隨者網路的普及以及使用者的增加，網路頻寬管理的問題就日漸重要。面對網路頻寬管理的問題，首要的就是先了解目前網路上的流量是屬於何種應用，再來才是根據網路管理的需求，針對各種網路應用來限制或管理頻寬。
以往用來辨識流量屬於何種應用的方法是使用port-based的方式，根據各種網路服務應用所使用的TCP預設埠號(Well-known port)來辨識流量，以HTTP為例，只要是出現在port 80上的流量都歸類為HTTP的流量。早期的網路服務應用使用此方式便足以辨別，但近年來由於Peer-to-Peer應用軟體的興起並且為了躲避以port-based為主的流量管理，都已漸漸改以隨機埠號為主，因此使用port-based的方式來辨識流量早已不敷使用。為了更準確的辨識流量，本研究所實作content-based的方式比對特徵來做為辨識的依據，更進一步的我們也分析了其他的content-based的通訊協定分類器，比較其優缺點及準確性。另外本系統提供了驗證程式，可透過及時的連線測試方式驗證通訊協定分類器的結果。

The management of network bandwidth is more important along with the population growth of Internet. For the issue of network bandwidth management the first thing needs to be done is to analyze network traffic belongs to which protocol. And then we can restrict the usage of network bandwidth accroding to the mangement policy. The mean used to identify network traffic in the past is port-based one which based on the well-known default port number of application protocols. For example, the Hyper-Text Transfer Protocol (HTTP) uses port number 80 as his default port, therefor we could classify traffic which appears in port 80 as HTTP traffic. It is not enough for applications in our own day, especilly the Peer-to-Peer application that used random port number as his default port in order to evade the port-based classifiaction. In order to conquer the issue described above we developed a content-based protocol classifier which inspects the payload of packets. We also compared our system with other content-based protocol classifiers. In addition, we also provided a verification tool which verifies the result of protocol classifier by connecting to the host and testing the hehavior of specific application.

第1章緒論
第1.1節研究動機
第1.2節研究目標
第1.3節章節導讀
第2章知識背景及相關研究探討
第2.1節知識背景
第2.2節相關研究探討
第2.3節Netfilter/iptables
第2.4節Content-based Protocol Classifier
第3章系統設計
第3.1節新增的Netfilter Hook – Promiscuous Hook
第3.2節我們所發展Protocol Classifier – OurClassifier
第3.3節匯出比對結果的程式
第3.4節連線測試程式 – Protocol Probe
第4章實驗數據的測量與分析
第4.1節On-Line的測量方式
第4.2節Off-line的測量方式
第5章結論與未來方向
第5.1節結論
第5.2節未來方向
第6章參考文獻

[1] BSD, http://www.bsd.org/.
[2] Cisco Netflow, http://www.cisco.com/en/US/tech/tk812/tsd_technology_support_protocol_home.html.
[3] Ipfwadm System, ftp://ftp.xos.nl/pub/linux/ipfwadm/.
[4] IPP2P, http://www.ipp2p.org/.
[5] L7-filter, http://l7-filter.sourceforge.net/.
[6] Linux, http://www.linux.org/.
[7] Linux IP Firewalling Chains, http://people.netfilter.org/~rusty/ipchains/.
[8] Netfilter, http://www.netfilter.org/.
[9] RFC 3549 - Linux Netlink as an IP Services Protocol, http://www.rfc-archive.org/getrfc.php?rfc=3549.
[10] Supported Protocols of L7-filter, http://l7-filter.sourceforge.net/protocols.
[11] Tcpdump/Libpcap, http://www.tcpdump.org/.
[12] A. Spognardi, A. Lucarelli, and R. Di Pietro, "A Methodology for P2P File-Sharing Traffic Detection", HOT-P2P'05, page(s):51-62, July, 2005.
[13] C. S. Yang, P. C. Wu, "A Fast Multi-pattern Matching Algorithm for Network Processor", National Sun Yat-sen University, Department of Computer Science and Engineering, Master Thesis [Unpublished].
[14] K. Wehrle, F. Pahlke, H. Ritter, D. Muller, M. Bechler, " The Linux Networking Architecture: Design and Implementation of Network Protocols in the Linux Kernel", 2004, ISBN:0131777203, Prentice Hall.
[15] Robert S. Boyer, J. Strother Moore, "A fast string searching algorithm", Communications of the ACM, page(s):762-772, Oct, 1977.
[16] S. McCanne, V. Jacobson, "The BSD Packet Filter:A New Architecture for User-level Packet Capture", 1993 Winter USENIX conference, page(s):259-270, Jan, 1993.
[17] S. Sen, O. Spatscheck, D. Wang, "Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatrues", WWW'04, page(s):512-521, May, 2004.
[18] S. Wu, U. Manber, "A Fast Algorithm for Multi-pattern Searching", 1994, Technical Report.
[19] T. Karagiannis, A. Broido, N. Brownlee, K. Claffy, M. Faloutsos, "Is P2P dying or just hiding ?", GLOBECOM'04, page(s):1532-1538, Nov, 2004.