SlideShare ist ein Scribd-Unternehmen logo

Project_report_BitTorrent

S
Srikanth Vanama
1 von 30
A  study  of  Bit-­‐Torrent  Characteristics   Project  Report   Srikanth  Vanama   svanama@clemson.edu   Introduction   Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. A network analyzer decodes the data packets of common protocols and displays the network traffic in readable format. A network analyzer can be a standalone hardware device with specialized software, or software that is installed on a desktop or laptop computer. The differences between network analyzers depend on features such as the number of supported protocols it can decode, the user interface, and its graphing and statistical capabilities. Packet analysis, often referred to as packet sniffing or protocol analysis, describes the process of capturing and interpreting live data as it flows across a network in order to better understand what is happening on that network. A packet sniffer, a tool used to capture raw network data going across the wire, typically performs packet analysis. Packet analysis can help us understand network characteristics, learn who is on a network, determine who or what is utilizing available bandwidth and identify peak network usage times.   For  the  project  we  captured  Packet  traces  of  few  Bit-­‐Torrent  files,  each  from  a   different  scenario  and  analyze  their  characteristics  by  plotting  different  graphs  and   studying  them.   Background.   BitTorrent BitTorrent   is   a   p2p   protocol   for   content   replication   and   distribution   designed   to   quickly,   efficiently   and   fairly   replicate   data.   It   enables   an   efficient   and   faster   distribution   of   large   files   by   leveraging   the   upload   bandwidth   of   the   downloading   peers.  This  allowed  BitTorrent  to  use  bandwidth  between  peers  which  is  known  as   perpendicular  bandwidth.  The  basic  idea  is  that  files  are  split  up  into  chunks  and  the   downloaders   of   the   file   exchange   content   either   by   uploading   or   by   downloading   them.  It  works  on  the  tit-­‐for-­‐tat  (TFT)  basis  of  exchanging  file  contents.  The  chunks   of  file  are  downloaded  in  an  unordered  fashion  from  the  source,  which  enables  the   peers   to   maximize   the   use   of   peer   connection   to   other   downloaders   to   obtain   file   pieces,  which  they  do  not  possess.  This  protocol  makes  use  of  the  technique  named   “swarming”  i.e.,  which  explains  that  peers  are  allowed  to  download  pieces  of  a  file   from   several   peers   simultaneously.   This   results   in   a   great   advantage   of   efficient   network  utilization.  Based  on  the  per–resource  availability,  the  size  of  the  pieces  is   fixed.     Each   participating   peer   can   maximize   its   download   rate   by   exchanging  
content  with  suitable  peers  and  peers  with  high  upload  rates  will  be  able  to  obtain   high  download  rates.     A   peer   interested   in   downloading   some   content   by   using   BitTorrent   must   first   obtain   a   set   of   metadata,   called   .torrent   file.   A   .torrent   file   is   an   encoded   file   that   contains  information  about  the  file  pieces  that  makes  up  the  original  file.   Users  who  wish  to  share  file(s)  in  the  BitTorrent  network  are  required  to  create  a.   torrent  file  and  then  upload  it  to  to  a    torrent  server  which  enables  other  peers  to   obtain   the   .torrent   file.   Generally,   a   moderator   system   is   used   to   the   check   the   file   integrity  and  remove  out  the  fake  contents  from  the  file.  [9]                                  Fig  2.  Torrent  Server  in  BitTorrent  networks.  [10]       To  find  a  torrent  file,  users  can  have  access  to  many  websites  found  in  the  Internet.   Some   of   the   example   websites   where   torrent   files   can   be   found   are   www.thepiratebay.org,  www.torrentz.com,  www.mininova.org;  a  torrent  file  can  be   downloaded  from  any  of  the  websites  a  user  is  interested  in.         The  basic  structure  of  a  torrent  file  can  be  represented  as  :      
  Fig.  3.  The  structure  of  a  torrent  file  [10]   The   metadata   required   to   join   a   BitTorrent   network   consists   of   the   address   information   of   the   network,   announce   URL   of   the   tracker   and   information   of   the   file   size   and   piece   size.   It   also   incorporates   hash   values   [SHA-­‐1],   used   to   test   the   correctness  of  reception  of  a  file  piece.    A  peer,  who  downloads  a  .torrent  file,  will  be   able  to  join  a  pool  of  peers  who  are  involved  in  the  distribution  of  specific  content.       A  BitTorrent  distribution  swarm  can  be  partitioned  into  three  network  entities  and   two  protocols  [9].     • Tracker   • Set  of  active  peers  –  seeders  and  lechers   • Server   These  3  entities  are  discussed  separately  later  in  the  following  sections.         Terminology  used  in  BitTorrent  networks:     Seed  (seeder):    A  peer  who  owns  a  complete  copy  of  the  file  and  offers  it  for  seeding   (uploading).   Leech   (Leecher):   A   peer   who   has   a   partial   copy   of   the   file   and   communicates   with   other  peers  to  download  the  file  chunks.     Swarm:  the  pool  of  all  peers  downloading  a  file  or  resource.     Choke:   a   preventive   mechanism,   which   makes   a   client   to   stop   downloading   a   file   from  other  peers.     Share  ratio  (availability):  ratio  of  number  of  peers  with  complete  copies  of  the  file  to   the  total  no.  of  peers  in  the  swarm.  It  is  defined  as  a  percentage  ratio.     In   the   BitTorrent   network,   initially,   a   peer   who   wants   to   download   a   file   gets   connected   to   the   tracker   of   the   file,   which   keeps   track   of   all   the   downloaders   and   seeds  of  the  corresponding  file  in  the  system  maintained  in  a  global  registry.       The  tracker,  accepts  the  requests  and  then  replies  back  to  the  peer  with  a  random   list   of   peers   (both   seeders   and   leechers)   that   have   the   file.   The   information   the   tracker   replies   back   consists   of   other   peer   addresses   and   ports   as   well   as   records   simple  statistics  about  the  evolution  of  the  swarm.[9]  the  downloader  then  attempts   to  establish  a  connection  to  these  other  peers,  which  then  becomes  its  neighbors.  It   then   finds   out   what   pieces   each   of   its   neighbors   possess.     Each   peer   attempts   to   download   blocks   from   and   upload   blocks   to   its   corresponding   neighbors   to   which   it  
is  connected.  A  node  at  this  point  of  time  has  various  choices  of  several  blocks  that  it   could   choose   to   download   from.   To   employ   this,   it   uses   a   local   rarest   first   policy     (LRF)   in   selecting   which   block   to   download.   It   then   tries   to   download   a   block   which   is   least   replicated   among   its   neighbors.   The   objective   is   to   maximize   the   diversity   of   content  in  the  system,  which  thus  prevents  the  system  from  hanging  up  due  to  the   “rare”  blocks  that  are  difficult  to  find.      This  ensures  a  uniform  distribution  of  pieces   among  peers  and  protocols.  An  exception  to  the  local  rarest  first  policy  occurs  when   a  new  node  enters  the  system  that  has  not  downloaded  any  blocks  yet.  It  chooses  a   random  block  and  starts  downloading  the  file.  From  that  point  on,  it  then  switches   and  adopts  the  local  rarest  policy.  [5]   A  tit-­‐for-­‐tat  (TFT)  policy  is  implemented  to  prevent  free  -­‐  riding,  which  is  defined  as;   a  node  uploads  only  to  its  neighbors,  which  offer  it  the  highest  download  rates.  Thus   each  node  should  upload  at  a  good  rate  to  its  corresponding  neighbors.    To  avoid  all   these   complexities,   each   node   is   limited   to   upload   only   to   5   no.   of   peers   that   have   the  highest  download  rates  even  thought  it  may  have  received  requests  from  more   than   5   peers   (downloaders).   .     Even   in   the   case   of   seeds,   the   similar   policy   is   adopted.   Choking,  is  a  mechanism  to  limit  the  number  of  parallel  uploads,  which  is  defined  as   the   temporary   refusal   of   a   node   to   upload   to   a   neighbor.   A   node   for   every   10   sec,   tries   to   find   out   whether   a   currently   unchoked   neighbor   should   be   choked   or   not   and  replace  with  a  neighboring  peer  which  offers  the  highest  download  rate.       To   implement   this   in   a   correct   manner,   i.e.   BitTorrent   uses   a   new   mechanism   called   the  optimistic  unchoking,  which  is  attempted  every  30  sec,  allows  a  peer  to  upload   to  the  peers  which  offers  the  highest  download  rates  and  drop  out  the  peer  with  the   least  download  rate.     Connections   between   peers   single   TCP   sessions,   carrying   both   data   and   signaling   traffic  [9]  .  Once  a  connection  is  established  between  peers,  the  peer,  which  initiates   the   connection,   sends   a   handshake   message,   which   contains   the   peer,   id   and   info   field  hash.     Figure  4.  BitTorrent  Handshake  procedure  
  If   the   initiated   peer   gets   a   reply   back   with   the   information   requested   earlier,   the   BitTorrent   session   is   considered   to   be   open   and   the   peers   start   exchanging   messages   across   the   TCP   streams.   [9].   Otherwise,   the   TCP   connection   gets   closed.   Next,  each  peer  exchanges  about  the  information  about  the  resources  it  possesses.   This  is  implemented  only  once,  i.e.,  after  the  handshake  message.  The  information  is   sent  in  a  bit  field  message,  consisting  of  a  stream  of  bits,  with  each  bit  corresponding   to  a  piece  index  [9].   Wireshark   Introduction:     Wireshark   is   a   free   packet   sniffer   computer   application.   It   is   used   for   network   troubleshooting,   analysis,   software   and   communications   protocol   development,   and   education.     Wireshark   provides   insight   into   what   is   occurring   on   a   network,   which   is   useful   When   implementing   protocols,   debugging   network   applications,   testing   networks,   and  debugging  live  networks.  In  situations  involving  interaction  with  a  network  at  a     technical  level,  most  problems  can  be  resolved  using  Wireshark.       The   functionality   Wireshark   provides   is   very   similar   to   tcpdump,   but   it   has   a   graphical   front-­‐end,   and   many   more   information   sorting   and   filtering   options.   It   allows   the   user   to   see   all   traffic   being   passed   over   the   network   by   putting   the   network  interface  into  promiscuous  mode.     Wireshark   is   a   cross-­‐platform   application   running   on   various   computer   operating   systems  including  Mac  OS  X,  Linux  and  Microsoft  Windows.     Characteristics  of  Wireshark:       Wireshark   is   software   that   "understands"   the   structure   of   different   networking   protocols.  Thus,  it  is  able  to  display  the  encapsulation  and  the  fields  along  with  their   meanings   of   different   packets   specified   by   different   networking   protocols.   Wireshark   uses   pcap   to   capture   packets,   so   it   can   only   capture   the   packets   on   the   networks  supported  by  pcap.     • Data  can  be  captured  "from  the  wire"  from  a  live  network  connection  or  read   from  a  file  that  records  the  already-­‐captured  packets.  
