You could perhaps reverse DNS the destination IP and see if it either has no record or falls under an ISP domain. That won't be foolproof, but neither are the other approaches.
Perhaps it could be one factor in assigning a "p2p score" to each packet. Sum up and average the p2p scores of all packets coming out of a node and then you could have an overall p2p score for that node. It probably depends on your final goal. What are you trying to accomplish? -david On Sat, 15 Sep 2007 11:42 am, Steve Almasi wrote: > Hi, > now what are the more useful methods to identify the P2P traffic? > In addition to the methods based on the payload inspection (signatures > methods) and the heuristic methods (based on some general behavior of > P2P > traffic) there are some new approach to this issue? > > > regards, > Steve "tder" Almasi > > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
