p2p File Sharing

Open network environments are naturally prone to abuse by users sharing files through Peer to Peer applications. This can be annoying when lots of bandwidth is used, and it can become a legal hassle if the files shared are copyrighted content such as music, movies, television shows, and software.

There are a number of P2P applications available, and they work hard to avoid detection and blockage. One behavior they all have in common is the need to connect to many other systems to participate and sustain the sharing network. This behavior, regardless of P2P application, can be easily picked up by searching for hosts in your network that connect to many other unique hosts:

We notice several systems that contacted over 1,000 unique other systems in the past 3 hours. Lets grab one and filter on 10.2.3.127. By adding an application view, we quickly notice a large number of different UDP ports used, indeed often indicative of a P2P application:

Keep in mind that other applications (Skype for example) may sometimes display similar traffic characteristics. Total traffic volumes are often much lower, and the number of unique hosts contacted will be smaller also for non file sharing applications.

Get Started

• Try FlowTraq
• Buy now

Learn More

• Schedule Call
• Watch video
• Read whitepaper

Free Flow Exporter

Export CISCO NetFlow datagrams to up to 16 flow collectors. Flow Exporter captures 100% of the data in an easy-to-deploy way.
Download Now »