Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to know if someone is using torrent in my network??

    General pfSense Questions
    6
    14
    4842
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pankajpomal last edited by

      Hey,
      Can anyone tell me how to check if someone is downloading anything from torrent or other things via p2p clients..
      I have installed squidguard and sarg in my PFSense server machine but I'm unable to know who is downloading via torrent, p2p clients.

      1 Reply Last reply Reply Quote 0
      • M
        Mr. Jingles last edited by

        Install Snort and let it block it?

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          why don't you just take a simple sniff for a few minutes and look at the traffic - it will very simple to spot p2p traffic.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            Not even sniff needed. If you look at the firewall states, it's extremely obvious.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              This is very true as well ;)  I just like to see the actual traffic..

              1 Reply Last reply Reply Quote 0
              • G
                gjaltemba last edited by

                A shout-out to Dustin Webber for his Snorby project. I use it as a front-end for my Snort-IDS to display the payload for P2P traffic in the database.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned last edited by

                  Unsure whether it's worse to get DoSed by BT or by Snort… :P

                  1 Reply Last reply Reply Quote 0
                  • H
                    Harvy66 last edited by

                    This is how I know when I'm torrenting. But really, most torrent clients use random ports for nearly everything, some even randomly change ports over time, and they use a mixture of UDP and TCP traffic, all encrypted. Your only hope would be to block all encrypted traffic. But you can slow down torrent or look for torrent by monitoring the default torrent ports, but that will mostly get you stuff like Blizzard's Battle.Net launcher.

                    1 Reply Last reply Reply Quote 0
                    • M
                      Mr. Jingles last edited by

                      @johnpoz:

                      why don't you just take a simple sniff for a few minutes and look at the traffic - it will very simple to spot p2p traffic.

                      @doktornotor:

                      Not even sniff needed. If you look at the firewall states, it's extremely obvious.

                      DHCP: the next day you'll have to sniff another thing.

                      (Yes, we economists, we're stupid with our thing about efficiency  ;D ).

                      1 Reply Last reply Reply Quote 0
                      • P
                        pankajpomal last edited by

                        @johnpoz:

                        why don't you just take a simple sniff for a few minutes and look at the traffic - it will very simple to spot p2p traffic.

                        but how to check p2p log?

                        1 Reply Last reply Reply Quote 0
                        • H
                          Harvy66 last edited by

                          The only good way to mostly stop torrents is to block all incoming ports, no port forwarding, and limit outgoing ports. If all you care about is web pages, then this should work, I think.

                          1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator last edited by

                            Agreed, p2p hard to work when only port 80 and 443 outbound is allowed ;)  With no inbound ports - sure they might be able to be able to get to a few seeds, but they sure wouldn't be uploading anything.

                            As to how it looks in a sniff, I don't run any p2p locally anyway - its all via a seedbox.  But sure if I get a chance will fire up a sniff there to show how it looks.. Simple look and you will see it – its very distinct and easy to spot traffic.

                            As to why would you have to look at it tmrw.. You shut down a few users with warning letters from management, and the rest of the user base follows suite very quickly in not doing it.

                            1 Reply Last reply Reply Quote 0
                            • M
                              Mr. Jingles last edited by

                              I must be having a different Transmission client than you all  ;D

                              • I have no ports open on WAN;

                              • I have no ports forwarded;

                              • I easily seed 500% per torrent;

                              That aside, if you set your client port to port 80 you'll circumvent any measure with allowed ports too.

                              Imho either snort to block it, or traffic shaper to limit the speed to zero.

                              (I'd go for Snort; set it, and forget it, instead of wasting time again and again because you have to sniff if somebody might be torrenting).

                              1 Reply Last reply Reply Quote 0
                              • johnpoz
                                johnpoz LAYER 8 Global Moderator last edited by

                                Shut down your outbound ports and see how much you upload to peers that listen all kinds of random ports.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post

                                Products

                                • Platform Overview
                                • TNSR
                                • pfSense Plus
                                • Appliances

                                Services

                                • Training
                                • Professional Services

                                Support

                                • Subscription Plans
                                • Contact Support
                                • Product Lifecycle
                                • Documentation

                                News

                                • Media Coverage
                                • Press
                                • Events

                                Resources

                                • Blog
                                • FAQ
                                • Find a Partner
                                • Resource Library
                                • Security Information

                                Company

                                • About Us
                                • Careers
                                • Partners
                                • Contact Us
                                • Legal
                                Our Mission

                                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                Subscribe to our Newsletter

                                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                © 2021 Rubicon Communications, LLC | Privacy Policy