Finding Torrent Downloader

Posted on 2011-02-11
Last Modified: 2012-05-11
Our company received a letter from legal firm representing a medial compnay which was forwaed to us by out ISP. It seems someone in out LAN has been downloading copyright protected materials and has exposed our business to copyright infringment liability. Management is very interested in finding the computer/user responsible. What is the best way to do this without having to inspecte more than 70 computers.We use a Netgear RVS318 Router/Firewall
Question by:biztekadmin
  • 3
  • 2
LVL 35

Expert Comment

by:Ernie Beek
ID: 34871145
You could use wireshark and see who is torrenting. You are sure they used torrents for that?

Author Comment

ID: 34871836
I'm assuming a torrent downloader was used becasue I've had previous expiereince in a smaller environment, where someone left a Vuze instance downloading/seeding all weekend, by Friday of the next week we recieved a warning letter from out ISP. What other services / applications should Ibe looking for? As far as Wireshark, any suggestions on how to configure which network traffic to capture to determine who is downloading. Also will wireshark impact network performance? Thank You.
LVL 35

Accepted Solution

Ernie Beek earned 500 total points
ID: 34871908
This should help you with wireshark:

Wireshark shouldn't have an impact on performance, it just listens (to everything on the network).

Though torrent are widely used, you might also want to look at (for example) usenet traffic. That uses port 119 by default or port 563 for SSL connections.

Author Closing Comment

ID: 34871979
Thank you really apreciate the help.
LVL 35

Expert Comment

by:Ernie Beek
ID: 34872082
No problem, always glad to help :)

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Regarding command “deactivate snmp traceoptions” in Juniper 3 47
Configure FTP Server 3 66
VIRL IP adress 3 72
Line cards, Supervisor, Control plane 7 37
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question