Wednesday, August 01, 2007

Ourmon: Detecting P2P Activities In LAN

One of the beautiful thing about ourmon is it does generate network errors graphs, and usually we know p2p uses non-privilege dynamic ports(>1024) for both file uploads and downloads, and when one of the host running p2p client stop running, other p2p clients in external networks(internet) will still probe to it hardly and that will generate noticeable burst, hence if you see lots of triggers on port unreachable flow, that maybe some kind of ongoing p2p traffics.

However ourmon monitor placement is important, I suggest it should be deployed between Local Area Networks and the Firewall that protecting the network.

Cheers ;]