DOCSLIB.ORG

The Gnutella Protocol

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

The Gnutella Protocol Gayatri March 16, 2007 1 Abstract Peer to peer technology has certainly improved mechanisms of downloading files at a very high rate. Statistics and research show that as more number of peer to peer protocols developed, the number of nodes in the entire network increased. In this paper, we observe the structure and operation of Gnutella, a peer to peer protocol. The paper also focuses on some issues of this protocol and what improvements were further made to improve its scalability. We also have a look at some of the security issues of this protocol. Some statistics in the paper also reflect important changes that the protocol inflicted onto the entire net. 1 2 Introduction The Gnutella protocol is an open, decentralized group membership and search protocol, mainly used for file searching and sharing. The term Gnutella also designates the virtual network of Internet acces- sible hosts running Gnutella-speaking applications. Gnutella nodes, called servents by developers, perform tasks normally associated with both servers and clients. They provide client-side interfaces through which users can issue queries and view search results, accept queries from other servents, check for matches against their local data set, and respond with corresponding results. These nodes are also responsible for managing the background traffic that spreads the information used to maintain network integrity. Queries are not sent to a central site, but are instead distributed among the peers. Gnutella, the first of such systems, uses an unstructured overlay network in that the topology of the overlay network and placement of files within it is largely unconstrained. It floods each query across this overlay with a limited scope. Upon receiving a query, each peer sends a list of all content matching the query to the originating node. Because the load on each node grows linearly with the total number of queries, which in turn grows with system size, this approach is clearly not scalable. 2 3 Design goals of Gnutella Like most P2P file sharing applications, Gnutella was designed to meet the following goals: o Ability to operate in a dynamic environment. P2P applications operate in dynamic environments, where hosts may join or leave the network frequently. They must achieve flexibility in order to keep operating transparently despite a constantly changing set of resources. o Performance and Scalability. The P2P paradigm shows its full potential only on large-scale deploy- ments where the limits of the traditional client/server paradigm become ob- vious. Moreover, scalability is important as P2P applications exhibit what economists call the ”network effect” the value of a network to an individual user scales with the total number of participants. Ideally, when increas- ing the number of nodes, aggregate storage space and file availability should grow linearly, response time should remain constant, while search throughput should remain high or grow. o Reliability. External attacks should not cause significant data or performance loss. o Anonymity. Anonymity is valued as a means of protecting the privacy of people seeking or providing unpopular information. 3 4 Gnutella Protocol Description 4.1 Gnutella at a glance Gnutella’s distributed search protocol allows a set of peers, servents or clients, to perform filename searches over other clients without the need of an inter- mediate Index Server. The Gnutella network topology is a pure Ad-Hoc topology where Clients may join or leave the network at any time without affecting the rest of the topology in any sense. The Protocol hence, is designed in a highly fault- tolerant fashion with a quite big overhead of synchronization messages trav- elling through its network. All searches are performed over the Gnutella network while all file downloads are done offline. In this way every servent that needs to serve a file launches a mini HTTP 1.1 web server and commu- nicates with the interested servents with HTTP commands. The core of the protocol consists of a set of descriptors which are used for communication between servents and also sets rules for the inter-servents de- scriptors exchange. These descriptors are Ping, Pong, Query, Query Hit and Push. Ping messages are sent by a servent that needs to discover hosts that are currently active on the network. Pong messages on the other hand are responses to Ping requests every time a host wants to come in communication with the peer that requests to join the network (Figure 1, step 3). Although the protocol doesn’t set any bound on the amount of incoming or outcoming connections from a particular host, most Gnutella clients come with a default value for these parameters, usually 10, but which are adjustable by the user. A client joining the Gnutella network for the first time may of course not have any clue regarding the current topology or it’s neighbouring peers making the