Principles and Breakthroughs of P2P Terminator

P2P Terminator is a good network management software, but many people use it to maliciously limit the traffic of others, so that others cannot access the Internet normally, next we will give a detailed introduction to his functions and principles as well as breakthrough methods!

Let's take a look at the materials from PSP on the Internet: P2P Terminator is a set of network management software developed by the net. Soft studio to control P2P download traffic in the enterprise network. The software provides a very simple solution to the problem that P2P software occupies too much bandwidth. The software is implemented based on underlying protocol analysis and processing, with good transparency. The software can adapt to most network environments, including proxy servers, ADSL routers, and LAN leased lines.

The P2P Terminator completely solves the problem of vswitch connection to the network environment, so that the P2P Traffic of the entire network can be controlled only by installing it on any host, and has good control transparency for hosts on the network, this effectively solves the problem that many network administrators have a great headache and has good application value.

The functions can be said to be relatively powerful. The functions developed by the author are used by network administrators. However, due to the fact that the cracked version of P2P Terminator is widely used on the Internet (P2P is a paid software ), if it is used properly by network managers, but there are many people who download and maliciously control others' network speeds, which causes problems in normal use! The P2P Terminator has many more functions than some other network management software. The most prominent thing is to control a variety of popular P2P protocols, such: bitTorrent protocol, Baidu protocol, Poco protocol, kamun protocol, and so on, software can control the vast majority of client software based on the above Protocol, bitcomet, bittech genie, greedy BT, cameng, Baidu xiba, Poco, ppdiantong and other software! The custom file suffix control function for HTTP download, FTP download restriction function, QQ, MSN, Popo, and UC chat tool control function are also available!

After the function is finished, how is it implemented! If you want to break through it, you must have a clear understanding of its principles!

The most basic principle of downloading these software is the same as that of some other network management software. Like network law enforcement officers, they all use ARP spoofing principles! Let's take a look at this figure:

| ------------ Computer

| ------------ Computer B

Internet --------> gateway -------> routers (vswitches) ------- >|---------- computer C (P2P Terminator can be used on any of the five computers)

| ------------ Computer d

| ------------ Computer E

Let's use this picture to explain the ARP spoofing principle! First, let's talk about arp. ARP (Address Resolution Protocol) is an Address Resolution Protocol that converts an IP address into a physical address. There are two ways to map IP addresses to physical addresses: Table and non-table.

ARP is to resolve the network layer (IP layer, that is, the third layer of OSI) Address to the MAC address of the Data Connection layer (MAC layer, that is, the second layer of OSI.

Anyone who has learned the basics of the network knows this!

Normally, when a sends data to B, it first queries the local ARP cache table, finds the MAC address corresponding to B's IP address, and then transmits data. Then, a ARP request packet (with the IP address IA of host a-physical address Pa) is broadcast, and host B with the IP address IB replies to the physical address Pb. All hosts on the Internet, including B, receive ARP requests, but only host B recognizes its own IP address, so it sends an ARP response packet to host. It contains the MAC address of B. After receiving the response from B, A updates the local ARP cache. Then use the MAC address to send data (the MAC address is appended to the NIC ). Therefore, the local high-speed cache ARP table is the basis for local network circulation, and the cache is dynamic. ARP does not receive ARP responses only when an ARP request is sent. When a computer receives an ARP response packet, it updates the local ARP cache and stores the IP and MAC addresses in the response in the ARP cache. Therefore, when a machine B in the lan sends a self-built ARP response to a, and if the response is forged by B impersonating C, that is, the IP address is the IP address of C, while the MAC address is forged, when a receives B's forged ARP response, it will update the local ARP cache. In this case, the IP address of C does not change in a's opinion, and its MAC address is no longer the original one. Because the lan network flow is not carried out by IP address, but by MAC address. Therefore, the forged MAC address is changed to a non-existent MAC address on a, which will cause network failure and a cannot Ping C! This is a simple ARP spoofing.

When we see this content, we will surely understand why P2P can control the traffic of computers on the network. In fact, it acts as a gateway here. Spoof the data of all computers in a network segment, and then perform secondary forwarding. All the data on the controlled computer will first pass through the P2P host and then go to the gateway!

This is the basic principle. Let's make a breakthrough in its working principles!

1. It is widely spread on the Internet to bind machine IP addresses and MAC addresses

2. Modify your MAC address to spoof P2P scanning of your machine by modifying the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ class \ {4d36e972-e325-11ce-bfc1-08002be10318} sub-key, however, the effect is not satisfactory.

3. Bind a two-way IP address or MAC address

Bind the MAC address of your egress router on the PC. the P2P Terminator cannot spoof you, and naturally it cannot worry about you. However, the MAC address bound to a route on the PC is not secure yet, because P2P Terminator software can fool routing, the best solution is to use a PC and bind two-way IP/mac on the routing, that is, in the PC

Bind the MAC address of the route entry, and bind the IP address and MAC address of the PC on the route entry. In this way, the route entry must support IP/MAC binding, such as HiPer router.

4. I saw a firewall on the Internet, the look n stop firewall. Some prawns on the Internet said they could prevent ARP spoofing, So I downloaded it and tried it! The method is as follows: But the premise is that your machine does not communicate with the machine in the LAN, and you can access your own network! And the gateway is fixed!

A. There is an "ARP: authorize all ARP packets" rule in "Internet filtering", which marks the prohibition before this rule;

B. however, this rule will disable gateway information by default. The solution is to place the gateway's MAC address (usually the gateway is fixed) in the "target" area of this rule, in "Ethernet: Address", select "not equal to" and fill in the MAC address of the gateway at that time. Put your MAC address in the "Source" area and in "Ethernet: select "not equal to" in "Address ".

