All trackers timed out with uTorrent 1.6 starting today

[rob61]

With Comcast in Michigan... I've read about them implementing SandVine technology in attempts to throttle bit torrent traffic. However, up until today, things were working ok here.

However today, every torrent I'm seeding or leeching (8 at the moment) have a RED icon and tracker status reports OFFLINE. I can browse the internet, although it does seem slower. The torrents are using different trackers, so it seems very strange that all 4 trackers are now showing up as OFFLINE.

The seeds are giving extremely low uploads, with fair download speeds (those that are still downloading) even though the trackers are reported as being offline.

I had enabled encryption a few days ago.

So, is this what happens when Comcast turns on SandVine technology? Or is it something else? Also, would SBC (ATT) DSL have this same issue? Anyone around west MI using SBC DSL that can report on torrent results for your service?

Anyone have ideas?

Update =====

I changed the uTorrent port and my port forwarding to another number, and now get the torrents showing normal (not where tracker can't be found). I rebooted my router, modem, and computer and now the tracker not found problem seems to be gone. I do notice a slower than normal reponse today on the internet. Not sure if it is related. Perhaps someone was attacking the open port?

Update 2 =====

Tried adding another torrent from a different tracker, and now ALL torrents are again RED - tracker offline. Something is going on, and I suspect it is Comcast. The internet connection is slower than usual, and the Battle Creek, MI hop is very sluggish. I wonder if they have installed SandVine there today.

Update =====

Yesterday, 3 cities in this Michigan area experienced outages with Comcast. Now that service is again on - a day later - torrents will work a little while, then one by one, each torrent goes "red" showing tracker offline. I can get them going again by changing my listening port via my router and within utorrent. This seems to work for an hour or so, as then each again go red. I think Comcast has implemented SandVine technology in this area as of yesterday when the "outage" occured. Now seeding torrents has become impossible. I will next scan my computer as you suggested and report back.

[Switeck]

Or it could just be a virus on your computer trying to send out 1,000+ emails a minute.

Have you used Process Explorer and/or HijackThis! to determine what else is loading in the background on your computer?

If so, can you post the logs?

[rob61]

Here is the log from Process Explorer

One other finding.... I tried running uTorrent on my laptop going through the same router (dif IP obviously so I set up port forwarding to that one as well). Its been running one torrent (as opposed to several) for a couple hours and no problem with the tracker. However on my main computer, I've reset the ip (don't use dynamic on my LAN except for wireless) and changed the open port and port forwarding. Still have the problem.

If I reset my listening port in uTorrent (1.6), and then open the same port on the router, it works for a while, then one by one, the seeds show up as offline (red). Then, if I change the listening port to something different along with the router port forwarding, it will be good for an hour or so... until then slowly start to turn red again (showing offline). I can ping them, and when I reset, downloads and uploads continue. What might be causing uTorrent to indicate tracker offline (when it tries to refresh I presume)? Do you think this is part of Comcast and their use of Sandvine throttling technology? Or does this machine have a virus? I run AVast and use Sygate firewall constantly. This on top of the NAT in my router. I recently ran a piece of software that I wasn't sure about, and also accepted an active X from a website (respectable). But I don't find ANYTHING in my running processes that indicate something I'm not sure of. I'll include a printout. I'll also include the hijackthis log. I've checked both but don't seem to find anything suspicious.

UPDATE *********************

Hmmm, perhaps a rogue torrent??? I eliminated one of the torrents, and the problem seems to have vanished. Would it be possible for someone to obtain IP info from the connections and then try attacking that port/computer? If so, they were successful in getting uTorrent to show torrents with tracker offline while the torrents continued to transfer.

