This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, my network is 100pc's big and would like to know how to capture traffic from clients downloading through torrents such as bittorrent and utorrent. My ISP has given me a warning on copyright violation because someone is downloading movies on our business internet. And not all pc's can be proxied.

Thx

asked 20 Sep '11, 09:18

Frederick%20Botha's gravatar image

Frederick Botha
1111
accept rate: 0%


You might want to capture your internet uplink and then use the protocol and endpoint statistics to find out who is doing suspicious protocols or amounts of traffic. Movies especially are quite large (usually above and beyond 500MB), so if a node is having that much traffic you could zero in on it.

Torrent traffic can run on a lot of different ports, often even randomized on each start of the torrent program, but you should be able to spot the traffic anyway. You might want to take a look at the conversation statistics to see if there are any nodes that have tons of external IPs as communication partners, which would be typical for torrent downloads - each seeder they are connected to would appear in the list.

permanent link

answered 20 Sep '11, 09:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×36
×6

question asked: 20 Sep '11, 09:18

question was seen: 9,486 times

last updated: 20 Sep '11, 09:41

p​o​w​e​r​e​d by O​S​Q​A