connection to the network impossible. For this reason most client vendors have setup Host-Caches Servers which serve clients with IP addresses of servents currently connected to the network (step 1). Another mechanism which is widely deployed, but is not part of the protocol, is the use of local caches of IP addresses from previous connections. In this way a servent doesn’t need to connect to an IP acquisition server (i.e. a host-cache) but can rather try to establish a connection with one of its past peers. Right after a peer has obtained a valid IP address and socket port of another servent it may perform several queries by sending Query descriptors and receive asynchronously results in Query Hit descriptors (step 4). Step 6 shows how a servent p1 may download a file from another servent p2. This procedure is done offline with the HTTP protocol. If the servent p2 is fire walled, then p1 may request from p2, with a Push descriptor (step 5), to ”push” the file. 4 4.2 Types of packets used for communication DESCRIPTOR HEADERS Once a servent successfully connects to the Gnutella network, it commu- nicates with other servents by sending a Gnutella protocol descriptor. PING Ping descriptors have no associated payload and are of zero length. A Ping is simply represented by a Descriptor Header whose PayloadDescriptorfieldis0x00. A servent uses Ping descriptors to actively probe the network for other servents. A servent receiving a Ping descriptor may elect to respond with a Pong descriptor, which contains the address of an active Gnutella servent (possibly the one sending the Pong descriptor) and the amount of data it’s sharing on the network. This specification makes no recommendations as to the frequency at which a servent should send Ping descriptors, although servent implementers should make every attempt to minimize Ping traffic on the network. PONG Pong descriptors are only sent in response to an incoming Ping descriptor. It is valid for more than one Pong descriptor to be sent in response to a single Ping descriptor. This enables host caches to send cached servent address information in response to a Ping request. QUERY The primary mechanism for searching the distributed network. A servent receiving a Query descriptor will respond with a Query Hit if a match is found against its local data set. QUERY HIT The response to a Query. This descriptor provides the recipient with enough information to acquire the data matching the corresponding Query PUSH Used when the servent containing the file is behind a firewall. A servent may send a Push descriptor if it receives a Query Hit descriptor from a servent that doesn’t support incoming connections. This might occur when the servent sending the Query Hit descriptor is behind a firewall. When a servent receives a Push descriptor, it may act upon the push request if and only if the Servent Identifier field contains the value of its servent identifier. The DescriptorId field in the Descriptor Header of the Push descriptor should not contain the same value as that of the associated Query Hit descriptor, but should contain a new value generated by the servent’s DescriptorId generation algorithm. 5 4.3 Descriptor Routing The peer-to-peer nature of the Gnutella network requires servents to route network traffic (queries, query replies, push requests, etc) appropriately. A well-behaved Gnutella servent will route protocol descriptors according to the following rules: 1. Ping Pong routing Pong descriptors may only be sent along the same path that carried the incoming Ping descriptor. This ensures that only those servents that routed the Ping descriptor will see the Pong descriptor in response. A servent that receives a Pong descriptor with Descriptor ID = n, but has not seen a Ping descriptor with Descriptor ID = n should remove the Pong descriptor from the network. 2. Query - Query hit- Push Routing Query Hit descriptors may only be sent along the same path that carried the incoming Query descriptor. This ensures that only those servents that routed the Query descriptor will see the Query Hit descriptor in response. A servent that receives a Query Hit descriptor with Descriptor ID = n, but has not seen a Query descriptor with Descriptor ID = n should remove the Query Hit descriptor from the network. Push descriptors may only be sent along the same path that carried the incoming Query Hit descriptor. This ensures that only those servents that routed the Query Hit descriptor will see the Push descriptor. A servent that receives a Push descriptor with ServentIdentifier = n, but has not seen a Query Hit descriptor with Servent Identifier = n should remove the Push de- scriptor from the network. Push descriptors are routed by ServentIdentifier, not by DescriptorId. 6 5 Mechanisms 5.1 Functioning mechanisms How does a servent join the Gnutella network? A Gnutella servent connects itself to the network by establishing a con- nection with another servent currently on the network.
Recommended publications
  • Diapositiva 1

