Solved

How to track down Bit Torrent user on my network

Posted on 2008-10-28
3
4,427 Views
Last Modified: 2013-11-21
I need some help tracking down a bit torrent client on our network. Can someone tell me how to go about doing this. Can I span a port on my cisco switch and monitor traffic via WireShark to find out where the traffic is going? What port(s) do I need to look for. Are there other methods I can use to figure this out? Thanks.
0
Comment
Question by:FIFBA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Accepted Solution

by:
TickSoft earned 250 total points
ID: 22822779
For starters - depending on the torrent software, the Port number can be specified by the user.  So, one way to find out who is on your network downloading 'successfully' is to check the allowed outbound ports on your firewall.  Who has access to that... This should narrow down the search?

You could mirror traffic and run Wireshark on a specific workstation connected to those mirrored enabled ports.  Then within Wireshark you can filter by port numbers.

Are you on a domain?  Domain admin?  If so you could try running a scan on the network - some asset software and sift through the list of programs installed or processes running on everyone's computer.
0
 

Author Comment

by:FIFBA
ID: 22822875
This is on a domain, but things are pretty loose. This event will hopefully change that a bit. So honestly, any traffic originating from inside the firewall will be allowed back in. Can you recommend a good (free) assest auditing program?
0
 
LVL 10

Assisted Solution

by:sublifer
sublifer earned 250 total points
ID: 22823140
If you have access to the firewall you should be able to see the IP from there.  Cisco ASA devices, from the ASDM interface has a live traffic monitor although you may have to set it to debug or another level to view non-error-related messages.  On a PIX or from a command line interface you can turn on the debug mode to have the traffic scroll with the command:

debug packet outside  (as long as the outside interface is the default name: "outside")

You can narrow down your search with the command option: dport port_number  

Bit Torrent's default port range is: 6881-6889

Don't forget to turn off debug mode when you're finished by using the same command as before but with the word: no  in front of it. e.g. no debug packet outside
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question