Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to track down Bit Torrent user on my network

Posted on 2008-10-28
3
Medium Priority
?
4,598 Views
Last Modified: 2013-11-21
I need some help tracking down a bit torrent client on our network. Can someone tell me how to go about doing this. Can I span a port on my cisco switch and monitor traffic via WireShark to find out where the traffic is going? What port(s) do I need to look for. Are there other methods I can use to figure this out? Thanks.
0
Comment
Question by:FIFBA
3 Comments
 

Accepted Solution

by:
TickSoft earned 1000 total points
ID: 22822779
For starters - depending on the torrent software, the Port number can be specified by the user.  So, one way to find out who is on your network downloading 'successfully' is to check the allowed outbound ports on your firewall.  Who has access to that... This should narrow down the search?

You could mirror traffic and run Wireshark on a specific workstation connected to those mirrored enabled ports.  Then within Wireshark you can filter by port numbers.

Are you on a domain?  Domain admin?  If so you could try running a scan on the network - some asset software and sift through the list of programs installed or processes running on everyone's computer.
0
 

Author Comment

by:FIFBA
ID: 22822875
This is on a domain, but things are pretty loose. This event will hopefully change that a bit. So honestly, any traffic originating from inside the firewall will be allowed back in. Can you recommend a good (free) assest auditing program?
0
 
LVL 10

Assisted Solution

by:sublifer
sublifer earned 1000 total points
ID: 22823140
If you have access to the firewall you should be able to see the IP from there.  Cisco ASA devices, from the ASDM interface has a live traffic monitor although you may have to set it to debug or another level to view non-error-related messages.  On a PIX or from a command line interface you can turn on the debug mode to have the traffic scroll with the command:

debug packet outside  (as long as the outside interface is the default name: "outside")

You can narrow down your search with the command option: dport port_number  

Bit Torrent's default port range is: 6881-6889

Don't forget to turn off debug mode when you're finished by using the same command as before but with the word: no  in front of it. e.g. no debug packet outside
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Files go missing when using DFS (Distributed File System) Replication and how to recover them and fix it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question