    Diapositiva 1

    TRANSFERENCIA O DISTRIBUCIÓN DE ARCHIVOS ENTRE IGUALES (peer-to-peer) Características, Protocolos, Software, Luis Villalta Márquez Configuración Peer-to-peer Una red peer-to-peer, red de pares, red entre iguales, red entre pares o red punto a punto (P2P, por sus siglas en inglés) es una red de computadoras en la que todos o algunos aspectos funcionan sin clientes ni servidores fijos, sino una serie de nodos que se comportan como iguales entre sí. Es decir, actúan simultáneamente como clientes y servidores respecto a los demás nodos de la red. Las redes P2P permiten el intercambio directo de información, en cualquier formato, entre los ordenadores interconectados. Peer-to-peer Normalmente este tipo de redes se implementan como redes superpuestas construidas en la capa de aplicación de redes públicas como Internet. El hecho de que sirvan para compartir e intercambiar información de forma directa entre dos o más usuarios ha propiciado que parte de los usuarios lo utilicen para intercambiar archivos cuyo contenido está sujeto a las leyes de copyright, lo que ha generado una gran polémica entre defensores y detractores de estos sistemas. Las redes peer-to-peer aprovechan, administran y optimizan el uso del ancho de banda de los demás usuarios de la red por medio de la conectividad entre los mismos, y obtienen así más rendimiento en las conexiones y transferencias que con algunos métodos centralizados convencionales, donde una cantidad relativamente pequeña de servidores provee el total del ancho de banda y recursos compartidos para un servicio o aplicación. Peer-to-peer Dichas redes son útiles para diversos propósitos.
  • IFIP AICT 306, Pp

    IFIP AICT 306, Pp

    Chapter 13 A MODEL FOR FOXY PEER-TO-PEER NETWORK INVESTIGATIONS Ricci Ieong, Pierre Lai, Kam-Pui Chow, Frank Law, Michael Kwan and Kenneth Tse Abstract In recent years, peer-to-peer (P2P) applications have become the dom- inant form of Internet traffic. Foxy, a Chinese community focused file- sharing tool, is increasingly being used to disseminate private data and sensitive documents in Hong Kong. Unfortunately, its scattered design and a highly distributed network make it difficult to locate a file orig- inator. This paper proposes an investigative model for analyzing Foxy communications and identifying the first uploaders of files. The model is built on the results of several experiments, which reveal behavior patterns of the Foxy protocol that can be used to expose traces of file originators. Keywords: Peer-to-peer network forensics, Foxy network, Gnutella 2 protocol 1. Introduction Recent surveys report that P2P traffic is responsible for 41% to 90% of all Internet traffic [2, 4]. In 2007, two popular P2P file-sharing ap- plications, BitTorrent and eDonkey, contributed 50% to 70% and 5% to 50% of all P2P traffic, respectively [2]. The Foxy P2P file-sharing protocol is gaining popularity in traditional Chinese character markets such as Hong Kong and Taiwan – approximately 500,000 users are ac- tive on the Foxy network at any given time [14]. A Foxy client, which is available free-of-charge, provides a user-friendly traditional Chinese interface. It enables users to connect to the Foxy network without any special configuration and to download free music, movies and software with just a few keystrokes and mouse clicks.
  • Instructions for Using Your PC ǍʻĒˊ Ƽ͔ūś

