search menu icon-carat-right cmu-wordmark


One major new and often not welcome source of Internet traffic is P2P file sharing traffic. Banning P2P usage is not always possible or enforceable, especially in a university environment. A more restrained approach allows P2P usage but limits the available bandwidth. This approach fails when users start to use non-default ports for the client software. The PeerTracker algorithm, presented in this paper, allows detection of running P2P clients from NetFlow data in near real-time. The algorithm is especially suitable to identify clients that generate large amounts of traffic. A prototype system based on the PeerTracker algorithm is currently used by the network operations staff at the Swiss Federal Institute of Technology Zurich. We present measurements done on a medium-sized Internet backbone and discuss accuracy issues, as well as possibilities and results from the validation of the detection algorithm by direct polling in real-time.

Part of a Collection

FloCon 2005 Collection

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.