Using UDP Packets to Detect P2P File Sharing

P2P file sharing is one of the major causes of network congestion. Because most of the P2P file sharing software do not bind to a specific port number, it is difficult to identify the P2P file sharing by using layer 3/4 header information. When using the layer 7 information to find out P2P file sharing, the most difficult thing is to capture all the packets in the network because of the large traffic volume. In this paper, the authors focus on the feature of eMule and BitTorrent protocol, and using the layer 3/4 information such as UDP packet count and packet size find out the suspected file sharing activities.