concrete steps are following:
Step 401: Bandwidth Management equipment confirms that this message is the session subsequent packet, judges whether this session is marked as the P2P session, if, execution in step 402; Otherwise, execution in step 403.
Step 402: Bandwidth Management equipment confirms that this message is the P2P flow, and this flow process finishes.
Step 403: Bandwidth Management equipment adopts predetermined P2P flow method of identification that this message is carried out the identification of P2P flow, judges whether this message is identified as the P2P flow, if, execution in step 404; Otherwise, execution in step 407.
Step 404: Bandwidth Management equipment confirms that this message is the P2P flow, judges that this conversation direction is Inbound or outgoing direction, if the former, execution in step 405; If the latter, execution in step 406.
Step 405: Bandwidth Management equipment records purpose IP address, destination slogan and the protocol type of the literary composition of reporting for the first time of this session in the P2P node listing, is the P2P session with this session of tense marker, and this flow process finishes.
Step 406: Bandwidth Management equipment records source IP address, source port number and the protocol type of the literary composition of reporting for the first time of this session in the P2P node listing, and simultaneously, this session of mark is the P2P session, and this flow process finishes.
Step 407: Bandwidth Management equipment confirms that this message is not the P2P flow, and this flow process finishes.
The Bandwidth Management recognition of devices can be blocked and control measure such as speed limit the P2P flow according to the Bandwidth Management strategy behind the P2P flow.
In addition, in the embodiment of the invention, any the P2P nodal information in the P2P node listing, i.e. IP address, port numbers and a protocol type when in preset aging duration, not hit, are just thought this P2P node off-line, delete this P2P nodal information.
The device composition diagram of the P2P flow of TCP is adopted in the identification that Fig. 5 provides for the embodiment of the invention, and as shown in Figure 5, it mainly comprises: the first module 51 and second unit 52, wherein:
First module 51: reception sources node or destination node are the TCP message of local node, judge that whether this message is that report for the first time literary composition and conversation direction of session is Inbound, if; Whether the destination node of judging this message is in the P2P node listing of second unit 52; If, this session of mark is the P2P session, if do not exist; Adopt predetermined this message of P2P flow method of identification identification; If be identified as the P2P flow, then this session of mark is the P2P session, and the destination node of this message is added in the P2P node listing of second unit 52; Otherwise, judge whether this session is marked as the P2P session, if be labeled; Confirm that this message is the P2P flow,, adopt predetermined this message of P2P flow method of identification identification if be not labeled; If be identified as the P2P flow, judge whether this conversation direction is Inbound, if Inbound; This session of mark is the P2P session, and the civilian destination node of reporting for the first time of this session is added in the P2P node listing of second unit 52.
Wherein, destination node information can be purpose IP address, destination interface sign and the protocol type of message.
Second unit 52: storage P2P node listing.
Device shown in Figure 5 can be positioned on the Bandwidth Management equipment of local node.
The identification that below providing the embodiment of the invention provides adopts the device of the P2P flow of UDP to form, and this device can be positioned on the Bandwidth Management equipment of local node, and it mainly comprises: first module and Unit second, wherein:
First module: reception sources node or destination node are the UDP message of local node; When finding that this message is that session is reported for the first time literary composition and conversation direction when being Inbound, the destination node information of judging this message whether in the P2P of Unit second node listing, if; This session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Then this session of mark is the P2P session, and the destination node information of this message is added in the P2P node listing of Unit second; When finding that this message is that session is reported for the first time literary composition and conversation direction when being outgoing direction, the source node information of judging this message whether in the P2P of Unit second node listing, if; This session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Then this session of mark is the P2P session, and the source node information of this message is added in the P2P node listing of Unit second; When finding that this message is the session subsequent packet, judge whether this session is marked as the P2P session, if not; Then adopt predetermined this message of P2P flow method of identification identification,, judge that then this conversation direction is Inbound or outgoing direction if be identified as the P2P flow; If Inbound; This session of mark is the P2P session, and the civilian destination node information of reporting for the first time of this session is added in the P2P node listing of Unit second, if outgoing direction; This session of mark is the P2P session, and the civilian source node information of reporting for the first time of this session is added in the P2P node listing of Unit second.
Wherein, destination node information can be purpose IP address, destination interface sign and the protocol type of message; Source node information can be source IP address, source port sign and the protocol type of message.
Unit second: storage P2P node listing.
Unit second is further used for: when the arbitrary nodal information in the P2P node listing is not hit in preset aging duration, then delete this nodal information.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the present invention protects.