• Live  data  can  be  read  from  a  number  of  types  of  network,  including  Ethernet,   IEEE  802.11,  PPP,  and  loopback.   • Captured   network   data   can   be   browsed   via   a   GUI,   or   via   the   terminal   (command  line)  version  of  the  utility,  tshark.   • Captured   files   can   be   programmatically   edited   or   converted   via   command-­‐line   switches  to  the  "editcap"  program.   • Display   filters   can   also   be   used   to   selectively   highlight   and   color   packet                     summary  information.   • Data  display  can  be  refined  using  a  display  filter.   • Hundreds  of  protocols  can  be  understood  and  can  be  analyzed.     Capturing  Live  Network  data   In  order  to  get  packet  data  into  Wireshark,  we  perform  the  packet  capture,  either  a   live  capture  or  we  open  a  existing  trace  file.     The  procedure  is  as  follows:       Open  WireShark.       1.  From  the  main  drop-­‐down  menu,  select  “Capture”  menu  and  then  Interfaces.  You   should  see  a  dialog  listing  the  various  interfaces  that  can  be  used  to  Capture  packets,   along   with   their   IP   addresses.   Choose   the   interface   you   Wish   to   use,   and   click   Capture  (figure  1)                
      fig.  1    capture  interface  window       2.  Your  packet  capture  should  begin  and  Wireshark  should  show  the  active  packet   capture  window.  This  window  displays  a  brief  summary  of  the  type  of  traffic  being   captured,  as  well  as  the  duration  of  the  current  capture     3.  when  you  are  ready  to  stop  the  capture  and  view  your  data,  click  Stop.  Once  you   have   completed   these   steps   and   finished   the   capture   process,   the   WireShark   main   window  will  display  all  the  captured  data.         The  main  components  of  the  Wireshark  Graphical  User  Interface  (GUI)  are  :       • Main  window     Wireshark's   main   window   consists   of   parts   that   are   commonly   known   from   many   other   GUI   programs   such   as   menu,   main   toolbar,   filter   toolbar,   packet   list   pane,   packet  details  pane.     • Menu  bar     Menu   bar   consists   the   following   drop-­‐down   menus   :   File,   Edit,   View,   Go,   Capture,   Analyze,  Statistics  ,  Tools  and  Help.        
  • Tool  bar     Contains   buttons   for   some   commonly   used   functions   of   Wireshark.   The   Tool   Bar   icons   have   tool   tips   that   are   displayed   when   you   place     the   mouse   pointer   over   them.     • Summary  window     Provides  a  one-­‐line  summary  for  each  packet  in  the  capture.  One  or  more  columns  of   summary  data  are  displayed  for  each  packet.  The  columns  can  be  No.,  Time,  Sourcr,   Destination,  Protocol,  Info.       • Filter  Bar   Applies  filters  to  the  Summary  window  to  restrict  which  packets  in  the  capture  are   displayed,  based  on  their  attributes.  The  example  filters  can  be  Tcp,  Udp,  Bittorret   etc.           • Protocol  Tree  window     Provides  a  detailed  decode  of  the  packet  selected  in  the  Summary  window.        
  • Data  View  window     Provides  a  view  of  the  raw  data  in  the  packet  selected  in  the  Summary  window.  This   window   contains   a   series   of   rows   that   each   begin   with   a   four-­‐digit   number   that   represents  the  number  of  bytes  in  an  octet.         • Information  field     The  Information  field  displays  the  name  of  the  capture  file,  or  information  about     the  protocol  field  selected  in  the  Protocol  Tree  window.     • Display  information     The  Display  Information  field  displays  the  number  of  packets  displayed  in  or  filtered     from  the  Summary  window  .  P  indicates  the  number  of  total  packets,  D  indicates  the     total  displayed  packets  and  M  indicates  the  total  marked  packets.       Motivations  and  Objectives:   With   the   ever-­‐increasing   popularity   of   Bit-­‐Torrent,   We   wanted   to   analyze   what   was   it   behind   the   most   popular   p2p   protocol,   which   made   it   tick.     While   writing   the   research   paper,   we   learnt   a   great   deal   about   how   the   torrent   file   system   actually   works.   We   study   different   characteristics,   based   on   the   kind   of   BitTorrent   trace   chosen.  The  differences  come  to  light  during  the  analysis  phase  of  the  project.     Therefore,   for   this   project   we   took   thr       ee   traces.   Two   of   them   from   the   home   network  and  one  of  them  in  the  Clemson  University  Wireless  Network.  Also,  all  the   three  torrent  files  are  completely  different  in  terms  of  their  popularity,  size  ,etc.    We   would  talk  about  this  in  depth  during  the  analysis  phase.   Methodology     To   start   with,   we   have   used   a   popular   BitTorrent   client   “Vuze”   to   download   the   torrent   files.   We   chose   Vuze   because   of   its   multimedia   download   client.   We   have   downloaded  3  different  torrents  in  total.  Out  of  which,  2  of  them  were  downloaded   on   the   home   network   and   the   other   being   on   the   college   network.   We   tried   to   focus  
on   these   3   different   torrent   files,   which   were   downloaded   at   varying   speeds,   and   study  the  characteristics  of  each  of  the  files   Out   of   the   2   torrents   downloaded   on   the   home   network,   one   was   a   sponsored   file   from   vuze,   with   very   high-­‐speed   download   rate.   The   other   one   is   a   torrent   file   named   “linux   distribution”   downloaded   from   a   popular   website   which   hosts   torrent   files.  This  torrent  file  was  downloaded  at  considerable  high  speed.     The   3rd   torrent   file,   which   was   downloaded   from   the   college   network,   was   downloaded  at  very  low-­‐speed  at  very  slow  download  rate.           To   capture   the   network   traffic   on   our   systems,   we   have   used   a   popular   network   sniffer-­‐tool  named  WireShark  to  trace  out  all  the  tcpdump  files  and  to  analyze  the   characteristics  of  different  torrent  files  by  generating  various  graphs.         Analysis:   We  have  taken  the  tcpdump  of  three  different  kinds  of  torrent  files.  One  of  them  was   an  Internet  based  electronics  show,  from  a  torrent  client  called  Vuze.  We  chose  this   because   of   the   peculiar   characteristics   of   their   sponsored   downloads.   This   torrent   client  has  a  list  of  sponsored  shows  available  for  download,  and  when  you  select  any   of   them   for   download   they   download   at   a   rapid   rate,   taking   over   most   of   the   network   bandwidth.   The   second   trace   we   took   was   that   of   a   popular   Linux   distribution.   The   third   trace   we   took   was   a   dictionary   torrent   file,   hosted   on   a   popular  website.     To   start   with,   We   processed   the   tcpdump   files   and   analyzed   the   characteristics   of   each   torrent   file   and   also   generated   various   graphs   which   explicitly   depict   the   characteristics  of  each  of  the  torrent  traces.  We  then  compared  each  of  these  graphs   for  each  of  the  different  torrent  file  traces.   The  various  download  speeds  of  each  of  the  torrent  files  are:             Fig.1  the  download  speed  of  vuze  sponsored  torrent  file             Fig.2  the  download  speed  of  linux  distribution  torrent  file      
      Fig.3  the  download  speed  of  dictionary  torrent  file     From,   • fig.1,  the  avg.  download  speed  was  recorded  as  340  kbps   • Fig.2,  the  avg  download  speed  was  recorded  as  300  kbps     • Fig,  3,  the  avg.  download  speed  was  recorded  as  30  kbps       Flow  Graph:     The   Flow   Graph   provides   a   sequential   analysis   of   TCP   connections.     Here,   we   created   a   displayed   filter   to   target   only   traffic   related   to   download   of   a   file   thru   BitTorrent.   In   the   flow   graphs,   The   rows   represent   the   time   at   which   a   BitTorrent   handshake   was   occurred   or   When   a   handshake   continuation   data   takes   place   through   a   particular   port.   The   columns   represent   various   ip   addresses   of   different   seeders   who   had   participated   in   the   download   process   of   a   torrent   file   and   the   following   fig.(s)   show   the   sample   from   the   Flow   graph   for   3   different   trace   files,   (since   the   flow  graphs  came  upto  22  pages  we  have  included  a  part  of  it  here).       The  flow  graph  for  3  diff.  trace  files  are  shown  below  
                 fig.4    Flowgraph  for  the  vuze  sponsored  torrent  file            
                 fig.5  flowgraph  for  the  linux  distribution  torrent  file        
    fig.6  flow  graph  for  the  dictionary  torrent  file     RTT  graphs:     The  Packet  Round-­‐Trip  Time  graph  shows  the  history  of  a  transaction's  round-­‐trip   time  (RTT).  RTT  is  the  average  number  of  milliseconds  spent  in  transit  when  a  client   and   server   exchange   the   SYN   (synchronize   sequence   numbers   flag)   and   its   corresponding   ACK   (acknowledge   flag).   A   transaction   involving   a   large   amount   of   data  requires  the  data  to  be  divided  into  multiple  packets.  Whereas  a  transaction's   network  delay  reflects  the  total  transit  time  for  all  required  packets,  the  RTT  reflects   the  time  for  a  single  packet  to  make  its  way  from  client  to  server  and  another  packet   to  make  the  return  trip.  An  ideal  RTT  for  data  transfer  across  the  Internet  is  no  more   that  0.04  seconds  (40  milliseconds).  If  we  consider  a  slow  download,  we  will  notice   near  the  beginning  of  the  capture,  an  RTT  of  up  to  one  full  second.  This  is  completely   unacceptable   for   downloading   a   file.   Even   when   downloading   a   file   off   of   the   Internet  you  should  see  times  at  no  more  than  0.1  seconds.     The  RTT  graphs  for  3  different  trace  files  are  shown  below:          
Fig.  7  RTT  graph  for  the  vuze  sponsored  torrent  file         Fig.  8  RTT  graph  for  the  linux  distribution  file    
    Fig.9  RTT  graph  for  the  dictionary  torrent  file.     From   all   the   above   RTT   graphs,   we   can   clearly   see   the   differences   in   the   values   of   round   trip   time   of   all   the   packets.   Now,   Comparing   all   the   3   graphs,   from   the   1st   graph,   the   average   RTT   was   calculated   from   fig.7   was   around   0.1s   (almost   0),   which   suggests   that   the   torrent   file   was   downloaded   at   high-­‐speed   download   rate.   Similarly,   from   the   2nd   graph,   the   average   RTT   was   calculated   from   fig.8   was   almost   <   0.1   s,   which   suggests   that   this   torrent   file   was   downloaded   at   very   high   speed   download  rate.  Now,  from  the  3rd  graph,  the  average  RTT  was  calculated  from  fig.9   was   around   0.3   s,   which   suggests   that   the   file   was   downloaded   at   very   slow   download  rate.       Time-­‐Sequence  Graphs  (Stevens)   The   time-­‐sequence   graph   (Stevens)   produces   a   simple   graph   of   TCP   sequence   numbers   vs   time   at   which   it   was   sent   for   the   TCP   stream   containing   the   packet   that   was  selected  in  the  Summary  window.    