    Instructions for Using Your PC ǍʻĒˊ Ƽ͔ūś

    Instructions for using your PC ǍʻĒˊ ƽ͔ūś Be careful with computer viruses !!! Be careful of sending ᡅĽ/ͼ͛ᩥਜ਼ƶ҉ɦϹ࿕ZPǎ Ǖễƅ͟¦ᰈ Make sure to install anti-virus software in your PC personal profile and ᡅƽញƼɦḳâ 5☦ՈǍʻPǎᡅ !!! information !!! It is very dangerous !!! ᫬ΚTẝ«ŵ┭ՈT Stop violation of copyright concerning illegal acts of ơųጛňƿՈ☢ͩ ⚷<ǕO਍ᜐ&« transmitting music and ₑᡅՈϔǒ]ᡅ others through the Don’t forget to backup ඡȭ]dzÑՈ Internet !!! important data !!! Ȥᩴ̣é If another person looks in at your E-mail, it’s a big ὲâΞȘᝯɣ׏r problem !!! Don’t install software in dz]ǣrPǎᡅ ]ᡅîPéḳâ╓ ͛ƽញ4̶ᾬϹ࿕ ۅTake care of keeping your some other PCs without ੥ˊΙǺ password !!! permission !!! ₐ Stop sending the followings !!! ؄ŌՈϹوInformation against public order and Somebody targets on your PC for Pǎ]ᡅǕễạǑ͘͝ࢭÛ ΞȘƅ¦Ƿń morals illegal access !!! Ոƅ͟ǻᢊ᫁᫨ĐՈ ࿕Ϭ⓶̗ʵ£࿁îƷljĈ Information about discrimination, Shut out those attacks with firewall untruth and bad reputation against a !!! Ǎʻ ᰻ǡT person ᤘἌ᭔ ᆘჍഀ ጠᅼૐᾑ ᭼᭨᭞ᮞęɪᬡ෉ᬡǰɟ ᆘȐೈ࿴ ᾑ૥ ጠᅼ3ظ ᤘἌ᭔ ǰɟᯓۀ᭞ᮞ᭿ᮐᮧ᭪᭑᭎ᮖ᭤ᬞᬢ ഄᅤ Έʡȩîᬡ͒ͮᬢـ ᅼܘᆘȐೈ ǸᆜሹظᤘἌ᭔࿴ ཬᴔ ᭼᭨᭞ᮞᬞᬢŽᬍ᭑᭎ᮖ᭤̛ɏ᭨ᮀ᭳ᭅ ரἨ᳜ᄌ࿘Π ؼ˨ഀ ୈ᡼ὼ$ ഄጵ↬3L ʍ୰ᬞᯓ ᄨῼ33 Ȋථᬚᬌᬻᯓ ഄ˽ ઁǢᬝຨϙଙͮـᅰჴڹެ ሤᆵͨ˜Ɍ ጵႸᾀ żᆘ᭔ ᬝᬜ᫞Ϊ̎UઁɃᬢ ࡶ୰ᬝ᭲ᮧ᭪ᬢ ᄨؼᾭᄨ ᾑ૥ ٕ࿩ᅨ ΰ̛ᬞ᭫ᮌᯓ ᭻᭮᭚᭍᭮ᮂᭅ ሬČ ཬȴ3 ᾘɤɟ3 Ƌᬿᬍᬞᯓ ᫾ᬿᬒᬼۏąഄᅼ Ѹᆠᅨ ᮌᮧᮖᭅ ⃸ᛴܠ ఼ ᆬð3 ᤘἌ᭔࿴ ƂŬᯓ ᭨ᮀ᭳᭑᭒᭍ᭅƖ̳ᬞ ĩᬡ᭼᭨᭞ᮞᬞٴ ரἨ᳜ᄌ࿘ ᭼᭤ᮚᮧ᭴ᬡɼǂᬢ ڹެ ᵌೈჰ˨ ˜ϐ ᛄሤ↬3 ᆜೈᯌ ϤᏤ ᬊᬖ᫾ᬽᬊᬻ᫹ᯓ ᭏ᮞ᭤᭳ᮧᮖᬊᬝ᫷ᬚ ሬČʀ ͌ǜ ąഄᅼ ΰ̛ᬞ ޅ᫾᫿᫵ᬝᬒᬡ᭼᭨᭞ᮞᭅ ᤘἌ᭔Π ͬϐʼ ᆬð3 ʏͦᬞɃᬌᬾȩî ēᬖᬙ᫷ᬾᯓ ܘˑˑᏬୀΠ ᄨؼὼ ሹ ߍɋᬞ᫵ᬒᬾȩî ᮀᭌ᭏᭍᭑᭔ᮧᮖwƫᬚފᴰᆘ࿘ჸ $±ᅠʀ =Ė ܘ૥Čٍᅨ ᙌۨ5ࡨٍὼ ሹ ഄϤᏤ ᤘἌ᭔ ኩ˰Π3 ᬢ͒ͮᬊᬝ᫷ᯓ ᭢ᮎ᭮᭳᭍᭑᭳ᬊᬻ᫹ᯓـ ʧʧ¥¥ᬚᬚP2PP2P᭨᭨ᮀᮀ᭳᭳᭑᭑᭒᭒᭍᭍ᬢᬢ DODO NOTNOT useuse P2PP2P softwaresoftware ̦̦ɪɪᬚᬚᬀᬀᬱᬱᬎᬎᭆᭆᯓᯓ inin campuscampus networknetwork !!!! Z ʧ¥᭸᭮᭳ᮚᮧ᭚ᬞ᫽ᬄᬾ੒ͮᬢȴƏΜˉ᭢᭤᭱ Z All communications in our campus network are ᬈᬿᬙ᫷ᬱᬌ᫟ʧ¥ᬚP2P᭨ᮀ always monitored automatically.
  • Mobile Peer Model a Mobile Peer-To-Peer Communication and Coordination Framework - with Focus on Scalability and Security

