Solved

How to track down Bit Torrent user on my network

Posted on 2008-10-28
3
4,252 Views
Last Modified: 2013-11-21
I need some help tracking down a bit torrent client on our network. Can someone tell me how to go about doing this. Can I span a port on my cisco switch and monitor traffic via WireShark to find out where the traffic is going? What port(s) do I need to look for. Are there other methods I can use to figure this out? Thanks.
0
Comment
Question by:FIFBA
3 Comments
 

Accepted Solution

by:
TickSoft earned 250 total points
ID: 22822779
For starters - depending on the torrent software, the Port number can be specified by the user.  So, one way to find out who is on your network downloading 'successfully' is to check the allowed outbound ports on your firewall.  Who has access to that... This should narrow down the search?

You could mirror traffic and run Wireshark on a specific workstation connected to those mirrored enabled ports.  Then within Wireshark you can filter by port numbers.

Are you on a domain?  Domain admin?  If so you could try running a scan on the network - some asset software and sift through the list of programs installed or processes running on everyone's computer.
0
 

Author Comment

by:FIFBA
ID: 22822875
This is on a domain, but things are pretty loose. This event will hopefully change that a bit. So honestly, any traffic originating from inside the firewall will be allowed back in. Can you recommend a good (free) assest auditing program?
0
 
LVL 10

Assisted Solution

by:sublifer
sublifer earned 250 total points
ID: 22823140
If you have access to the firewall you should be able to see the IP from there.  Cisco ASA devices, from the ASDM interface has a live traffic monitor although you may have to set it to debug or another level to view non-error-related messages.  On a PIX or from a command line interface you can turn on the debug mode to have the traffic scroll with the command:

debug packet outside  (as long as the outside interface is the default name: "outside")

You can narrow down your search with the command option: dport port_number  

Bit Torrent's default port range is: 6881-6889

Don't forget to turn off debug mode when you're finished by using the same command as before but with the word: no  in front of it. e.g. no debug packet outside
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now