The  first  derivative  of  this  graph  is  the  TCP  traffic  throughput.  In  an  ideal  situation   where   there   is   a   constant   throughput,   the   graph   would   be   a   straight   rising   line   with   its   slope   equaling   the   throughput.   One   can   learn   about   where   the   source   of   throughput  issues  is  coming  from  by  looking  at  the  time-­‐sequence  graph.     fig.10  Time-­‐  Sequence  Graph  for  vuze  sponsored  torrent  file    
      fig  11.  Time-­‐sequence  graph  for  the  linux  distribution  torrent  file      
        fig.12  time-­‐sequence  graph  for  the  dictionary  torrent  file     To  understand  each  of  the  characteristics  from  the  above  graphs,  from  the  1st  graph,   fig.10,   we   can   clearly   see   that,   At   the   start   of   the   capture,   the   traffic   has   an   even   slope  (constant  throughput)  for  approximately  900  seconds,  when  there  is  a  major   disruption,   as   shown   by   the   discontinuity   in   the   graph.   This   gap   suggests   TCP   retransmissions  have  occurred  for  the  packet  for  which  we  have  chosen  to  plot  the   graph.   Similarly,   from   the   2nd   graph,   fig.11,   the   traffic   has   an   exponential   rise   for   approximately   1300   seconds   from   the   start   of   the   capture,   when   there   is   a   major   discontinuity   in   the   graph.   These   gaps   suggest   retransmissions   have   occurred   for   the  packet  for  which  we  have  chosen  to  plot  the  graph.   From  the  3rd  graph,  fig.12,  the  graph  clearly  shows  an  exponential  rise  throughout   the   graph   with   an   increasing   throughput   i.e.   with   an   even   slope.   So   thus,   we   can   conclude  from  this  graph  that  there  is  no  retransmissions  occurred  for  the  capture   of  the  dictionary  torrent  file.        
Throughput  Graphs     The  throughput  graphs  shows  the  throughput  of  the  TCP  stream  Vs  time.           fig  13.  Throughput  graph  for  the  vuze  sponsored  torrent  file         fig.14  throughput  graph  for  the  linux  distribution  file  
        fig.15  Throughput  graph  for  the  dictionary  torrent  file       From  all  the  above  3  graphs,  the  throughputs  of  each  trace  file  can  be  calculated.     Throughput   is   the   average   rate   of   successful   message   delivery   over   a   communication   channel.   The   throughput   is   usually   measured   in   bits   per   second.   From  the  1st  graph,  fig  13,  the  average  throughput  can  be  calculated  as  30000  B/s,   which   is   pretty   high   for   a   successful   communication.   As   this   torrent   file   was   downloaded  at  faster  download  rate,  the  average  throughput  will  be  always  high.   Similarly,   from   the   2nd   graph,   fig14   the   average   throughput   can   be   calculated   as   1000   B/s,   which   suggests   that   the   torrent   file   has   been   downloaded   at   high   speed   download   rate,   and   has   successful   message   transfers   over   the   communication   channel.     From   the   3rd   graph,   fig   15,   the   average   throughput   can   be   calculated   as   only   around   30B/s,  which  is  very  low.  As  the  file  was  downloaded  at  very  slow  download  rate,   the  throughput  was  also  considered  to  be  less.       I/O Graphs: I/O graphs are user configurable graphs of the captured network packets. We can select
various filters. It is customizable with a lot of various options and is used to visual interpret the data we have captured. We can customize several features of this graph. For instance, we could create filters to show ARP and DHCP traffic and display the lines on the graph in red and blue so that we can more easily differentiate the throughput trends between these two protocol types. The most important two things we will be modifying are the settings for the x-axis and y- axis of the graph, which allow you to modify the intervals and units used for displaying the required information. I/O graphs are also used to find out the response times problems of the packets in the trace file by looking at the spikes generated from the I/O graph files. The general way to find out the response time problems is to find the delta time between the packets. This is represented in the time column in the main window. We can scroll through all the packets and find the no with higher value in the time column to indicate the higher response times. There’s an alternative approach to this: Try plotting I/O Graphs, and out of the graph generated from that spikes are shown as packets by default. The x-axis interval is around 1 sec and on the y-axis with units set to packets/tick and scale set to auto. Now, change y-axis to advanced tab, which opens up a new column. We can add new features into our graph window by adding syntax commands in the new column, which was generated by changing unit to “advanced”. To calculate the delta time from the previous captured packets, the syntax would be “frame.time_delta_displayed”. This is entered in the filter field present in the main window. Add the same syntax to “sum” column present in the I/O graph and press “ Graph 2” button to generate advanced I/O graph to calculate the delta times from the previous captured packets. Spikes are now indicated with a red graph, which shows where the problems with the response times occur. Here, we can observe that x-axis is changed from 0 to 1000 and above (varies from file to file). We can see some spikes from the newly generated I/O graph then, which suggests the higher response time delay problems. By clicking on a spike with higher value, which will take us to main window with the packet with the greater delay time by automatically scrolling down through the trace file to the place where the problem occurs. We can then find out the packet with the response time problem and the delta time of that packet. We can continue in a similar fashion to find out the larger delta times by clicking on the higher spikes generated in the graph.
To find out the larger delays in response times for each of the 3 different trace files, we proceed with, fig.16 I/O graph for a Vuze sponsored torrent file From the above graph, the spikes can be located at various instances on the graph. Here, the 1st spike is found at 1382s, at which the packet no. 547022 has resulted in a higher response time delay of 1382.55544 s, which was found out by clicking on the spike present in the graph.
fig 17. I/O graph for Linux distribution trace file From the above graph, the spikes can be located at various instances on the graph. Here, the 1st spike is found at 464s, at which the packet no.160329 has resulted in a higher response time delay of 464.388496 s, which was found out by clicking on the spike present in the graph. Fig 18 I/O Graph for dictionary torrent file
From the above graph, the spikes can be located at various instances on the graph. Here, the 1st spike is found at 4961s, at which the packet no.257352 has resulted in a higher response time delay of 4961.487553 s, which was found out by clicking on the spike present in the graph. When compared with two other trace files, the dictionary based torrent trace file was found out to have more spikes in the I/O Graph generated by using the syntax filter “frame.time_delta_display”. This suggests that many packets in the trace file had higher response time delays, which clearly suggests that this torrent trace file was downloaded with slow download speed rate, with less no. of seeders who were to present and increase the speed of downloading a torrent file. Expert Info In order to filter out the abnormal traffic that is slowing our download, we’ll use the Expert Info window. To open this window, click Analyze in the menu bar and select Expert Info. Now choose the setting Error+Warn+Note from the drop-down box next to the words Severity filter. Next, we begin to explore the problematic packets in our capture. In Expert info window, we may encounter with TCP Previous segment lost packets. These packets tell us that during the course of data transfer, a packet was suddenly dropped. In response, the client sends Duplicate ACK packets to the server, requesting that that the lost packet is sent again. The client continues to send Duplicate ACKs until it receives the requested packet. We then see the retransmission of the dropped packet as TCP Retransmission in the Expert Infos window. At the beginning of our download, we see only one or two Duplicate ACKs in a row, but as the download progresses, when we encounter more and more Duplicate ACKs we can conclude that there is more latency. If there are more Segment losses and Duplicate ACKs it shows the sign of a slow download in progress.
2nd trace file
3rd trace file
from the above graphs, we can clearly see that there are less no of previous segment losses and duplicate acks in 1st two trace files. Coming to the 3rd graph, we can clearly see that there are more no of previous segment losts and more no of duplicate acks which clearly shows the sign of a slow download is in progress.
Conclusion  and  Future  Work:   As  it  can  be  observed  from  the  readings,    for  a  slower  download  the  RTT  is  higher.   This   can   be   observed   from   the   third   trace   file.   Also   as   we   consider   Throughput   graph,  we  can  see  that  the  throughput  is  lower  for  the  third  trace  as  compared  to  the   other  two,  thus  reiterating  what  was  observed  during  the  download.     Also,   From   the   expert   window   panel,   we   can   observe   more   segment   losses   and   duplicate  ACKs  which  shows  the  sign  of  a  slow  download  in  progress.  In  this  project,   we   had   looked   more   into   understanding   the   basic   working   of   the   BitTorrent   protocol   more   than   anything   else.   We   looked   at   how   it   worked   based   on   different   conditions   like   number   of   seeders,   location   of   download   (i.e.,   the   network),   popularity   of   the   file   and   other   real   world   conditions.   For   doing   this   we   found   WireShark  as  an  appropriate  tool  to  perform  the  tasks  we  needed.   We   detected   that   the   third   trace,   which   was  taken  on  a  Clemson  wireless  network   was   slower   as   compared   to   the   other   two   downloads.   This   might   be   because   of   a   variety  of  conditions  like  the  file  not  being  very  popular.  Lesser  number  of  seeders   etc.   Comparing   the   first   two   downloads   ,the   major   difference   lies   in   the   fact   that   the   first   download   was   a   sponsored   download   from   Vuze.   Therefore,   Vuze   was   functioning  more  like  a  content  delivery  system,  more  than  anything  else.  This  was   similar   in   a   way   to   the   new   kind   of   content   delivery   system   being   developed   by   BitTorrent   called   BitTorrent   DNA   ,   the   difference   lying   with   the   fact   that   thought   ,   the  download  speed  for  Vuze  was  high  it  hogged  most  of  the  bandwidth,  and  this  is   where  DNA  might  bring  in  a  change.     Looking  into  the  future  we  feel  that  the  BitTorrent  protocol  ,  which  is  relatively  new   might   undergo   a   metamorphosis   into   something   which,   delivering   content   to   users   ,   doesn’t  hog  most  of  the  bandwidth.       REFERENCES       [1]   Wireshark   &   Ethereal   Network   Protocol   Analyzer   Toolkit   -­‐     Angela   Orebaugh,   Gilbert  Ramirez,  Jay  Beale     [2]   Practical   Packet   Analysis:   Using   Wireshark   to   Solve   Real-­‐World   Network   Problems  -­‐  Chris  Sanders    
[3]“BitTorrent”-­‐  http://www.medianet.kent.edu/surveys/IAD06S-­‐   P2PArchitectures-­‐chibuike/P2P%20App.%20Survey%20Paper.htm#_2.2_Bittorrent       [4]   "Wireshark   User's   Guide"   -­‐   http://www.wireshark.org/download/docs/user-­‐ guide-­‐a4.pdf              

