![]() With this approach, an application or piece of equipment monitors traffic passing through the network and inspects the data payload of the packets according to some previously defined P2P application signatures. Protocol analysisÄespite the poor results found using simple port matching, an administrator has another choice: application layer protocol analysis. All these issues make port based analysis less effective. ![]() Also there is a trend for P2P applications begin to masquerade their function ports within well-known application ports such as port 80. Additionally, many newer P2P applications are more inclined to use random ports, thus making the ports unpredictable. Most P2P applications allow users to change the default port numbers by manually selecting whatever port(s) they like. Port matching is very simple in practice, but its limitations are obvious. Port based analysis is almost the only choice for network administrators who don't have special software or hardware (such as an IDS) to monitor traffic. ![]() If a match is found, it may indicate a P2P activity. To perform port based analysis, administrators just need to observe the network traffic and check whether there are connection records using these ports. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |