Gnutella is MP3’s latest weapon in the war over copyright infringement, and it’s directed squarely against the Recording Industry Association of America (RIAA). Napster, an earlier weapon, had a fatal flaw: It forced users to connect through a central server, which created a trail that RIAA could use to find out who downloaded all those copies of Metallica’s latest songs. Gnutella, on the other hand, implements server-free file exchanges within heterogeneous networks. Originally under development by AOL (until AOL management realized Gnutella’s legal implications and quashed the project), Gnutella bypasses the server completely. Unfortunately, Gnutella’s also a bandwidth hog and a security nightmare.

Introducing Gnutella
Nullsoft, the company that developed WinAmp (the most popular MP3 player for Windows), developed Gnutella. AOL, Nullsoft’s parent corporation, pulled the plug on Gnutella—but not before a beta version was released onto the Internet. Hackers quickly reverse-engineered the Gnutella protocol. Now, dozens of Gnutella clones exist. Thus, when I talk about Gnutella, I’m referring both to a specific Nullsoft program, which is no longer available, and to a general Gnutella protocol, which is available in the clones.

Since there’s no central server on the Gnutella network, no central site exists, either. Gnutella’s home on the Web is the closest thing to an “official” site. From this site, you can obtain all of the available Gnutella clients, and you can read the latest news about Gnutella.

Gnutella has no portal—hence AOL’s reaction to this rogue project. Instead, users create ephemeral, peer-to-peer networks among other cooperative users. Within these networks, users find, upload, and download different types of files, including MP3 music files. And that’s just what thousands of Gnutella users are doing—to RIAA’s dismay. Since Gnutella networks appear spontaneously and have no central tracking mechanism or portal, RIAA don’t have the ability to shut down Gnutella like they might shut down Napster. There’s no portal, no central distribution point, no central anything.

Setting aside Gnutella’s illegal uses, it becomes clear that Gnutella is a very creative software idea, an idea that has quite an interesting history. Gnutella represents the latest skirmish in an old battle between the proponents of network centralization and users who favor decentralized, peer-to-peer systems. Gnutella erases the distinction between a centralized server and a distributed client; everyone who runs Gnutella can potentially run both a server and a client. To make files available to other Gnutella users, you just identify the directory that will be made public to network users. Then, anyone who connects to the network can access and search that directory. Of course, that means that you can search the public directories of anyone who’s connected to the network. Furthermore, Gnutella is an inherently cross-platform protocol, and it’s cross-platform in a practical sense, too. Now, Gnutella clients are available for all three major platforms: Windows, Linux, and Macintosh.

Is it possible that this highly controversial tool will turn out to have practical applications? Consider the following scenario: You have a small, internal network that consists of Windows, Mac, and Linux boxes. Implementing cross-platform file exchange isn’t easy. Of course, you can always run an FTP server, but you’ll be stuck with a central distribution point and all of the associated inconveniences. With Gnutella, network users can create public directories, move shared documents to the directories, and create what amounts to a single, searchable directory space in which cross-platform file exchange is simple, easy, reliable, and convenient. To test the possibilities, I set up a Gnutella file-sharing system on my home network, in which Macs, Linux, and Windows boxes live together (and sometimes even work together). Read on to find out what I’ve learned.

The clients
Among Linux clients, the best of the lot right now is Gnubile, which is available in a variety of downloadable versions (including Red Hat RPMs and tarballs). Gnubile requires GTK+ (but not GNOME), and it’s a very impressive client. You can download a copy of Gnubile from here. Of the several Windows clients that I evaluated, Gnutella 0.56 seems the most stable. It’s distributed in a self-extracting archive, and you can obtain it here. The best Macintosh client is Furi. It’s a Java-based client, and it requires Apple’s Macintosh Java Runtime environment.

Using Gnutella
Once you’ve installed Gnutella on your network’s clients, you’ll need to configure each of the clients and make a local directory available publicly. Into this directory, place some document files that you’d like to exchange among the various machines on your network (such as Microsoft Word documents). Now, try launching two or more of your clients and try a cross-platform file exchange with Gnutella. To connect with another Gnutella client, type the client’s IP address, followed by a colon and the default Gnutella port (6346). Here’s an example:

When you’ve added this client’s IP address to your list of connections, you’ll see the number of files that are available for download. To download a file, you must search for it. With current versions of Gnutella, you can’t view all of the files in a user’s public directory; however, this feature probably will be included in future versions of Gnutella.

Searching for files with Gnutella
To search for files in the database of public directories, type a substring to match. For example, to search for all available Microsoft Word documents, type doc in the search box. You’ll see all of the available files that contain the specified search string. To download one or more of the files, select the files and click the Download button. By default, the downloaded files go to the default download directory, which is one of the Gnutella configuration options. To create more focused searches, you can type more than one search word. By default, Gnutella combines all of the words that you type with the AND operator. Thus, you’ll see only those documents that contain all of the search words that you typed. Gnutella doesn’t support wildcard searches.

Transparent, cross-platform file exchange
So, how does Gnutella work in a cross-platform network? Brilliantly! Without needing to set up Samba, NFS, or Netatalk, you can implement three-platform file sharing in a matter of minutes. Furthermore, Gnutella provides the only current method of implementing two-way file exchange between Mac and Windows clients without resorting to FTP or to pricey, commercial software. If you tried Netatalk, you probably noticed that your Mac users could access Linux directories but that they couldn’t exchange files with Windows users directly. Similarly, Linux users can’t access files on Macs unless you’re willing to run FTP servers all over the place or to resort to commercial software. On a cross-platform network, Gnutella fills in the gaps in the free-software file-exchange picture, and it does so with ease and transparency.

Since Gnutella is an Internet protocol, you might be able to extend file sharing beyond the confines of your LAN; theoretically, you could bring in users who work in branch offices, or you could contact traveling employees who are using notebooks in hotel rooms. Of course, you’d have to accept the risks that come with using Gnutella over Internet.

The drawbacks: Security, legality, and privacy
Just how safe is Gnutella? Let me be as clear as possible. If your LAN is connected to the Internet, it isn’t wise to run Gnutella. Your TCP port will be wide open. Although there’s no known exploit at the time of this writing, sooner or later somebody is going to figure out how to push one of the Gnutella clients into a buffer overflow. Then, the intruder will obtain access to all of your files (not just the ones that you’ve made public). This type of exploit has occurred with some of the Napster clones, so the danger is very real.

Of course, we must admit that almost everyone who uses Gnutella uses it for illegal purposes, such as exchanging copyrighted MP3s, pirated software, or pornography. If you install Gnutella on your systems and tell your users how to use the software for internal file exchange purposes, it’s only a matter of time before they realize what else is out there. Sure, there’s plenty of unethical stuff on the Web, too, but Web users are aware (let’s hope) that their actions on the Web can be traced very easily. Many Gnutella users believe that they can use Gnutella networks with anonymity, but they’re mistaken.

Gnutella may be decentralized, but it certainly isn’t private. When you download a file from somebody else’s Gnutella directory, you leave your IP address behind—as a number of unfortunate users have discovered already, to their dismay. recently published a Wall of Shame, which listed the IP addresses of Gnutella users who had attempted to access what appeared to be child pornography images from a secret Gnutella server. The site’s author, known only as The Cleaner, makes a good point: Gnutella is fine for data sharing, but anyone who attempts to access child pornography through GnutellaNet is going to be exposed eventually. It doesn’t take much imagination to envision future sting operations: Law enforcement agencies will run Gnutella servers in an effort to entrap would-be criminals. In short, Gnutella doesn’t give users any more privacy than other means of Internet file exchange do.

There’s a bandwidth problem, too. Gnutella’s search architecture is innovative, but it isn’t scalable—at least, not in its current form. As clients connect with each another, a Gnutella network forms. Eventually, thousands of clients will be able to pool their resources. As the network grows larger, searches take longer and longer to execute. Finally, searches will take so long that they’re hardly worth attempting. Various solutions to this problem have been proposed, but the solutions would be difficult to implement without some type of central server architecture. And of course, that’s just what Gnutella seeks to avoid.

You also ought to consider what might happen to your network bandwidth if some of your users ignored your advice and started exchanging MP3 files with their Internet buddies. Two or more Gnutella connections can bog down an Internet connection pretty quickly. A dozen of them could shut down your network—unless you’re blessed with a high-speed connection.

Gnutella is so genuinely innovative that it’s definitely worth a look. It’s clear that something like Gnutella would have distinct advantages for cross-platform file exchange among an organization’s computer users. What’s less clear is whether or not Gnutella could be used safely in an Internet-connected LAN. If your network is connected to the Internet only occasionally and your network is secured by a firewall and a dynamically assigned IP address, Gnutella might be an acceptable means of getting Mac, Windows, and Linux systems to exchange files with a minimum of effort on your part.

Bryan Pfaffenberger, a UNIX user since 1985, is a University of Virginia professor, an author, and a passionate advocate of Linux and open source software. A Linux Journal columnist, his recent Linux-related books include Linux Clearly Explained (Morgan-Kaufmann) and Mastering Gnome (Sybex; in press). His hobbies include messing around with his home LAN and sailing the southern Chesapeake Bay. He lives in Charlottesville, VA. If you’d like to contact Bryan, send him an e-mail.

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.