Empfohlen

BitTorrent Seminar Report
BitTorrent Seminar ReportBitTorrent Seminar Report
BitTorrent Seminar ReportMasood Alam Shaikh
 
Bit Torrent Protocol Report
Bit Torrent Protocol ReportBit Torrent Protocol Report
Bit Torrent Protocol ReportSridharBR
 
Bit torrent documentation
Bit torrent documentationBit torrent documentation
Bit torrent documentationAvula Jagadeesh
 
Torrent Protocol
Torrent ProtocolTorrent Protocol
Torrent ProtocolHarsht2888
 
Bit torrent protocol seminar by Sanjay R
Bit torrent protocol seminar by Sanjay RBit torrent protocol seminar by Sanjay R
Bit torrent protocol seminar by Sanjay RSanjay Ravishankar
 
UNRAVEILING BIT-TORRENT
UNRAVEILING BIT-TORRENTUNRAVEILING BIT-TORRENT
UNRAVEILING BIT-TORRENTSudhansu Dash
 
Bit torrent protocol by milan varia
Bit torrent protocol by milan variaBit torrent protocol by milan varia
Bit torrent protocol by milan variaMilan Varia
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent pptSantosh Kumar
 

Empfohlen

BitTorrent Seminar Report
BitTorrent Seminar ReportBitTorrent Seminar Report
BitTorrent Seminar ReportMasood Alam Shaikh
 
Bit Torrent Protocol Report
Bit Torrent Protocol ReportBit Torrent Protocol Report
Bit Torrent Protocol ReportSridharBR
 
Bit torrent documentation
Bit torrent documentationBit torrent documentation
Bit torrent documentationAvula Jagadeesh
 
Torrent Protocol
Torrent ProtocolTorrent Protocol
Torrent ProtocolHarsht2888
 
Bit torrent protocol seminar by Sanjay R
Bit torrent protocol seminar by Sanjay RBit torrent protocol seminar by Sanjay R
Bit torrent protocol seminar by Sanjay RSanjay Ravishankar
 
UNRAVEILING BIT-TORRENT
UNRAVEILING BIT-TORRENTUNRAVEILING BIT-TORRENT
UNRAVEILING BIT-TORRENTSudhansu Dash
 
Bit torrent protocol by milan varia
Bit torrent protocol by milan variaBit torrent protocol by milan varia
Bit torrent protocol by milan variaMilan Varia
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent pptSantosh Kumar
 
Bit torrent-technology
Bit torrent-technologyBit torrent-technology
Bit torrent-technologyabhipesit
 
Bit Torrent Technology
Bit Torrent TechnologyBit Torrent Technology
Bit Torrent Technologyguestc67adeb
 
Bittorrent
BittorrentBittorrent
BittorrentShiva Krishna Chandra Shekar
 
Bittorrent
BittorrentBittorrent
BittorrentUtsav Dholakia
 
BitTorrent
BitTorrentBitTorrent
BitTorrentmaheshmohanmu
 
Adaptive Sliding Piece Selection Window for BitTorrent Systems
Adaptive Sliding Piece Selection Window for BitTorrent SystemsAdaptive Sliding Piece Selection Window for BitTorrent Systems
Adaptive Sliding Piece Selection Window for BitTorrent SystemsWaqas Tariq
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshidhananjaypardeshi13
 
Bittorrent
BittorrentBittorrent
BittorrentVatsal Gajera
 
Bit Torrent
Bit Torrent Bit Torrent
Bit Torrent Ashish Kumar
 
Torrent Seminar inc.- working, terms, details
Torrent Seminar inc.- working, terms, detailsTorrent Seminar inc.- working, terms, details
Torrent Seminar inc.- working, terms, detailsMayur Kathale
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshidhananjaypardeshi13
 
Introduction to the Bittorrent Protocol
Introduction to the Bittorrent ProtocolIntroduction to the Bittorrent Protocol
Introduction to the Bittorrent Protocoltmont
 
Torrent technology
Torrent technologyTorrent technology
Torrent technologyHarsh Malpani
 
Bit Torrent presentation
Bit Torrent presentationBit Torrent presentation
Bit Torrent presentationAvula Jagadeesh
 
Bit torrent
Bit torrentBit torrent
Bit torrentSonja Kristiansen
 
Torrents
TorrentsTorrents
TorrentsAhmad0Muhammad
 
Bittorrent final seminar
Bittorrent final seminarBittorrent final seminar
Bittorrent final seminarChirodeep Das
 
BitTorrent Protocol
BitTorrent ProtocolBitTorrent Protocol
BitTorrent ProtocolSridharBR
 
Bittorrent
BittorrentBittorrent
Bittorrentsonangrai
 
Bittorrent Basics
Bittorrent BasicsBittorrent Basics
Bittorrent BasicsBhoomit Belani
 
Bionic Eye
Bionic EyeBionic Eye
Bionic EyeSohail_Anwar
 
Convert Your Web App to Tizen
Convert Your Web App to TizenConvert Your Web App to Tizen
Convert Your Web App to TizenCheng Luo
 

Weitere ähnliche Inhalte

Was ist angesagt?

Bit torrent-technology
Bit torrent-technologyBit torrent-technology
Bit torrent-technologyabhipesit
 
Bit Torrent Technology
Bit Torrent TechnologyBit Torrent Technology
Bit Torrent Technologyguestc67adeb
 
Adaptive Sliding Piece Selection Window for BitTorrent Systems
Adaptive Sliding Piece Selection Window for BitTorrent SystemsAdaptive Sliding Piece Selection Window for BitTorrent Systems
Adaptive Sliding Piece Selection Window for BitTorrent SystemsWaqas Tariq
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshidhananjaypardeshi13
 
Torrent Seminar inc.- working, terms, details
Torrent Seminar inc.- working, terms, detailsTorrent Seminar inc.- working, terms, details
Torrent Seminar inc.- working, terms, detailsMayur Kathale
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshidhananjaypardeshi13
 
Introduction to the Bittorrent Protocol
Introduction to the Bittorrent ProtocolIntroduction to the Bittorrent Protocol
Introduction to the Bittorrent Protocoltmont
 
Bit Torrent presentation
Bit Torrent presentationBit Torrent presentation
Bit Torrent presentationAvula Jagadeesh
 
Bittorrent final seminar
Bittorrent final seminarBittorrent final seminar
Bittorrent final seminarChirodeep Das
 
BitTorrent Protocol
BitTorrent ProtocolBitTorrent Protocol
BitTorrent ProtocolSridharBR
 

Was ist angesagt? (20)

Bit torrent-technology
Bit torrent-technologyBit torrent-technology
Bit torrent-technology
 
Bit Torrent Technology
Bit Torrent TechnologyBit Torrent Technology
Bit Torrent Technology
 
Bittorrent
BittorrentBittorrent
Bittorrent
 
Bittorrent
BittorrentBittorrent
Bittorrent
 
BitTorrent
BitTorrentBitTorrent
BitTorrent
 
Adaptive Sliding Piece Selection Window for BitTorrent Systems
Adaptive Sliding Piece Selection Window for BitTorrent SystemsAdaptive Sliding Piece Selection Window for BitTorrent Systems
Adaptive Sliding Piece Selection Window for BitTorrent Systems
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshi
 
Bittorrent
BittorrentBittorrent
Bittorrent
 
Bit Torrent
Bit Torrent Bit Torrent
Bit Torrent
 
Torrent Seminar inc.- working, terms, details
Torrent Seminar inc.- working, terms, detailsTorrent Seminar inc.- working, terms, details
Torrent Seminar inc.- working, terms, details
 
Bittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshiBittorrent Seminar by dhananjay pardeshi
Bittorrent Seminar by dhananjay pardeshi
 
Introduction to the Bittorrent Protocol
Introduction to the Bittorrent ProtocolIntroduction to the Bittorrent Protocol
Introduction to the Bittorrent Protocol
 
Torrent technology
Torrent technologyTorrent technology
Torrent technology
 
Bit Torrent presentation
Bit Torrent presentationBit Torrent presentation
Bit Torrent presentation
 
Bit torrent
Bit torrentBit torrent
Bit torrent
 
Torrents
TorrentsTorrents
Torrents
 
Bittorrent final seminar
Bittorrent final seminarBittorrent final seminar
Bittorrent final seminar
 
BitTorrent Protocol
BitTorrent ProtocolBitTorrent Protocol
BitTorrent Protocol
 
Bittorrent
BittorrentBittorrent
Bittorrent
 
Bittorrent Basics
Bittorrent BasicsBittorrent Basics
Bittorrent Basics
 

Andere mochten auch

Convert Your Web App to Tizen
Convert Your Web App to TizenConvert Your Web App to Tizen
Convert Your Web App to TizenCheng Luo
 