    Mobile Peer Model a Mobile Peer-To-Peer Communication and Coordination Framework - with Focus on Scalability and Security

    Die approbierte Originalversion dieser Diplom-/ Masterarbeit ist in der Hauptbibliothek der Tech- nischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Mobile Peer Model A mobile peer-to-peer communication and coordination framework - with focus on scalability and security DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering & Internet Computing eingereicht von Jörg Schoba, BSc Matrikelnummer 01026309 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Ao.Univ.Prof. Dipl.-Ing. Dr.techn. Eva Kühn Mitwirkung: Projektass. Dipl.-Ing. Stefan Craß Wien, 10. Oktober 2017 Jörg Schoba Eva Kühn Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Mobile Peer Model A mobile peer-to-peer communication and coordination framework - with focus on scalability and security DIPLOMA THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering & Internet Computing by Jörg Schoba, BSc Registration Number 01026309 to the Faculty of Informatics at the TU Wien Advisor: Ao.Univ.Prof. Dipl.-Ing. Dr.techn. Eva Kühn Assistance: Projektass. Dipl.-Ing. Stefan Craß Vienna, 10th October, 2017 Jörg Schoba Eva Kühn Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Erklärung zur Verfassung der Arbeit Jörg Schoba, BSc Donaufelderstraße 8/1/12 1210 Wien Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die verwen- deten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit – einschließlich Tabellen, Karten und Abbildungen –, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe.
  • Copyright, an Incentive Or a Burden?

    Copyright, an Incentive Or a Burden?

    Copyright, an Incentive or a Burden? Wolfgang Bein University of Nevada Las Vegas, USA, [email protected] Abstract A copyright provides protection for original artistic or literary work and is valid for the life of the owner plus 70 years. There is a growing tension between creative practices that require access to content that is often copyrighted, and increasingly restrictive intellectual property laws and policies governing access to copyrighted content. Very recently this has played out in the law suit between the media corporation Viacom and the Internet portal YouTube, which is owned by Google. This is against the background of a steadily emerging open source and creative commons culture. Milestones in the open source movement are the OpenOffice office suite, Netscape’s publication of the source code for its product as open software, Google’s library project, various free archives for scientific dissemination, such as Cornell University’s ArXiv. I. INTRODUCTION The gap between the cost of digital media and storage, and a copyrighted digital item (a CD or DVD) continually increases, as Internet is readily available, and the price of digitally duplicating anything capable of being transmitted via digital media dropped to near zero [1]. The use of a copyrighted material is less restrictive than other intellectual properties (patents, trademarks, service marks), even though the copyrighted material cannot be photocopied, scanned or copied in any way. But portions of it can be used for non-commercial purposes. The First Sale Doctrine (Copyright Act, 1976) does allow you to resell or give away the copy of the copyrighted item you bought.
  • Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM)

    Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM)

    Chair of Network Architectures and Services Department of Informatics Technical University of Munich Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM) Summer Semester 2018 26. 2. 2017 – 19. 8. 2018 Munich, Germany Editors Georg Carle, Daniel Raumer, Stephan Gunther,¨ Benedikt Jaeger Publisher Chair of Network Architectures and Services Network Architectures and Services NET 2018-11-1 Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München Proceedings zu den Seminaren Future Internet (FI) und Innovative Internet-Technologien und Mobilkommunikation (IITM) Sommersemester 2018 München, 26. 2. 2017 – 19. 8. 2018 Editoren: Georg Carle, Daniel Raumer, Stephan Günther, Benedikt Jaeger Network Architectures and Services NET 2018-11-1 Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communication (IITM) Summer Semester 2018 Editors: Georg Carle Lehrstuhl für Netzarchitekturen und Netzdienste (I8) Technische Universität München 85748 Garching b. München, Germany E-mail: [email protected] Internet: https://net.in.tum.de/~carle/ Daniel Raumer Lehrstuhl für Netzarchitekturen und Netzdienste (I8) E-mail: [email protected] Internet: https://net.in.tum.de/~raumer/ Stephan Günther Lehrstuhl für Netzarchitekturen und Netzdienste (I8) E-mail: [email protected] Internet: https://net.in.tum.de/~guenther/ Benedikt Jaeger Lehrstuhl für Netzarchitekturen und Netzdienste (I8) E-mail: [email protected] Internet: https://net.in.tum.de/~jaeger/ Cataloging-in-Publication Data Seminars FI & IITM SS 18 Proceedings zu den Seminaren „Future Internet“ (FI) und „Innovative Internet-Technologien und Mobilkom- munikation“ (IITM) München, Germany, 26. 2. 2017 – 19. 8.
  • Gnutella Protocol

    Gnutella Protocol

    A BRIEF INTRODUCTION AND ANALYSIS OF THE GNUTELLA PROTOCOL By Gayatri Tribhuvan University of Freiburg Masters in Applied Computer Science [email protected] ABSTRACT Peer to peer technology has certainly improved mechanisms of downloading files at a very high rate. Statistics and research show that as more number of peer to peer protocols developed, the number of nodes in the entire network increased. In this paper, we observe the structure and operation of Gnutella , a peer to peer protocol. The paper also focuses on some issues of this protocol and what improvements were further made to improve its scalability. We also have a look at some of the security issues of this protocol. Some statistics in the paper also reflect important changes that the protocol inflicted onto the entire network. PDF Created with deskPDF PDF Writer - Trial :: http://www.docudesk.com 1. INTRODUCTION Gnutella is a p2p protocol. This paper has tried to address some of the issues that have been faced by users of Gnutella, including that of scalability (increasing the scale of operation, i.e. the volume of operation with progressively larger number of users) and security. The Gnutella protocol is an open, decentralized group membership and search protocol, mainly used for file searching and sharing. Group membership is open and search protocol addresses searching and sharing of files. The term Gnutella represents the entire group of computers which have Gnutella speaking applications loaded in them forming a virtual network. Each node can function as both client as well as server. Thus they can issue queries to other nodes as well accept and respond to queries from other nodes, after matching the queries with the contents loaded in their own hard disks.
  • Evidence Collection for Forensic Investigation in Peer to Peer Systems Sai Giri Teja Myneedu Iowa State University

    Evidence Collection for Forensic Investigation in Peer to Peer Systems Sai Giri Teja Myneedu Iowa State University