END OF UPDATE ***************

Process PID CPU Description Company Name

System Idle Process 0 98.46

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 768 Windows NT Session Manager Microsoft Corporation

csrss.exe 816 0.77 Client Server Runtime Process Microsoft Corporation

winlogon.exe 840 Windows NT Logon Application Microsoft Corporation

services.exe 884 0.77 Services and Controller app Microsoft Corporation

svchost.exe 1068 Generic Host Process for Win32 Services Microsoft Corporation

wmiprvse.exe 2184 WMI Microsoft Corporation

svchost.exe 1136 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1224 Generic Host Process for Win32 Services Microsoft Corporation

wscntfy.exe 2880 Windows Security Center Notification App Microsoft Corporation

Smc.exe 1256 Sygate Agent Firewall Sygate Technologies, Inc.

svchost.exe 1292 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1380 Generic Host Process for Win32 Services Microsoft Corporation

aswUpdSv.exe 1424 avast! Antivirus updating service ALWIL Software

ashServ.exe 1480 avast! antivirus service ALWIL Software

spoolsv.exe 1748 Spooler SubSystem App Microsoft Corporation

IAANTmon.exe 712 RAID Monitor Intel Corporation

nvsvc32.exe 736 NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation

svchost.exe 804 Generic Host Process for Win32 Services Microsoft Corporation

wdfmgr.exe 176 Windows User Mode Driver Manager Microsoft Corporation

ashMaiSv.exe 2112 avast! e-Mail Scanner Service ALWIL Software

ashWebSv.exe 2236 avast! Web Scanner ALWIL Software

alg.exe 2960 Application Layer Gateway Service Microsoft Corporation

lsass.exe 896 LSA Shell (Export Version) Microsoft Corporation

explorer.exe 2012 Windows Explorer Microsoft Corporation

IAAnotif.exe 220 Event Monitor User Notification Tool Intel Corporation

aaCenter.exe 252

AiNap.exe 276

ashDisp.exe 304 avast! service GUI component ALWIL Software

PWRISOVM.EXE 356 PowerISO Virtual Drive Manager PowerISO Computing, Inc.

E_FATIAIA.EXE 368 EPSON Status Monitor 3 SEIKO EPSON CORPORATION

cledx.exe 464 Team H2O CLEDX Team H2O

acrotray.exe 500 AcroTray Adobe Systems Inc.

ctfmon.exe 524 CTF Loader Microsoft Corporation

ScannerFinder.exe 568 SDII MFC Application

utorrent.exe 1532

firefox.exe 3856 Firefox Mozilla Corporation

procexp.exe 2572 Sysinternals Process Explorer Sysinternals

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 5:33:33 PM, on 9/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe

C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Rob\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C62C74D-B2DC-4374-8319-AD083684B95C}: NameServer = 192.168.1.1,192.168.1.2

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: TTHXCBMAEO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Rob\LOCALS~1\Temp\TTHXCBMAEO.exe

[Switeck]

This one really stands out:

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

You probably need to get LSPfix and run it.

Get LSPfix from:

http://cexx.org/lspfix.htm

[rob61]

Thanks. I had removed the Bonjour folder as I had suspected it to be a problem source. It is installed with Adobe CS3 and is at least bloatware. Further research allowed me to find a good posting on how to remove it and then I applied the fix you suggested, removing the last registry entries to it.

Thank you for your help. Woa is us who are part of the Comcast network and their attempts to shut down P2P. I believe the initial experiece I had of all torrents going red were part of a rogue torrent. Once removed those issues went away.

However, I was still experiencing problems with no seeding after a download completes. This is indeed a part of Comcast and the torrent sharing (removal) they are doing with Sandvine.

Luckily, further research uncovered a simple, free software firewall that filters out the RST commands Comcast and Sandvine are using to disconnect the seeding attempts.

Thanks again for your help.

[LampShade]

Rob61,

Would you mind sharing that "simple, free software firewall" solution with us? I've been searching for this as well. I have found solutions, but they are neither simple nor free, mainly involving using a VPN service.

Can you verify that after implementing the solution you found, does uTorrent report in its Speed Guide that the port is forwarding for you?

Thanks much!

LampShade

[liveordie]

there is no simple "free firewall software" solution. Period. Rob61 is refering to linux iptables and using them to filter out the RST packets. However this was debunked shortly after it was released. Check out the comments on Digg if you want to read more. http://digg.com/linux_unix/Linux_iptables_Will_Fix_Comcast_s_BitTorrent_Connection_Killing

or the windows alternatives both examples can be viewed here

http://redhatcat.blogspot.com/2007/09/beating-sandvine-on-windows-with-wipfw.html

although its not worth wasting your time.