Claims (14)
1. point-to-point P2P method for recognizing flux is characterized in that this method comprises:
A, reception sources node or destination node are the transmission control protocol TCP message of local node, judge that whether this message is that report for the first time literary composition and conversation direction of session is Inbound, if, execution in step B; Otherwise, execution in step C;
B, judge this message destination node information whether in the P2P node listing, if this session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow, then this session of mark is the P2P session, and the destination node information of this message is added in the P2P node listing;
C, judge whether this session is marked as the P2P session, if confirm that this message is the P2P flow; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Judge whether this conversation direction is Inbound; If Inbound, then this session of mark is the P2P session, and the civilian destination node information of reporting for the first time of this session is added in the P2P node listing.
2. method according to claim 1 is characterized in that, said destination node information is purpose IP address, destination interface sign and the protocol type of message.
3. method according to claim 1 is characterized in that, said method further comprises:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
4. point-to-point P2P method for recognizing flux is characterized in that this method comprises:
Reception sources node or destination node are the UDP UDP message of local node;
When finding that this message is that session is reported for the first time literary composition and conversation direction when being Inbound, whether the destination node information of judging this message is in the P2P node listing, if this session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow, then this session of mark is the P2P session, and the destination node information of this message is added in the P2P node listing;
When finding that this message is that session is reported for the first time literary composition and conversation direction when being outgoing direction, whether the source node information of judging this message is in the P2P node listing, if this session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow, then this session of mark is the P2P session, and the source node information of this message is added in the P2P node listing;
When finding that this message is the session subsequent packet, judge whether this session is marked as the P2P session, if confirm that this message is the P2P flow; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Judge that then this conversation direction is Inbound or outgoing direction; If Inbound, this session of mark is the P2P session, and the civilian destination node information of reporting for the first time of this session is added in the P2P node listing; If outgoing direction, this session of mark is the P2P session, and the civilian source node information of reporting for the first time of this session is added in the P2P node listing.
5. method according to claim 4 is characterized in that,
Said destination node information is purpose IP address, destination interface sign and the protocol type of message;
The source IP address that said source node information is message, source port sign and protocol type.
6. method according to claim 4 is characterized in that, said method further comprises:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
7. P2P flow recognition device is characterized in that this device comprises:
First module: reception sources node or destination node are the transmission control protocol TCP message of local node, judge that whether this message is that report for the first time literary composition and conversation direction of session is Inbound, if; Whether the destination node of judging this message is in the P2P of Unit second node listing; If, this session of mark is the P2P session, if do not exist; Adopt predetermined this message of P2P flow method of identification identification; If be identified as the P2P flow, then this session of mark is the P2P session, and the destination node of this message is added in the P2P node listing of Unit second; If this message is not: report for the first time literary composition and conversation direction of session is Inbound, judges whether this session is marked as the P2P session, if be labeled; Confirm that this message is the P2P flow,, adopt predetermined this message of P2P flow method of identification identification if be not labeled; If be identified as the P2P flow, judge whether this conversation direction is Inbound, if Inbound; This session of mark is the P2P session, and the civilian destination node of reporting for the first time of this session is added in the P2P node listing of Unit second;
Unit second: storage P2P node listing.
8. device according to claim 7 is characterized in that, said destination node information is purpose IP address, destination interface sign and the protocol type of message.
9. device according to claim 7 is characterized in that, said Unit second is further used for:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
10. device according to claim 7 is characterized in that, said device is positioned on the Bandwidth Management equipment of local node.
11. a P2P flow recognition device is characterized in that this device comprises:
First module: reception sources node or destination node are the UDP UDP message of local node; When finding that this message is that session is reported for the first time literary composition and conversation direction when being Inbound, the destination node information of judging this message whether in the P2P node listing, if; This session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Then this session of mark is the P2P session, and the destination node information of this message is added in the P2P node listing; When finding that this message is that session is reported for the first time literary composition and conversation direction when being outgoing direction, the source node information of judging this message whether in the P2P node listing, if; This session of mark is the P2P session; Otherwise, adopt predetermined this message of P2P flow method of identification identification, if be identified as the P2P flow; Then this session of mark is the P2P session, and the source node information of this message is added in the P2P node listing; When finding that this message is the session subsequent packet, judge whether this session is marked as the P2P session, if; Confirm that this message is the P2P flow, otherwise, predetermined this message of P2P flow method of identification identification adopted; If be identified as the P2P flow, judge that then this conversation direction is Inbound or outgoing direction, if Inbound; This session of mark is the P2P session, and the civilian destination node information of reporting for the first time of this session is added in the P2P node listing, if outgoing direction; This session of mark is the P2P session, and the civilian source node information of reporting for the first time of this session is added in the P2P node listing;
Unit second: storage P2P node listing.
12. device according to claim 11 is characterized in that,
Said destination node information is purpose IP address, destination interface sign and the protocol type of message;
The source IP address that said source node information is message, source port sign and protocol type.
13. device according to claim 11 is characterized in that, said Unit second is further used for:
When the arbitrary nodal information in the P2P node listing is not hit, then delete this nodal information in preset aging duration.
