This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Torrent download capture

0

Hi, my network is 100pc's big and would like to know how to capture traffic from clients downloading through torrents such as bittorrent and utorrent. My ISP has given me a warning on copyright violation because someone is downloading movies on our business internet. And not all pc's can be proxied.

Thx

asked 20 Sep '11, 09:18

Frederick%20Botha's gravatar image

Frederick Botha
1111
accept rate: 0%


One Answer:

0

You might want to capture your internet uplink and then use the protocol and endpoint statistics to find out who is doing suspicious protocols or amounts of traffic. Movies especially are quite large (usually above and beyond 500MB), so if a node is having that much traffic you could zero in on it.

Torrent traffic can run on a lot of different ports, often even randomized on each start of the torrent program, but you should be able to spot the traffic anyway. You might want to take a look at the conversation statistics to see if there are any nodes that have tons of external IPs as communication partners, which would be typical for torrent downloads - each seeder they are connected to would appear in the list.

answered 20 Sep '11, 09:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%