    Iowa State University Capstones, Theses and Graduate Theses and Dissertations Dissertations 2011 Evidence Collection for Forensic Investigation in Peer to Peer Systems Sai Giri Teja Myneedu Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/etd Part of the Computer Sciences Commons Recommended Citation Myneedu, Sai Giri Teja, "Evidence Collection for Forensic Investigation in Peer to Peer Systems" (2011). Graduate Theses and Dissertations. 10314. https://lib.dr.iastate.edu/etd/10314 This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Evidence Collection For Forensic Investigation In Peer to Peer Systems by Sai Giri Teja Myneedu A thesis submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Information Assurance, Computer Engineering Program of Study Committee: Yong Guan, Major Professor Manimaran Govindarasu Thomas E. Daniels Iowa State University Ames, Iowa 2011 Copyright c Sai Giri Teja Myneedu, 2011. All rights reserved. ii Table of Contents List Of Tables . v List Of Figures . vi Acknowledgements . vii Abstract . viii 1 Introduction . 1 1.1 Motivation . .1 1.2 Proposed Method . .3 1.3 Thesis Organization . .4 2 Background . 5 2.1 P2P Systems Overview . .5 2.2 Classification of P2P Networks . .5 2.2.1 Centralized Networks . .6 2.2.2 Completely Decentralized Networks .
  • Unstructured / Structured Unstructured / Structured

    Unstructured / Structured Unstructured / Structured

    Chair for Network Architectures and Services Overview Department of Informatics TU München – Prof. Carle 1.2a) Basics „Unstructured“ / „Structured“ Peer-to-Peer Systems Early unstructured Peer-to-Peer networks and Security Napster IN2194 Gnutella Theory Chapter 1 Random Graphs Peer-to-Peer Systems Small World Theory 1.2a Unstructured Systems Scale-Free Graphs Dipl.-Inform. Heiko Niedermayer Christian Grothoff, PhD Prof. Dr.-Ing. Georg Carle NetworkPeer-to-Peer Security, Systems WS and2008/09, SecurSecSecurity,urity, Chapterity, SSSummer 2007,2009,9 2010,Chapter Chapter 01 1 2 Unstructured / Structured Unstructured / Structured Unstructured Network Does not self-organize into a predefined structure. Graph is created by random node interactions. Examples for structures Unstructured / Structured Full Mesh / Clique All nodes are connected with each other. n nodes Î degree = n-1 Diameter = 1 Ring Nodes organized in a ring Degree = 2 n nodes Î diameter = n/2 NetworkPeer-to-Peer Security, Systems WS and2008/09, SecurSecSecurity,urity, Chapterity, SummerSS 2007,2009,9 2010,Chapter Chapter 01 1 3 NetworkPeer-to-Peer Security, Systems WS and2008/09, SecurSecSecurity,urity, Chapterity, SSSummer 2007,2009,9 2010,Chapter Chapter 01 1 4 Unstructured networks Early Unstructured P2P Systems Properties No structure has to be created and maintained whenever something changes in the network. Join • Completed once the node is registered at one other node (except for the need of this node to get to know more nodes….) Leave • No need to rework, but to locally remove the link Early Unstructured P2P Unless destination is known, there is no way to know where it is but to search all over the network.
  • Evidence Collection in Peer-To-Peer Network Investigations Teja Myneedu, Yong Guan

    Evidence Collection in Peer-To-Peer Network Investigations Teja Myneedu, Yong Guan

    Evidence Collection in Peer-to-Peer Network Investigations Teja Myneedu, Yong Guan To cite this version: Teja Myneedu, Yong Guan. Evidence Collection in Peer-to-Peer Network Investigations. 8th In- ternational Conference on Digital Forensics (DF), Jan 2012, Pretoria, South Africa. pp.215-230, 10.1007/978-3-642-33962-2_15. hal-01523704 HAL Id: hal-01523704 https://hal.inria.fr/hal-01523704 Submitted on 16 May 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Distributed under a Creative Commons Attribution| 4.0 International License Chapter 15 EVIDENCE COLLECTION IN PEER-TO-PEER NETWORK INVESTIGATIONS Teja Myneedu and Yong Guan Abstract Peer-to-peer (P2P) file sharing networks are often abused to distribute content that is prohibited by law. Strong evidence of suspicion must be provided to obtain a court order to identify the location of an offender. However, initial evidence collection from a P2P network is a challenge due to the lack of a central point of control and the dynamic nature of the network. This paper describes an initial evidence collection tool for P2P network forensics. The tool performs active and passive monitor- ing by inserting a modified peer node in a P2P network that records relevant information about nodes that distribute contraband files.
  • Gnutella and Freenet

