ENGINEERING
and TECHNOLOGY RESEARCH

With the development of P2P network application, file-sharing P2P application accounts for a huge network bandwidth. As the most popular downloading tool, thunder brings a heavy administrative burden to the network. In order to scientifically manage and plan the network, there is a must to effectively identify thunder traffic. A proprietary protocol is used in the interaction process of thunder application, and a part of communication data is encrypted. Currently, there is no systematic way to identify the thunder traffic. For the thunder network traffic, this paper proposes an online identification scheme based on the comentropy combined with load and host service, which mainly involves in analysis of thunder communication theory from various processes of thunder, including start-up, idle and download process, off-line analysis of data packet generated by the thunder, effective load of some plaintexts in thunder and extraction of domain name of thunder server. For the encrypted traffic that is unable to be identified, the destination IP detection technology can be used to analyze the relationship between the statistical characteristics of packet sniffer and known thunder data packet, and calculate the first 50 bytes of comentropy of the encrypted traffic, in order to implement online identification of thunder traffic. The experiment results indicate that, accurate identification of thunder traffic can be realized through the online identification method integrated with load and host.

thunder identification; traffic classification; protocol analysis