Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to track down Bit Torrent user on my network

Posted on 2008-10-28
3
Medium Priority
?
4,549 Views
Last Modified: 2013-11-21
I need some help tracking down a bit torrent client on our network. Can someone tell me how to go about doing this. Can I span a port on my cisco switch and monitor traffic via WireShark to find out where the traffic is going? What port(s) do I need to look for. Are there other methods I can use to figure this out? Thanks.
0
Comment
Question by:FIFBA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Accepted Solution

by:
TickSoft earned 1000 total points
ID: 22822779
For starters - depending on the torrent software, the Port number can be specified by the user.  So, one way to find out who is on your network downloading 'successfully' is to check the allowed outbound ports on your firewall.  Who has access to that... This should narrow down the search?

You could mirror traffic and run Wireshark on a specific workstation connected to those mirrored enabled ports.  Then within Wireshark you can filter by port numbers.

Are you on a domain?  Domain admin?  If so you could try running a scan on the network - some asset software and sift through the list of programs installed or processes running on everyone's computer.
0
 

Author Comment

by:FIFBA
ID: 22822875
This is on a domain, but things are pretty loose. This event will hopefully change that a bit. So honestly, any traffic originating from inside the firewall will be allowed back in. Can you recommend a good (free) assest auditing program?
0
 
LVL 10

Assisted Solution

by:sublifer
sublifer earned 1000 total points
ID: 22823140
If you have access to the firewall you should be able to see the IP from there.  Cisco ASA devices, from the ASDM interface has a live traffic monitor although you may have to set it to debug or another level to view non-error-related messages.  On a PIX or from a command line interface you can turn on the debug mode to have the traffic scroll with the command:

debug packet outside  (as long as the outside interface is the default name: "outside")

You can narrow down your search with the command option: dport port_number  

Bit Torrent's default port range is: 6881-6889

Don't forget to turn off debug mode when you're finished by using the same command as before but with the word: no  in front of it. e.g. no debug packet outside
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question