    Gnutella and Freenet

    Unstructured Routing : Gnutella and Freenet Presented By Matthew, Nicolai, Paul www.itu.dk 1 Presentation Overview • Gnutella 1. What Gnutella is 2. How it works 3. Its positives and negatives • Freenet 1. Motivation and Philosophy 2. Architecture and use 3. Performance, Strengths and Weaknesses www.itu.dk 2 What is Gnutella? • Gnutella is a protocol for distributed search • Each node in a Gnutella network acts as both a client and server • Peer to Peer, decentralized model for file sharing • Any type of file can be shared • Nodes are called “Servents” www.itu.dk 3 What do Servents do? • Servents “know” about other Servents • Act as interfaces through which users can issue queries and view search results • Communicate with other Servents by sending “descriptors” www.itu.dk 4 Descriptors • Each descriptor consists of a header and a body. • The header includes (among other things) – A descriptor ID number – A Time-To-Live number • The body includes: – Port information – IP addresses – Query information – Etc… depending on the descriptor www.itu.dk 5 Gnutella Descriptors • Ping: Used to discover hosts on the network. • Pong: Response to a Ping • Query: Search the network for data • QueryHit: Response to a Query. Provides information used to download the file • Push: Special descriptor used for sharing with a firewalled servent www.itu.dk 6 Routing • Node forwards Ping and Query descriptors to all nodes connected to it • Except: – If descriptor’s TTL is decremented to 0 – Descriptor has already been received before • Loop detection is done by storing Descriptor ID’s • Pong and QueryHit descriptors retrace the exact path of their respective Ping and Query descriptors www.itu.dk 7 Routing2 C QueryHit B Query A Query D Note: Ping works essentially the same way, except that a Pong is sent as the response www.itu.dk 8 Joining a Gnutella Network • Servent connects to the network using TCP/IP connection to another servent.
  • Resource Discovery Mechanisms in Grid Systems: a Survey

    Resource Discovery Mechanisms in Grid Systems: a Survey

    See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/261327710 Resource discovery mechanisms in grid systems: A survey Article in Journal of Network and Computer Applications · May 2014 Impact Factor: 2.23 · DOI: 10.1016/j.jnca.2013.09.013 CITATIONS READS 15 254 4 authors: Nima Jafari Navimipour Amir Masoud Rahmani Islamic Azad University Tabriz Branch Islamic Azad University Tehran Science and… 22 PUBLICATIONS 111 CITATIONS 199 PUBLICATIONS 648 CITATIONS SEE PROFILE SEE PROFILE Ahmad Habibizad Navin Mehdi Hosseinzadeh Islamic Azad University Islamic Azad University 48 PUBLICATIONS 197 CITATIONS 31 PUBLICATIONS 102 CITATIONS SEE PROFILE SEE PROFILE All in-text references underlined in blue are linked to publications on ResearchGate, Available from: Nima Jafari Navimipour letting you access and read them immediately. Retrieved on: 30 May 2016 Journal of Network and Computer Applications 41 (2014) 389–410 Contents lists available at ScienceDirect Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca Review Resource discovery mechanisms in grid systems: A survey Nima Jafari Navimipour b, Amir Masoud Rahmani a, Ahmad Habibizad Navin b,n, Mehdi Hosseinzadeh a a Department of Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran b Department of Computer Engineering, East Azarbaijan Science and Research Branch, Islamic Azad University, Tabriz, Iran article info abstract Article history: Grid computing systems provide a vast amount of computing resources from multiple administrative Received 12 April 2013 domains to reach a main objective. One of the most important challenges in these systems is to discover Received in revised form appropriate resource in networks.