C. in the last "allotherpacket", modify the "target" Area of the rule, select "not equal to" in "Ethernet: Address", and enter "FF:" In the MAC address: FF: ff; Put your MAC address in the "Source" area, and select "not equal" in "Ethernet: Address ". Others are not modified.

5. It is used to check which network segment has its Nic In the hybrid mode. Generally, normal hosts are not in the hybrid mode! Unless you set it specially, there are a lot of tools on the Internet to detect it!

6. Another tool developed by the P2P software author is the anti-P2P Terminator. It may be to prevent the majority of Internet users from being harmed, or to protect their own interests! After all, there are many cracked versions of this tool on the Internet! The anti-P2P Terminator is easy to use. As long as it is enabled and running, it can detect the P2P tool of the same network segment and automatically terminate it!

7. I think this method may not be widely used, that is, using VLANs. As long as your PC and P2P Terminator software are not in the same VLAN, you can't help it. the Internet access method like our normal dormitory is useless! However, you may be able to use large Internet cafes!

8. With regard to traffic restriction, you can change your subnet mask to break through. I changed the default subnet mask 255.255.255.0 to 255.240.0.0, and can also access the internet. P2P Terminator, the traffic restriction is invalid! However, it should be noted that the method for accessing the Internet here is: ADSL-route-computer. I don't know if this method can be used in other network environments!

9. Another one is that I saw a prawns on the internet saying that through port restrictions, I can break through P2P restrictions. I have never been able to understand this method! It seems that there is no port in ARP, and the port is only based on TCP/IP.
========================================================== ====================================

Recently, network restriction tools have been very popular and have reached a disgusting level. Therefore, to protect the interests of most of us and access the Internet fairly, we need to understand and break through these tools.

The P2P Terminator completely solves the problem of switch connection to the network environment, so that the traffic of the entire LAN can be controlled only by installing it on any host, which has good control transparency for hosts on the network, this effectively solves the problem that many network administrators have a great headache and has good application value.

It can be said that the power is relatively powerful, and the author developed it for use by network managers. However, due to the fact that the cracked version of P2P Terminator is widely used on the Internet (P2P is a paid software ), if it is used properly by network managers, but there are many people who download and maliciously control others' network speeds, which causes problems in normal use! The P2P Terminator has many more functions than some other network management software. The most prominent thing is to control a variety of popular P2P protocols, such: bitTorrent protocol, Baidu protocol, Poco protocol, and kamun protocol. software can control most client software based on the above Protocol, bitcomet, bittech genie, greedy BT, cameng, Baidu xiba, Poco, ppdiantong and other software! In addition, the custom file suffix control function for HTTP downloads, FTP download restrictions, QQ, MSN, Popo, and UC chat tool control functions are also available!

The core of the software is ARP spoofing.

Address Resolution Protocol (ARP) is an Address Resolution Protocol that converts an IP address into a physical address. There are two ways to map IP addresses to physical addresses: Table and non-table.

ARP is to resolve the network layer (IP layer, that is, the third layer of OSI) Address to the MAC address of the Data Connection layer (MAC layer, that is, the second layer of OSI.

Normally, when a sends data to B, it first queries the local ARP cache table, finds the MAC address corresponding to B's IP address, and then transmits data. Then, a ARP request packet (with the IP address IA of host a-physical address Pa) is broadcast, and host B with the IP address IB replies to the physical address Pb. All hosts on the Internet, including B, receive ARP requests, but only host B recognizes its own IP address, so it sends an ARP response packet to host. It contains the MAC address of B. After receiving the response from B, A updates the local ARP cache. Then use the MAC address to send data (the MAC address is appended to the NIC ). Therefore, the local high-speed cache ARP table is the basis for local network circulation, and the cache is dynamic. ARP does not receive ARP responses only when an ARP request is sent. When a computer receives an ARP response packet, it updates the local ARP cache and stores the IP and MAC addresses in the response in the ARP cache. Therefore, when a machine B in the lan sends a self-built ARP response to a, and if the response is forged by B impersonating C, that is, the IP address is the IP address of C, while the MAC address is forged, when a receives B's forged ARP response, it will update the local ARP cache. In this case, the IP address of C does not change in a's opinion, and its MAC address is no longer the original one. Because the lan network flow is not carried out by IP address, but by MAC address. Therefore, the forged MAC address is changed to a non-existent MAC address on a, which will cause network failure and a cannot Ping C! This is a simple ARP spoofing.

When we see this content, we will surely understand why P2P can control the traffic of computers on the network. In fact, it acts as a gateway here. Spoof the data of all computers in a network segment, and then perform secondary forwarding. All the data on the controlled computer will first pass through the P2P host and then go to the gateway!

Specific methods:

1. Binding IP and Mac.

Note that both the PC and the vro must be bound.

2. Using the arpfirewall, it can detect which computer is using the network speed limiting software and automatically trigger an alarm and intercept it. However, the effect is still not obvious, ARP packets are everywhere on the network. How can the network speed be faster.

3. The anti-p2pover software automatically terminates when running this software.

4. A bug in the speed limiting software is that IP address conflicts will cause sharp rise in CPU usage, leading to crashes. This method is to change the IP address to the IP address of the computer running the speed limiting software, it will crash or stop running the software.

5. I heard that this method is to modify the subnet mask, but I don't know how it works. If it works well, let me know.

Conclusion: The most effective method is to operate the vro. It is better to bind all IP addresses and MAC addresses on the vro or restrict users from accessing the Internet.

Principles and Breakthroughs of P2P Terminator