Whatsapp Technical
Whatsapp Technical Whatsapp Technical
Whatsapp Technical harshghagare
 
5 Pen PC technology seminar report
5 Pen PC technology seminar report5 Pen PC technology seminar report
5 Pen PC technology seminar reportRituraj Singh Panwar
 
E-Paper Technology Documentation
E-Paper Technology DocumentationE-Paper Technology Documentation
E-Paper Technology DocumentationRajesh Gaddam
 
4D printing with smart materials
4D printing with smart materials4D printing with smart materials
4D printing with smart materialsJeffrey Funk
 
E-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTE-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTVikas Kumar
 
Revit and Building Information Modeling (BIM) Presentation
Revit and Building Information Modeling (BIM) PresentationRevit and Building Information Modeling (BIM) Presentation
Revit and Building Information Modeling (BIM) Presentationryanabarton
 
Report of PILL CAMERA
Report of PILL CAMERAReport of PILL CAMERA
Report of PILL CAMERArazaemohammed
 
8 k extremely high resolution camera system
8 k extremely high resolution camera system8 k extremely high resolution camera system
8 k extremely high resolution camera systemPrejith Pavanan
 

Andere mochten auch (13)

Bionic Eye
Bionic EyeBionic Eye
Bionic Eye
 
Convert Your Web App to Tizen
Convert Your Web App to TizenConvert Your Web App to Tizen
Convert Your Web App to Tizen
 
Bionic lens report
Bionic lens reportBionic lens report
Bionic lens report
 
Whatsapp Technical
Whatsapp Technical Whatsapp Technical
Whatsapp Technical
 
Whatsapp en las empresas
Whatsapp en las empresasWhatsapp en las empresas
Whatsapp en las empresas
 
5 Pen PC technology seminar report
5 Pen PC technology seminar report5 Pen PC technology seminar report
5 Pen PC technology seminar report
 
E-Paper Technology Documentation
E-Paper Technology DocumentationE-Paper Technology Documentation
E-Paper Technology Documentation
 
4D printing with smart materials
4D printing with smart materials4D printing with smart materials
4D printing with smart materials
 
An intro to 4D
An intro to 4DAn intro to 4D
An intro to 4D
 
E-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORTE-BALL TECHNOLOGY SEMINAR REPORT
E-BALL TECHNOLOGY SEMINAR REPORT
 
Revit and Building Information Modeling (BIM) Presentation
Revit and Building Information Modeling (BIM) PresentationRevit and Building Information Modeling (BIM) Presentation
Revit and Building Information Modeling (BIM) Presentation
 
Report of PILL CAMERA
Report of PILL CAMERAReport of PILL CAMERA
Report of PILL CAMERA
 
8 k extremely high resolution camera system
8 k extremely high resolution camera system8 k extremely high resolution camera system
8 k extremely high resolution camera system
 

Ähnlich wie Project_report_BitTorrent

Copy Of Part 4
Copy Of Part 4Copy Of Part 4
Copy Of Part 4raeshu
 
Bit torrent protocol
Bit torrent protocolBit torrent protocol
Bit torrent protocolD bipul lomga
 
Bit Torrent technology
Bit Torrent technology Bit Torrent technology
Bit Torrent technology Parth Akbari
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent ProtocolAli Habeeb
 
(130316) #fitalk bit torrent protocol
(130316) #fitalk bit torrent protocol(130316) #fitalk bit torrent protocol
(130316) #fitalk bit torrent protocolINSIGHT FORENSIC
 
Detecting BitTorrents Using Snort
Detecting BitTorrents Using SnortDetecting BitTorrents Using Snort
Detecting BitTorrents Using SnortRick Wanner
 
Bit torrent protocol
Bit torrent protocolBit torrent protocol
Bit torrent protocolKarwan Jacksi
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSijp2p
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS ijp2p
 
Filesharing using bittorrent protocol
Filesharing using bittorrent protocolFilesharing using bittorrent protocol
Filesharing using bittorrent protocolNishan Shetty
 
Analyzing peer selection policies for
Analyzing peer selection policies forAnalyzing peer selection policies for
Analyzing peer selection policies forIJCNCJournal
 
Bit Torrent Protocol Report
Bit Torrent Protocol ReportBit Torrent Protocol Report
Bit Torrent Protocol Reportgkmv
 
On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...IJCNCJournal
 

Ähnlich wie Project_report_BitTorrent (20)

Copy Of Part 4
Copy Of Part 4Copy Of Part 4
Copy Of Part 4
 
Bit torrent and tracker
Bit torrent and trackerBit torrent and tracker
Bit torrent and tracker
 
Bit torrent protocol
Bit torrent protocolBit torrent protocol
Bit torrent protocol
 
Bit Torrent technology
Bit Torrent technology Bit Torrent technology
Bit Torrent technology
 
Bit Torrent Protocol
Bit Torrent ProtocolBit Torrent Protocol
Bit Torrent Protocol
 
(130316) #fitalk bit torrent protocol
(130316) #fitalk bit torrent protocol(130316) #fitalk bit torrent protocol
(130316) #fitalk bit torrent protocol
 
Detecting BitTorrents Using Snort
Detecting BitTorrents Using SnortDetecting BitTorrents Using Snort
Detecting BitTorrents Using Snort
 
Bit torrent protocol
Bit torrent protocolBit torrent protocol
Bit torrent protocol
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMSEFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
 
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
EFFECTIVE TOPOLOGY-AWARE PEER SELECTION IN UNSTRUCTURED PEER-TO-PEER SYSTEMS
 
Magnet links
Magnet linksMagnet links
Magnet links
 
Peer to Peer networks and piracy
Peer to Peer networks and piracyPeer to Peer networks and piracy
Peer to Peer networks and piracy
 
Filesharing using bittorrent protocol
Filesharing using bittorrent protocolFilesharing using bittorrent protocol
Filesharing using bittorrent protocol
 
Bit torrent a revolution in p2p
Bit torrent a revolution in p2pBit torrent a revolution in p2p
Bit torrent a revolution in p2p
 
Analyzing peer selection policies for
Analyzing peer selection policies forAnalyzing peer selection policies for
Analyzing peer selection policies for
 
Bit Torrent Protocol Report
Bit Torrent Protocol ReportBit Torrent Protocol Report
Bit Torrent Protocol Report
 
On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...On client’s interactive behaviour to design peer selection policies for bitto...
On client’s interactive behaviour to design peer selection policies for bitto...
 
BitTorrent
BitTorrent BitTorrent
BitTorrent
 
BitTorrent.pdf
BitTorrent.pdfBitTorrent.pdf
BitTorrent.pdf
 

Mehr von Srikanth Vanama

Clemson_Classifieds_Srikanth_Vanama
Clemson_Classifieds_Srikanth_VanamaClemson_Classifieds_Srikanth_Vanama
Clemson_Classifieds_Srikanth_VanamaSrikanth Vanama
 
Compiler_Project_Srikanth_Vanama
Compiler_Project_Srikanth_VanamaCompiler_Project_Srikanth_Vanama
Compiler_Project_Srikanth_VanamaSrikanth Vanama
 
Bittorrent_project_Srikanth_Vanama
Bittorrent_project_Srikanth_VanamaBittorrent_project_Srikanth_Vanama
Bittorrent_project_Srikanth_VanamaSrikanth Vanama
 

Mehr von Srikanth Vanama (6)

Code_snippets
Code_snippetsCode_snippets
Code_snippets
 
User_manual
User_manualUser_manual
User_manual
 
Technical_manual
Technical_manualTechnical_manual
Technical_manual
 
Clemson_Classifieds_Srikanth_Vanama
Clemson_Classifieds_Srikanth_VanamaClemson_Classifieds_Srikanth_Vanama
Clemson_Classifieds_Srikanth_Vanama
 
Compiler_Project_Srikanth_Vanama
Compiler_Project_Srikanth_VanamaCompiler_Project_Srikanth_Vanama
Compiler_Project_Srikanth_Vanama
 
Bittorrent_project_Srikanth_Vanama
Bittorrent_project_Srikanth_VanamaBittorrent_project_Srikanth_Vanama
Bittorrent_project_Srikanth_Vanama
 

