[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ares

I've been packet capturing..

GET hash:3

F8A1444D53935FE6

D89438D2A787426

HTTP/1.1..User-A

gent: Ares 1.8.1

..X-Queue: 0.1..

Range: bytes=0-2

683995..X-My-Nic

k: anon_c08b1e66

96..X-Ares-IP: 1

28.206.166.180:1

4492|192.139.30.

102:80....

 

We should be able to take this header info and create a packeteer rule right? If Ares is identifying itself like this reliably (I'm going to test more) then we *should* be able to write a rule.

 

 

Karel Jennings

Systems Technician

Computing and Telecommunications Services

Grande Prairie Regional College

Grande Prairie Alberta

(780)539-2773

 

 

-----Original Message-----
From: David Koren [mailto:koren@hanover.edu]
Sent: Tuesday, January 14, 2003 3:05 PM
To: packeteer-edu@lists.Stanford.EDU
Subject: Re: Bit Torrent?

 

I have noticed this too, I believe that, at least here, it is caused by a

P2P app called Ares (www.softgap.com).  At least it claims to be p2p.  I had

a single user taking up about a third of our pipe with this program.  It's

easy to tell if a computer has this program installed, simply connect to the

machine on port 80 as it is a normal web server.  Which is why it shows up

as inbound and outbound web traffic.

 

David Koren

Network Services Specialist

Hanover College

 

 

 

----- Original Message -----

From: "Scott Nickerson" <Scott.Nickerson@dal.ca>

To: <packeteer-edu@lists.Stanford.EDU>

Sent: Tuesday, January 14, 2003 3:56 PM

Subject: Bit Torrent?

 

 

> We are observing a huge increase in what 'appears' to be legitimate

> inbound web traffic.  We know that this has got to be new file sharing

> applications but are stumped as to how to keep a cap on the problem.

> Back in September our problem was our outgoing pipe was full.

> Packetshaper pretty much solved that problem for us, but now that it

> does not appear to be able to classify this http traffic that is not

> really user/browser generated. We are stuck.

>

> Anyone else experiencing this?  For now we have partitioned our

> residences and are allowing them only a third of our inbound pipe.  That

> is not really fair and students are complaining that regular web

> browsing is crippled.  Any ideas?  Have the file sharing applications

> outgrown our ability to detect and deprecate?

>

>

> Scott Nickerson

> Dalhousie University

>

>

> -----Original Message-----

> From: owner-packeteer-edu@lists.Stanford.EDU

> [mailto:owner-packeteer-edu@lists.Stanford.EDU] On Behalf Of John

> Stigall

> Sent: January 9, 2003 4:31 PM

> To: packeteer-edu@lists.Stanford.EDU

> Subject: Re: Gnutella? Bit Torrent?

>

>

> Bit Torrent? Has this been discussed before? This is a file sharing app

> that finds bits and pieces of files on multiple sites, makes multiple

> TCP download sessions, while serving the same file back to other users.

>

> -John Stigall

> Indiana University

>

> ----- Original Message -----

> From: "Printy, Darrin J. " <dprinty@stcloudstate.edu>

> To: <packeteer-edu@lists.Stanford.EDU>

> Sent: Friday, December 13, 2002 4:14 PM

> Subject: Gnutella?

>

>

> > Last night after midnight, our Outbound traffic shot up like a rocket.

>

> > Primarily it was ResNet traffic.  Fortunately I had a limit on

> > Outbound ResNet traffic set so the rest of the campus hasn't really

> > noticed.  We are running 5.3 on our 4500 PacketShaper and all was

> > running well since the update.

> >

> > The problem I am having with it is:

> > 1. It was an immediate increase at around 12:36am Central Time. 2. It

> > has been sustained ever since (unless I throttle Default class) 3. It

> > will show up in Discovered ports, but is so spread out it's not

> > conclusive. 4. If I trottle back the Discovered ports with a tight

> > partition, it moves to the Default group (like KaZaA did).

> > 5. When I look into a traffic flow of a top IP, I am seeing some

> > Gnutella-cmd but most of the Svc Type column is blank with multiple

> > outside IP's communicating.

> >

> > Has anyone else experienced this?

> > Is there a new version of Gnutella or KaZaA out?

> >

> > Darrin Printy

> > ResNet Coordinator

> > St. Cloud State University

> >

> > -++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**

> > This message was posted through the Stanford mailing list server. To

> > subscribe/unsubscribe, send email to majordomo@lists.stanford.edu with

>

> > "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.

> Archive

> > is at http://www.stanford.edu/group/networking/netlists/

> >

> >

> >

>

> -++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**

> This message was posted through the Stanford mailing list server. To

> subscribe/unsubscribe, send email to majordomo@lists.stanford.edu with

> "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.

> Archive is at http://www.stanford.edu/group/networking/netlists/

>

> -++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**

> This message was posted through the Stanford mailing list server. To

> subscribe/unsubscribe, send email to majordomo@lists.stanford.edu

> with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.

Archive

> is at http://www.stanford.edu/group/networking/netlists/

>

 

 

-++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**

This message was posted through the Stanford mailing list server. To

subscribe/unsubscribe, send email to majordomo@lists.stanford.edu

with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.  Archive

is at http://www.stanford.edu/group/networking/netlists/