Hello guys,
i would be happy to hear from you comments (if any) about a CAIDA paper
published last October which title is "Transport Layer Identification
of P2P Traffic" and the related URL is:
http://www.caida.org/outreach/papers/2004/p2p-layerid/
They argue that identifying the share lurked by P2P applications (many
of which allocate dynamic ports and leave chances to the end user to
customize the ones used to serve as control channel) into the traffic
stream, does not require anymore a kind of packet inspection. In fact,
their thesis (but the work seems to be still in a theorical stage) is
that analyzing (maybe correlating) packet/flows headers will suffice
even for a classification. Moreover, the interesting thing is that they
reason in terms of primitives like pmacct does.
Now, apart from some personal skepticism (but any novel approach fuel
people's thoughts) i was wondering whether - in your opinion - the
methodology illustrated in that paper (and precisely in the section
5.3) might be translated in a) a specific combination of 'aggregate'
primitives and b) some trivial SELECT queries over the produced dataset.
Cheers,
Paolo
