BitTorrent is a protocol designed for transferring files. It is peer-to-peer in nature, as users connect to each other directly to send and receive portions of the file. However, there is a central server (called a tracker) which coordinates the action of all such peers. The tracker only manages connections, it does not have any knowledge of the contents of the files being distributed, and therefore a large number of users can be supported with relatively limited tracker bandwidth.
A recent extension to BitTorrent is the DHT ('distributed sloppy hash table' or simply called UDP tracker) protocol. A UDP based peer to peer tracker protocol. And the uTorrent imports another UDP based Micro Transport Protocol, called uTP.
There’s good reason for that as the provider really does have enough qualities to make it a suitable choice for users that need better privacy and security to safely download torrents of their choice. This article will focus on the key features that make Surfshark a good VPN to have for torrenting purposes. How to Torrent Safely with Surfshark. Visit The official Shark Tank online at ABC.com. Get exclusive videos, blogs, photos, cast bios, free episodes and more. Torrent is committed to quality assurance: when you purchase one of our land clearing attachments, it will be the best possible match for your machine and application. Thorough research and verification of the machine specifications is critical, so as to determine the suitability of a carrier—whether it’s an excavator, forestry platform.
History
In April 2001 Bram Cohen designed the BitTorrent protocol, which he implemented summer 2002. The first program to use the protocol was the original BitTorrent client. Today many applications are availiable, and the protocol is widely used.
Protocol dependencies
TCP: Typically, BitTorrent uses TCP as its transport protocol. The well known TCP port for BitTorrent traffic is 6881-6889 (and 6969 for the tracker port). The DHT extension (peer2peer tracker) uses various UDP ports negotiated by the peers.
Example traffic
XXX - Add example traffic here (as plain text or Wireshark screenshot).
Wireshark
The BitTorrent dissector is (fully functional, partially functional, not existing, ... whatever the current state is). The DHT extension has been supported since r39653. The uTP extension has been supported since r36716.
Preference Settings
Reassemble BitTorrent messages spanning multiple TCP segments
Decode the peer_id of the handshake messages
Example capture files
SampleCaptures/BitTorrent.Transfer1.cap (Microsoft Network Monitor) Here's a capture with a few BitTorrent packets; it contains some small packets I got whilst downloading something on BitTorrent.
SampleCaptures/BITTORRENT.pcap (libpcap) Capture file of two torrent clients communicationg without DHT or peer exch.
Display Filter
A complete list of BitTorrent display filter fields can be found in the display filter reference
Show only the BitTorrent based traffic:
Note: implemented in Wireshark post 0.10.12!
Capture Filter
Shark Torrent
You cannot directly filter BitTorrent protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Capture only the BitTorrent tracker traffic over one of the default ports (e.g. 6881):
Capture the BitTorrent tracker traffic over the range of default ports (e.g. 6881-6889):
when using libpcap 0.9.1 or later or WinPcap 3.1 or later; that expression won't work with older versions of libpcap or WinPcap, so, on Windows, upgrade to WinPcap 3.1 or later and, on UN*X, upgrade to libpcap 0.9.x if possible and, if not possible and you have a version of libpcap prior to 0.8.1, use (a bug in the libpcap optimizer in libpcap 0.8.x means this won't work with libpcap 0.8.x, although you might be able to use tcpdump with the '-O' flag).
External links
http://www.bittorrent.com/ the official BitTorrent page
Wikipedia Bittorrent page
How BitTorrent Works about P2P in general, BitTorrent and firewall settings
DHT Protocol (BEP 5), the UDP-based BitTorrent extension for distributed trackers (the UDP port number is negotiated). Also: link to draft DHT protocol (dead link), Web Archive Copy (2007-12-21) of draft DHT protocol.
Hippie protocol signature description the TCP and UDP protocol signatures which might be used to heuristically identify the BitTorrent protocol Web Archive Link
More on BitTorrent