14. device according to claim 11 is characterized in that, said device is positioned on the Bandwidth Management equipment of local node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010106243403A CN102035750B (en) | 2010-12-31 | 2010-12-31 | Peer-to-peer (P2P) flow recognizing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010106243403A CN102035750B (en) | 2010-12-31 | 2010-12-31 | Peer-to-peer (P2P) flow recognizing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102035750A CN102035750A (en) | 2011-04-27 |
| CN102035750B true CN102035750B (en) | 2012-05-23 |
Family
ID=43888105
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010106243403A Expired - Fee Related CN102035750B (en) | 2010-12-31 | 2010-12-31 | Peer-to-peer (P2P) flow recognizing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102035750B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404396B (en) * | 2011-11-14 | 2014-04-02 | 北京星网锐捷网络技术有限公司 | Method, device and system for identifying peer-to-peer (P2P) flow and equipment |
| CN102904828B (en) * | 2012-10-26 | 2015-08-05 | 杭州迪普科技有限公司 | A kind of load-balancing method and device |
| CN104243225B (en) * | 2013-06-19 | 2017-08-08 | 北京思普崚技术有限公司 | A kind of method for recognizing flux based on deep-packet detection |
| CN103746768B (en) * | 2013-10-08 | 2017-06-23 | 北京神州绿盟信息安全科技股份有限公司 | A kind of recognition methods of packet and equipment |
| CN108848004A (en) * | 2018-08-03 | 2018-11-20 | 深圳市网心科技有限公司 | A kind of P2P flow rate testing methods, system and equipment and storage medium |
| CN111212137B (en) * | 2019-12-31 | 2023-01-17 | 奇安信科技集团股份有限公司 | Method and device for identifying point-to-point data transmission executed by firewall |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087298A (en) * | 2006-06-08 | 2007-12-12 | 中国电信股份有限公司 | A method for controlling P2P download bandwidth based on TCP/UDP uplink session number |
| CN101645803A (en) * | 2008-08-05 | 2010-02-10 | 中兴通讯股份有限公司 | P2P service identification method and Internet service identification system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8121133B2 (en) * | 2008-05-15 | 2012-02-21 | Cisco Technology, Inc. | Stream regulation in a peer to peer network |
-
2010
- 2010-12-31 CN CN2010106243403A patent/CN102035750B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101087298A (en) * | 2006-06-08 | 2007-12-12 | 中国电信股份有限公司 | A method for controlling P2P download bandwidth based on TCP/UDP uplink session number |
| CN101645803A (en) * | 2008-08-05 | 2010-02-10 | 中兴通讯股份有限公司 | P2P service identification method and Internet service identification system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102035750A (en) | 2011-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102035750B (en) | Peer-to-peer (P2P) flow recognizing method and device | |
| US9537887B2 (en) | Method and system for network connection chain traceback using network flow data | |
| US8040836B2 (en) | Local network coding for wireless networks | |
| US10033648B2 (en) | Multicast message forwarding method and device | |
| US7636305B1 (en) | Method and apparatus for monitoring network traffic | |
| US8817792B2 (en) | Data forwarding method, data processing method, system and relevant devices | |
| Hjelmvik et al. | Breaking and improving protocol obfuscation | |
| CN102143088B (en) | Method and equipment for forwarding data based on security socket layer (SSL) virtual private network (VPN) | |
| CN103181134B (en) | For sending and receive the method and apparatus of IPv6 packet | |
| CN103763194A (en) | Message forwarding method and device | |
| CN103873356A (en) | Household gateway based application identification method and system, and household gateway | |
| Kopiczko et al. | Stegtorrent: a steganographic method for the p2p file sharing service | |
| CN101309220A (en) | Flow control method and apparatus | |
| CN102118313B (en) | Method and device for detecting internet protocol (IP) address | |
| CN103457803A (en) | Device and method for recognizing P2P flow | |
| CN102480503B (en) | P2P (peer-to-peer) traffic identification method and P2P traffic identification device | |
| CN101127690A (en) | Identification method for next generation of network service traffic | |
| US20120307661A1 (en) | Usable bandwidth measurement method, usable bandwidth measurement system, terminal device, and computer-readable recording medium | |
| KR101715107B1 (en) | System and providing method for retroactive network inspection | |
| CN101102277B (en) | Recognition control method and system for service data and recognition control device | |
| CN103118083A (en) | Method and device of transmitting service messages | |
| JP2007228217A (en) | Traffic decision device, traffic decision method, and program therefor | |
| CN101895522A (en) | Host identity tag acquisition method and system | |
| EP2428008B1 (en) | Method for processing data streams in a communication network | |
| KR102174462B1 (en) | Method for network security and system performing the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120523 Termination date: 20191231 |