martix Posted October 23, 2008 Report Share Posted October 23, 2008 I was wondering - is it possible to make a full filter to monitor traffic through uTorrent?Upload is easy - since it all goes thru the local listening port. But how about download and tracker traffic?Is it possible to design a filter thats not based on the program itself? My monitoring program can filter based on source, destination, protocol and port. I noticed that when not communicating through the listening port uTorrent keeps incrementing the local port number steadily(and I think starting randomly every time I start uT).Also most resolved addresses(i.e. trackers) have destination port 80(HTTP), but not all of them. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted October 23, 2008 Report Share Posted October 23, 2008 Upload is easy - since it all goes thru the local listening port.Wrong. Once a connection is established, data travels both ways on it, regardless of the direction. Link to comment Share on other sites More sharing options...
martix Posted October 23, 2008 Author Report Share Posted October 23, 2008 Well, I never did detect any download traffic on it for the 2 days I tried this filter. Statistics still show exactly 0.0kb download on that filter. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted October 23, 2008 Report Share Posted October 23, 2008 Outgoing connections local ports are typically controlled by the operating system TCP stack. Outgoing traffic can happen on both outgoing and incoming connections, as can incoming traffic. Link to comment Share on other sites More sharing options...
martix Posted October 23, 2008 Author Report Share Posted October 23, 2008 In theory maybe, but as evidenced by 2 days of data, no incoming traffic whatsoever has been seen on my listening port. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted October 23, 2008 Report Share Posted October 23, 2008 2 days of data from what?Wireshark?Some no-name program no one but you has ever heard of? Link to comment Share on other sites More sharing options...
Harold Posted October 23, 2008 Report Share Posted October 23, 2008 I though that the listen port was just the starting point for the 3-way handshake? Link to comment Share on other sites More sharing options...
martix Posted October 23, 2008 Author Report Share Posted October 23, 2008 Its a traffic monitoring program called BWMeter. Been using it for years. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted October 23, 2008 Report Share Posted October 23, 2008 And what about wireshark and tcpview? Link to comment Share on other sites More sharing options...
thelittlefire Posted October 24, 2008 Report Share Posted October 24, 2008 You want a total amount of traffic...it's in your status bar.Windows increments the socket used in the ephemeral port range. I'm unsure what you're asking, even with this discussion above. Perhaps you can explain what you need. I think you should check out the GUI for netstat called TCPView from http://sysinternals.com It allows you to see dynamically all open ports opened and by which proceses. Perhaps you setup your firewall on the wrong listening port. Link to comment Share on other sites More sharing options...
martix Posted October 24, 2008 Author Report Share Posted October 24, 2008 I want to keep statistics, not intercept packets and all that crap!You guys are COMPLETELY OFFTOPIC!Mind if we get back on?thelittlefire, what I am asking is can I single out traffic from uT based on IP, Port and Protocol rules? And what would those rules be?Its not a problem with uT, its just a question related to it.Again, please, only post things that have some bearing to my question. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted October 24, 2008 Report Share Posted October 24, 2008 what I am asking is can I single out traffic from uT based on IP, Port and Protocol rules?NO you can NOT.Because local ports for outgoing connections are based on your operating system's TCP stack settings and remote ports are based on the remote user's listen port, you can NOT make monitoring rules from IP:PORT:PROTOCOL combinations. Link to comment Share on other sites More sharing options...
martix Posted October 25, 2008 Author Report Share Posted October 25, 2008 See... its simple!Why all the useless chatter and waste of time when the thread could have ended in a single post of 2 letters I do not understand... Link to comment Share on other sites More sharing options...
Switeck Posted October 25, 2008 Report Share Posted October 25, 2008 You do have 1 incoming listening port for uTorrent, for a partial filter.But all outgoing connections could be on "anything". Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.