Project_report_BitTorrent

  • 1. A  study  of  Bit-­‐Torrent  Characteristics   Project  Report   Srikanth  Vanama   svanama@clemson.edu   Introduction   Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. A network analyzer decodes the data packets of common protocols and displays the network traffic in readable format. A network analyzer can be a standalone hardware device with specialized software, or software that is installed on a desktop or laptop computer. The differences between network analyzers depend on features such as the number of supported protocols it can decode, the user interface, and its graphing and statistical capabilities. Packet analysis, often referred to as packet sniffing or protocol analysis, describes the process of capturing and interpreting live data as it flows across a network in order to better understand what is happening on that network. A packet sniffer, a tool used to capture raw network data going across the wire, typically performs packet analysis. Packet analysis can help us understand network characteristics, learn who is on a network, determine who or what is utilizing available bandwidth and identify peak network usage times.   For  the  project  we  captured  Packet  traces  of  few  Bit-­‐Torrent  files,  each  from  a   different  scenario  and  analyze  their  characteristics  by  plotting  different  graphs  and   studying  them.   Background.   BitTorrent BitTorrent   is   a   p2p   protocol   for   content   replication   and   distribution   designed   to   quickly,   efficiently   and   fairly   replicate   data.   It   enables   an   efficient   and   faster   distribution   of   large   files   by   leveraging   the   upload   bandwidth   of   the   downloading   peers.  This  allowed  BitTorrent  to  use  bandwidth  between  peers  which  is  known  as   perpendicular  bandwidth.  The  basic  idea  is  that  files  are  split  up  into  chunks  and  the   downloaders   of   the   file   exchange   content   either   by   uploading   or   by   downloading   them.  It  works  on  the  tit-­‐for-­‐tat  (TFT)  basis  of  exchanging  file  contents.  The  chunks   of  file  are  downloaded  in  an  unordered  fashion  from  the  source,  which  enables  the   peers   to   maximize   the   use   of   peer   connection   to   other   downloaders   to   obtain   file   pieces,  which  they  do  not  possess.  This  protocol  makes  use  of  the  technique  named   “swarming”  i.e.,  which  explains  that  peers  are  allowed  to  download  pieces  of  a  file   from   several   peers   simultaneously.   This   results   in   a   great   advantage   of   efficient   network  utilization.  Based  on  the  per–resource  availability,  the  size  of  the  pieces  is   fixed.     Each   participating   peer   can   maximize   its   download   rate   by   exchanging  
  • 2. content  with  suitable  peers  and  peers  with  high  upload  rates  will  be  able  to  obtain   high  download  rates.     A   peer   interested   in   downloading   some   content   by   using   BitTorrent   must   first   obtain   a   set   of   metadata,   called   .torrent   file.   A   .torrent   file   is   an   encoded   file   that   contains  information  about  the  file  pieces  that  makes  up  the  original  file.   Users  who  wish  to  share  file(s)  in  the  BitTorrent  network  are  required  to  create  a.   torrent  file  and  then  upload  it  to  to  a    torrent  server  which  enables  other  peers  to   obtain   the   .torrent   file.   Generally,   a   moderator   system   is   used   to   the   check   the   file   integrity  and  remove  out  the  fake  contents  from  the  file.  [9]                                  Fig  2.  Torrent  Server  in  BitTorrent  networks.  [10]       To  find  a  torrent  file,  users  can  have  access  to  many  websites  found  in  the  Internet.   Some   of   the   example   websites   where   torrent   files   can   be   found   are   www.thepiratebay.org,  www.torrentz.com,  www.mininova.org;  a  torrent  file  can  be   downloaded  from  any  of  the  websites  a  user  is  interested  in.         The  basic  structure  of  a  torrent  file  can  be  represented  as  :      
  • 3.   Fig.  3.  The  structure  of  a  torrent  file  [10]   The   metadata   required   to   join   a   BitTorrent   network   consists   of   the   address   information   of   the   network,   announce   URL   of   the   tracker   and   information   of   the   file   size   and   piece   size.   It   also   incorporates   hash   values   [SHA-­‐1],   used   to   test   the   correctness  of  reception  of  a  file  piece.    A  peer,  who  downloads  a  .torrent  file,  will  be   able  to  join  a  pool  of  peers  who  are  involved  in  the  distribution  of  specific  content.       A  BitTorrent  distribution  swarm  can  be  partitioned  into  three  network  entities  and   two  protocols  [9].     • Tracker   • Set  of  active  peers  –  seeders  and  lechers   • Server   These  3  entities  are  discussed  separately  later  in  the  following  sections.         Terminology  used  in  BitTorrent  networks:     Seed  (seeder):    A  peer  who  owns  a  complete  copy  of  the  file  and  offers  it  for  seeding   (uploading).   Leech   (Leecher):   A   peer   who   has   a   partial   copy   of   the   file   and   communicates   with   other  peers  to  download  the  file  chunks.     Swarm:  the  pool  of  all  peers  downloading  a  file  or  resource.     Choke:   a   preventive   mechanism,   which   makes   a   client   to   stop   downloading   a   file   from  other  peers.     Share  ratio  (availability):  ratio  of  number  of  peers  with  complete  copies  of  the  file  to   the  total  no.  of  peers  in  the  swarm.  It  is  defined  as  a  percentage  ratio.     In   the   BitTorrent   network,   initially,   a   peer   who   wants   to   download   a   file   gets   connected   to   the   tracker   of   the   file,   which   keeps   track   of   all   the   downloaders   and   seeds  of  the  corresponding  file  in  the  system  maintained  in  a  global  registry.       The  tracker,  accepts  the  requests  and  then  replies  back  to  the  peer  with  a  random   list   of   peers   (both   seeders   and   leechers)   that   have   the   file.   The   information   the   tracker   replies   back   consists   of   other   peer   addresses   and   ports   as   well   as   records   simple  statistics  about  the  evolution  of  the  swarm.[9]  the  downloader  then  attempts   to  establish  a  connection  to  these  other  peers,  which  then  becomes  its  neighbors.  It   then   finds   out   what   pieces   each   of   its   neighbors   possess.     Each   peer   attempts   to   download   blocks   from   and   upload   blocks   to   its   corresponding   neighbors   to   which   it  
  • 4. is  connected.  A  node  at  this  point  of  time  has  various  choices  of  several  blocks  that  it   could   choose   to   download   from.   To   employ   this,   it   uses   a   local   rarest   first   policy     (LRF)   in   selecting   which   block   to   download.   It   then   tries   to   download   a   block   which   is   least   replicated   among   its   neighbors.   The   objective   is   to   maximize   the   diversity   of   content  in  the  system,  which  thus  prevents  the  system  from  hanging  up  due  to  the   “rare”  blocks  that  are  difficult  to  find.      This  ensures  a  uniform  distribution  of  pieces   among  peers  and  protocols.  An  exception  to  the  local  rarest  first  policy  occurs  when   a  new  node  enters  the  system  that  has  not  downloaded  any  blocks  yet.  It  chooses  a   random  block  and  starts  downloading  the  file.  From  that  point  on,  it  then  switches   and  adopts  the  local  rarest  policy.  [5]   A  tit-­‐for-­‐tat  (TFT)  policy  is  implemented  to  prevent  free  -­‐  riding,  which  is  defined  as;   a  node  uploads  only  to  its  neighbors,  which  offer  it  the  highest  download  rates.  Thus   each  node  should  upload  at  a  good  rate  to  its  corresponding  neighbors.    To  avoid  all   these   complexities,   each   node   is   limited   to   upload   only   to   5   no.   of   peers   that   have   the  highest  download  rates  even  thought  it  may  have  received  requests  from  more   than   5   peers   (downloaders).   .     Even   in   the   case   of   seeds,   the   similar   policy   is   adopted.   Choking,  is  a  mechanism  to  limit  the  number  of  parallel  uploads,  which  is  defined  as   the   temporary   refusal   of   a   node   to   upload   to   a   neighbor.   A   node   for   every   10   sec,   tries   to   find   out   whether   a   currently   unchoked   neighbor   should   be   choked   or   not   and  replace  with  a  neighboring  peer  which  offers  the  highest  download  rate.       To   implement   this   in   a   correct   manner,   i.e.   BitTorrent   uses   a   new   mechanism   called   the  optimistic  unchoking,  which  is  attempted  every  30  sec,  allows  a  peer  to  upload   to  the  peers  which  offers  the  highest  download  rates  and  drop  out  the  peer  with  the   least  download  rate.     Connections   between   peers   single   TCP   sessions,   carrying   both   data   and   signaling   traffic  [9]  .  Once  a  connection  is  established  between  peers,  the  peer,  which  initiates   the   connection,   sends   a   handshake   message,   which   contains   the   peer,   id   and   info   field  hash.     Figure  4.  BitTorrent  Handshake  procedure  
  • 5.   If   the   initiated   peer   gets   a   reply   back   with   the   information   requested   earlier,   the   BitTorrent   session   is   considered   to   be   open   and   the   peers   start   exchanging   messages   across   the   TCP   streams.   [9].   Otherwise,   the   TCP   connection   gets   closed.   Next,  each  peer  exchanges  about  the  information  about  the  resources  it  possesses.   This  is  implemented  only  once,  i.e.,  after  the  handshake  message.  The  information  is   sent  in  a  bit  field  message,  consisting  of  a  stream  of  bits,  with  each  bit  corresponding   to  a  piece  index  [9].   Wireshark   Introduction:     Wireshark   is   a   free   packet   sniffer   computer   application.   It   is   used   for   network   troubleshooting,   analysis,   software   and   communications   protocol   development,   and   education.     Wireshark   provides   insight   into   what   is   occurring   on   a   network,   which   is   useful   When   implementing   protocols,   debugging   network   applications,   testing   networks,   and  debugging  live  networks.  In  situations  involving  interaction  with  a  network  at  a     technical  level,  most  problems  can  be  resolved  using  Wireshark.       The   functionality   Wireshark   provides   is   very   similar   to   tcpdump,   but   it   has   a   graphical   front-­‐end,   and   many   more   information   sorting   and   filtering   options.   It   allows   the   user   to   see   all   traffic   being   passed   over   the   network   by   putting   the   network  interface  into  promiscuous  mode.     Wireshark   is   a   cross-­‐platform   application   running   on   various   computer   operating   systems  including  Mac  OS  X,  Linux  and  Microsoft  Windows.     Characteristics  of  Wireshark:       Wireshark   is   software   that   "understands"   the   structure   of   different   networking   protocols.  Thus,  it  is  able  to  display  the  encapsulation  and  the  fields  along  with  their   meanings   of   different   packets   specified   by   different   networking   protocols.   Wireshark   uses   pcap   to   capture   packets,   so   it   can   only   capture   the   packets   on   the   networks  supported  by  pcap.     • Data  can  be  captured  "from  the  wire"  from  a  live  network  connection  or  read   from  a  file  that  records  the  already-­‐captured  packets.  
  • 6. Live  data  can  be  read  from  a  number  of  types  of  network,  including  Ethernet,   IEEE  802.11,  PPP,  and  loopback.   • Captured   network   data   can   be   browsed   via   a   GUI,   or   via   the   terminal   (command  line)  version  of  the  utility,  tshark.   • Captured   files   can   be   programmatically   edited   or   converted   via   command-­‐line   switches  to  the  "editcap"  program.   • Display   filters   can   also   be   used   to   selectively   highlight   and   color   packet                     summary  information.   • Data  display  can  be  refined  using  a  display  filter.   • Hundreds  of  protocols  can  be  understood  and  can  be  analyzed.     Capturing  Live  Network  data   In  order  to  get  packet  data  into  Wireshark,  we  perform  the  packet  capture,  either  a   live  capture  or  we  open  a  existing  trace  file.     The  procedure  is  as  follows:       Open  WireShark.       1.  From  the  main  drop-­‐down  menu,  select  “Capture”  menu  and  then  Interfaces.  You   should  see  a  dialog  listing  the  various  interfaces  that  can  be  used  to  Capture  packets,   along   with   their   IP   addresses.   Choose   the   interface   you   Wish   to   use,   and   click   Capture  (figure  1)                
  • 7.       fig.  1    capture  interface  window       2.  Your  packet  capture  should  begin  and  Wireshark  should  show  the  active  packet   capture  window.  This  window  displays  a  brief  summary  of  the  type  of  traffic  being   captured,  as  well  as  the  duration  of  the  current  capture     3.  when  you  are  ready  to  stop  the  capture  and  view  your  data,  click  Stop.  Once  you   have   completed   these   steps   and   finished   the   capture   process,   the   WireShark   main   window  will  display  all  the  captured  data.         The  main  components  of  the  Wireshark  Graphical  User  Interface  (GUI)  are  :       • Main  window     Wireshark's   main   window   consists   of   parts   that   are   commonly   known   from   many   other   GUI   programs   such   as   menu,   main   toolbar,   filter   toolbar,   packet   list   pane,   packet  details  pane.     • Menu  bar     Menu   bar   consists   the   following   drop-­‐down   menus   :   File,   Edit,   View,   Go,   Capture,   Analyze,  Statistics  ,  Tools  and  Help.        
  • 8.   • Tool  bar     Contains   buttons   for   some   commonly   used   functions   of   Wireshark.   The   Tool   Bar   icons   have   tool   tips   that   are   displayed   when   you   place     the   mouse   pointer   over   them.     • Summary  window     Provides  a  one-­‐line  summary  for  each  packet  in  the  capture.  One  or  more  columns  of   summary  data  are  displayed  for  each  packet.  The  columns  can  be  No.,  Time,  Sourcr,   Destination,  Protocol,  Info.       • Filter  Bar   Applies  filters  to  the  Summary  window  to  restrict  which  packets  in  the  capture  are   displayed,  based  on  their  attributes.  The  example  filters  can  be  Tcp,  Udp,  Bittorret   etc.           • Protocol  Tree  window     Provides  a  detailed  decode  of  the  packet  selected  in  the  Summary  window.        
  • 9.   • Data  View  window     Provides  a  view  of  the  raw  data  in  the  packet  selected  in  the  Summary  window.  This   window   contains   a   series   of   rows   that   each   begin   with   a   four-­‐digit   number   that   represents  the  number  of  bytes  in  an  octet.         • Information  field     The  Information  field  displays  the  name  of  the  capture  file,  or  information  about     the  protocol  field  selected  in  the  Protocol  Tree  window.     • Display  information     The  Display  Information  field  displays  the  number  of  packets  displayed  in  or  filtered     from  the  Summary  window  .  P  indicates  the  number  of  total  packets,  D  indicates  the     total  displayed  packets  and  M  indicates  the  total  marked  packets.       Motivations  and  Objectives:   With   the   ever-­‐increasing   popularity   of   Bit-­‐Torrent,   We   wanted   to   analyze   what   was   it   behind   the   most   popular   p2p   protocol,   which   made   it   tick.     While   writing   the   research   paper,   we   learnt   a   great   deal   about   how   the   torrent   file   system   actually   works.   We   study   different   characteristics,   based   on   the   kind   of   BitTorrent   trace   chosen.  The  differences  come  to  light  during  the  analysis  phase  of  the  project.     Therefore,   for   this   project   we   took   thr       ee   traces.   Two   of   them   from   the   home   network  and  one  of  them  in  the  Clemson  University  Wireless  Network.  Also,  all  the   three  torrent  files  are  completely  different  in  terms  of  their  popularity,  size  ,etc.    We   would  talk  about  this  in  depth  during  the  analysis  phase.   Methodology     To   start   with,   we   have   used   a   popular   BitTorrent   client   “Vuze”   to   download   the   torrent   files.   We   chose   Vuze   because   of   its   multimedia   download   client.   We   have   downloaded  3  different  torrents  in  total.  Out  of  which,  2  of  them  were  downloaded   on   the   home   network   and   the   other   being   on   the   college   network.   We   tried   to   focus  
  • 10. on   these   3   different   torrent   files,   which   were   downloaded   at   varying   speeds,   and   study  the  characteristics  of  each  of  the  files   Out   of   the   2   torrents   downloaded   on   the   home   network,   one   was   a   sponsored   file   from   vuze,   with   very   high-­‐speed   download   rate.   The   other   one   is   a   torrent   file   named   “linux   distribution”   downloaded   from   a   popular   website   which   hosts   torrent   files.  This  torrent  file  was  downloaded  at  considerable  high  speed.     The   3rd   torrent   file,   which   was   downloaded   from   the   college   network,   was   downloaded  at  very  low-­‐speed  at  very  slow  download  rate.           To   capture   the   network   traffic   on   our   systems,   we   have   used   a   popular   network   sniffer-­‐tool  named  WireShark  to  trace  out  all  the  tcpdump  files  and  to  analyze  the   characteristics  of  different  torrent  files  by  generating  various  graphs.         Analysis:   We  have  taken  the  tcpdump  of  three  different  kinds  of  torrent  files.  One  of  them  was   an  Internet  based  electronics  show,  from  a  torrent  client  called  Vuze.  We  chose  this   because   of   the   peculiar   characteristics   of   their   sponsored   downloads.   This   torrent   client  has  a  list  of  sponsored  shows  available  for  download,  and  when  you  select  any   of   them   for   download   they   download   at   a   rapid   rate,   taking   over   most   of   the   network   bandwidth.   The   second   trace   we   took   was   that   of   a   popular   Linux   distribution.   The   third   trace   we   took   was   a   dictionary   torrent   file,   hosted   on   a   popular  website.     To   start   with,   We   processed   the   tcpdump   files   and   analyzed   the   characteristics   of   each   torrent   file   and   also   generated   various   graphs   which   explicitly   depict   the   characteristics  of  each  of  the  torrent  traces.  We  then  compared  each  of  these  graphs   for  each  of  the  different  torrent  file  traces.   The  various  download  speeds  of  each  of  the  torrent  files  are:             Fig.1  the  download  speed  of  vuze  sponsored  torrent  file             Fig.2  the  download  speed  of  linux  distribution  torrent  file      
  • 11.       Fig.3  the  download  speed  of  dictionary  torrent  file     From,   • fig.1,  the  avg.  download  speed  was  recorded  as  340  kbps   • Fig.2,  the  avg  download  speed  was  recorded  as  300  kbps     • Fig,  3,  the  avg.  download  speed  was  recorded  as  30  kbps       Flow  Graph:     The   Flow   Graph   provides   a   sequential   analysis   of   TCP   connections.     Here,   we   created   a   displayed   filter   to   target   only   traffic   related   to   download   of   a   file   thru   BitTorrent.   In   the   flow   graphs,   The   rows   represent   the   time   at   which   a   BitTorrent   handshake   was   occurred   or   When   a   handshake   continuation   data   takes   place   through   a   particular   port.   The   columns   represent   various   ip   addresses   of   different   seeders   who   had   participated   in   the   download   process   of   a   torrent   file   and   the   following   fig.(s)   show   the   sample   from   the   Flow   graph   for   3   different   trace   files,   (since   the   flow  graphs  came  upto  22  pages  we  have  included  a  part  of  it  here).       The  flow  graph  for  3  diff.  trace  files  are  shown  below  
  • 12.                  fig.4    Flowgraph  for  the  vuze  sponsored  torrent  file            
  • 13.                  fig.5  flowgraph  for  the  linux  distribution  torrent  file        
  • 14.     fig.6  flow  graph  for  the  dictionary  torrent  file     RTT  graphs:     The  Packet  Round-­‐Trip  Time  graph  shows  the  history  of  a  transaction's  round-­‐trip   time  (RTT).  RTT  is  the  average  number  of  milliseconds  spent  in  transit  when  a  client   and   server   exchange   the   SYN   (synchronize   sequence   numbers   flag)   and   its   corresponding   ACK   (acknowledge   flag).   A   transaction   involving   a   large   amount   of   data  requires  the  data  to  be  divided  into  multiple  packets.  Whereas  a  transaction's   network  delay  reflects  the  total  transit  time  for  all  required  packets,  the  RTT  reflects   the  time  for  a  single  packet  to  make  its  way  from  client  to  server  and  another  packet   to  make  the  return  trip.  An  ideal  RTT  for  data  transfer  across  the  Internet  is  no  more   that  0.04  seconds  (40  milliseconds).  If  we  consider  a  slow  download,  we  will  notice   near  the  beginning  of  the  capture,  an  RTT  of  up  to  one  full  second.  This  is  completely   unacceptable   for   downloading   a   file.   Even   when   downloading   a   file   off   of   the   Internet  you  should  see  times  at  no  more  than  0.1  seconds.     The  RTT  graphs  for  3  different  trace  files  are  shown  below:          
  • 15. Fig.  7  RTT  graph  for  the  vuze  sponsored  torrent  file         Fig.  8  RTT  graph  for  the  linux  distribution  file    
  • 16.     Fig.9  RTT  graph  for  the  dictionary  torrent  file.     From   all   the   above   RTT   graphs,   we   can   clearly   see   the   differences   in   the   values   of   round   trip   time   of   all   the   packets.   Now,   Comparing   all   the   3   graphs,   from   the   1st   graph,   the   average   RTT   was   calculated   from   fig.7   was   around   0.1s   (almost   0),   which   suggests   that   the   torrent   file   was   downloaded   at   high-­‐speed   download   rate.   Similarly,   from   the   2nd   graph,   the   average   RTT   was   calculated   from   fig.8   was   almost   <   0.1   s,   which   suggests   that   this   torrent   file   was   downloaded   at   very   high   speed   download  rate.  Now,  from  the  3rd  graph,  the  average  RTT  was  calculated  from  fig.9   was   around   0.3   s,   which   suggests   that   the   file   was   downloaded   at   very   slow   download  rate.       Time-­‐Sequence  Graphs  (Stevens)   The   time-­‐sequence   graph   (Stevens)   produces   a   simple   graph   of   TCP   sequence   numbers   vs   time   at   which   it   was   sent   for   the   TCP   stream   containing   the   packet   that   was  selected  in  the  Summary  window.    
  • 17. The  first  derivative  of  this  graph  is  the  TCP  traffic  throughput.  In  an  ideal  situation   where   there   is   a   constant   throughput,   the   graph   would   be   a   straight   rising   line   with   its   slope   equaling   the   throughput.   One   can   learn   about   where   the   source   of   throughput  issues  is  coming  from  by  looking  at  the  time-­‐sequence  graph.     fig.10  Time-­‐  Sequence  Graph  for  vuze  sponsored  torrent  file    
  • 18.       fig  11.  Time-­‐sequence  graph  for  the  linux  distribution  torrent  file      
  • 19.         fig.12  time-­‐sequence  graph  for  the  dictionary  torrent  file     To  understand  each  of  the  characteristics  from  the  above  graphs,  from  the  1st  graph,   fig.10,   we   can   clearly   see   that,   At   the   start   of   the   capture,   the   traffic   has   an   even   slope  (constant  throughput)  for  approximately  900  seconds,  when  there  is  a  major   disruption,   as   shown   by   the   discontinuity   in   the   graph.   This   gap   suggests   TCP   retransmissions  have  occurred  for  the  packet  for  which  we  have  chosen  to  plot  the   graph.   Similarly,   from   the   2nd   graph,   fig.11,   the   traffic   has   an   exponential   rise   for   approximately   1300   seconds   from   the   start   of   the   capture,   when   there   is   a   major   discontinuity   in   the   graph.   These   gaps   suggest   retransmissions   have   occurred   for   the  packet  for  which  we  have  chosen  to  plot  the  graph.   From  the  3rd  graph,  fig.12,  the  graph  clearly  shows  an  exponential  rise  throughout   the   graph   with   an   increasing   throughput   i.e.   with   an   even   slope.   So   thus,   we   can   conclude  from  this  graph  that  there  is  no  retransmissions  occurred  for  the  capture   of  the  dictionary  torrent  file.        
  • 20. Throughput  Graphs     The  throughput  graphs  shows  the  throughput  of  the  TCP  stream  Vs  time.           fig  13.  Throughput  graph  for  the  vuze  sponsored  torrent  file         fig.14  throughput  graph  for  the  linux  distribution  file  
  • 21.         fig.15  Throughput  graph  for  the  dictionary  torrent  file       From  all  the  above  3  graphs,  the  throughputs  of  each  trace  file  can  be  calculated.     Throughput   is   the   average   rate   of   successful   message   delivery   over   a   communication   channel.   The   throughput   is   usually   measured   in   bits   per   second.   From  the  1st  graph,  fig  13,  the  average  throughput  can  be  calculated  as  30000  B/s,   which   is   pretty   high   for   a   successful   communication.   As   this   torrent   file   was   downloaded  at  faster  download  rate,  the  average  throughput  will  be  always  high.   Similarly,   from   the   2nd   graph,   fig14   the   average   throughput   can   be   calculated   as   1000   B/s,   which   suggests   that   the   torrent   file   has   been   downloaded   at   high   speed   download   rate,   and   has   successful   message   transfers   over   the   communication   channel.     From   the   3rd   graph,   fig   15,   the   average   throughput   can   be   calculated   as   only   around   30B/s,  which  is  very  low.  As  the  file  was  downloaded  at  very  slow  download  rate,   the  throughput  was  also  considered  to  be  less.       I/O Graphs: I/O graphs are user configurable graphs of the captured network packets. We can select
  • 22. various filters. It is customizable with a lot of various options and is used to visual interpret the data we have captured. We can customize several features of this graph. For instance, we could create filters to show ARP and DHCP traffic and display the lines on the graph in red and blue so that we can more easily differentiate the throughput trends between these two protocol types. The most important two things we will be modifying are the settings for the x-axis and y- axis of the graph, which allow you to modify the intervals and units used for displaying the required information. I/O graphs are also used to find out the response times problems of the packets in the trace file by looking at the spikes generated from the I/O graph files. The general way to find out the response time problems is to find the delta time between the packets. This is represented in the time column in the main window. We can scroll through all the packets and find the no with higher value in the time column to indicate the higher response times. There’s an alternative approach to this: Try plotting I/O Graphs, and out of the graph generated from that spikes are shown as packets by default. The x-axis interval is around 1 sec and on the y-axis with units set to packets/tick and scale set to auto. Now, change y-axis to advanced tab, which opens up a new column. We can add new features into our graph window by adding syntax commands in the new column, which was generated by changing unit to “advanced”. To calculate the delta time from the previous captured packets, the syntax would be “frame.time_delta_displayed”. This is entered in the filter field present in the main window. Add the same syntax to “sum” column present in the I/O graph and press “ Graph 2” button to generate advanced I/O graph to calculate the delta times from the previous captured packets. Spikes are now indicated with a red graph, which shows where the problems with the response times occur. Here, we can observe that x-axis is changed from 0 to 1000 and above (varies from file to file). We can see some spikes from the newly generated I/O graph then, which suggests the higher response time delay problems. By clicking on a spike with higher value, which will take us to main window with the packet with the greater delay time by automatically scrolling down through the trace file to the place where the problem occurs. We can then find out the packet with the response time problem and the delta time of that packet. We can continue in a similar fashion to find out the larger delta times by clicking on the higher spikes generated in the graph.
  • 23. To find out the larger delays in response times for each of the 3 different trace files, we proceed with, fig.16 I/O graph for a Vuze sponsored torrent file From the above graph, the spikes can be located at various instances on the graph. Here, the 1st spike is found at 1382s, at which the packet no. 547022 has resulted in a higher response time delay of 1382.55544 s, which was found out by clicking on the spike present in the graph.
  • 24. fig 17. I/O graph for Linux distribution trace file From the above graph, the spikes can be located at various instances on the graph. Here, the 1st spike is found at 464s, at which the packet no.160329 has resulted in a higher response time delay of 464.388496 s, which was found out by clicking on the spike present in the graph. Fig 18 I/O Graph for dictionary torrent file
  • 25. From the above graph, the spikes can be located at various instances on the graph. Here, the 1st spike is found at 4961s, at which the packet no.257352 has resulted in a higher response time delay of 4961.487553 s, which was found out by clicking on the spike present in the graph. When compared with two other trace files, the dictionary based torrent trace file was found out to have more spikes in the I/O Graph generated by using the syntax filter “frame.time_delta_display”. This suggests that many packets in the trace file had higher response time delays, which clearly suggests that this torrent trace file was downloaded with slow download speed rate, with less no. of seeders who were to present and increase the speed of downloading a torrent file. Expert Info In order to filter out the abnormal traffic that is slowing our download, we’ll use the Expert Info window. To open this window, click Analyze in the menu bar and select Expert Info. Now choose the setting Error+Warn+Note from the drop-down box next to the words Severity filter. Next, we begin to explore the problematic packets in our capture. In Expert info window, we may encounter with TCP Previous segment lost packets. These packets tell us that during the course of data transfer, a packet was suddenly dropped. In response, the client sends Duplicate ACK packets to the server, requesting that that the lost packet is sent again. The client continues to send Duplicate ACKs until it receives the requested packet. We then see the retransmission of the dropped packet as TCP Retransmission in the Expert Infos window. At the beginning of our download, we see only one or two Duplicate ACKs in a row, but as the download progresses, when we encounter more and more Duplicate ACKs we can conclude that there is more latency. If there are more Segment losses and Duplicate ACKs it shows the sign of a slow download in progress.
  • 28. from the above graphs, we can clearly see that there are less no of previous segment losses and duplicate acks in 1st two trace files. Coming to the 3rd graph, we can clearly see that there are more no of previous segment losts and more no of duplicate acks which clearly shows the sign of a slow download is in progress.
  • 29. Conclusion  and  Future  Work:   As  it  can  be  observed  from  the  readings,    for  a  slower  download  the  RTT  is  higher.   This   can   be   observed   from   the   third   trace   file.   Also   as   we   consider   Throughput   graph,  we  can  see  that  the  throughput  is  lower  for  the  third  trace  as  compared  to  the   other  two,  thus  reiterating  what  was  observed  during  the  download.     Also,   From   the   expert   window   panel,   we   can   observe   more   segment   losses   and   duplicate  ACKs  which  shows  the  sign  of  a  slow  download  in  progress.  In  this  project,   we   had   looked   more   into   understanding   the   basic   working   of   the   BitTorrent   protocol   more   than   anything   else.   We   looked   at   how   it   worked   based   on   different   conditions   like   number   of   seeders,   location   of   download   (i.e.,   the   network),   popularity   of   the   file   and   other   real   world   conditions.   For   doing   this   we   found   WireShark  as  an  appropriate  tool  to  perform  the  tasks  we  needed.   We   detected   that   the   third   trace,   which   was  taken  on  a  Clemson  wireless  network   was   slower   as   compared   to   the   other   two   downloads.   This   might   be   because   of   a   variety  of  conditions  like  the  file  not  being  very  popular.  Lesser  number  of  seeders   etc.   Comparing   the   first   two   downloads   ,the   major   difference   lies   in   the   fact   that   the   first   download   was   a   sponsored   download   from   Vuze.   Therefore,   Vuze   was   functioning  more  like  a  content  delivery  system,  more  than  anything  else.  This  was   similar   in   a   way   to   the   new   kind   of   content   delivery   system   being   developed   by   BitTorrent   called   BitTorrent   DNA   ,   the   difference   lying   with   the   fact   that   thought   ,   the  download  speed  for  Vuze  was  high  it  hogged  most  of  the  bandwidth,  and  this  is   where  DNA  might  bring  in  a  change.     Looking  into  the  future  we  feel  that  the  BitTorrent  protocol  ,  which  is  relatively  new   might   undergo   a   metamorphosis   into   something   which,   delivering   content   to   users   ,   doesn’t  hog  most  of  the  bandwidth.       REFERENCES       [1]   Wireshark   &   Ethereal   Network   Protocol   Analyzer   Toolkit   -­‐     Angela   Orebaugh,   Gilbert  Ramirez,  Jay  Beale     [2]   Practical   Packet   Analysis:   Using   Wireshark   to   Solve   Real-­‐World   Network   Problems  -­‐  Chris  Sanders    
  • 30. [3]“BitTorrent”-­‐  http://www.medianet.kent.edu/surveys/IAD06S-­‐   P2PArchitectures-­‐chibuike/P2P%20App.%20Survey%20Paper.htm#_2.2_Bittorrent       [4]   "Wireshark   User's   Guide"   -­‐   http://www.wireshark.org/download/docs/user-­‐ guide-­‐a4.pdf