Making a complete uTorrent traffic filter

[martix]

I was wondering - is it possible to make a full filter to monitor traffic through uTorrent?

Upload is easy - since it all goes thru the local listening port. But how about download and tracker traffic?

Is it possible to design a filter thats not based on the program itself? My monitoring program can filter based on source, destination, protocol and port. I noticed that when not communicating through the listening port uTorrent keeps incrementing the local port number steadily(and I think starting randomly every time I start uT).

Also most resolved addresses(i.e. trackers) have destination port 80(HTTP), but not all of them.

[DreadWingKnight]

Upload is easy - since it all goes thru the local listening port.

Wrong. Once a connection is established, data travels both ways on it, regardless of the direction.

[martix]

Well, I never did detect any download traffic on it for the 2 days I tried this filter. Statistics still show exactly 0.0kb download on that filter.

[DreadWingKnight]

Outgoing connections local ports are typically controlled by the operating system TCP stack. Outgoing traffic can happen on both outgoing and incoming connections, as can incoming traffic.

[martix]

In theory maybe, but as evidenced by 2 days of data, no incoming traffic whatsoever has been seen on my listening port.

[DreadWingKnight]

2 days of data from what?

Wireshark?

Some no-name program no one but you has ever heard of?

[Harold]

I though that the listen port was just the starting point for the 3-way handshake?

[martix]

Its a traffic monitoring program called BWMeter. Been using it for years.

[DreadWingKnight]

And what about wireshark and tcpview?

[thelittlefire]

You want a total amount of traffic...it's in your status bar.

Windows increments the socket used in the ephemeral port range. I'm unsure what you're asking, even with this discussion above. Perhaps you can explain what you need. I think you should check out the GUI for netstat called TCPView from http://sysinternals.com It allows you to see dynamically all open ports opened and by which proceses. Perhaps you setup your firewall on the wrong listening port.

[martix]

I want to keep statistics, not intercept packets and all that crap!

You guys are COMPLETELY OFFTOPIC!

Mind if we get back on?

thelittlefire, what I am asking is can I single out traffic from uT based on IP, Port and Protocol rules? And what would those rules be?

Its not a problem with uT, its just a question related to it.

Again, please, only post things that have some bearing to my question.

[DreadWingKnight]

what I am asking is can I single out traffic from uT based on IP, Port and Protocol rules?

NO you can NOT.

Because local ports for outgoing connections are based on your operating system's TCP stack settings and remote ports are based on the remote user's listen port, you can NOT make monitoring rules from IP:PORT:PROTOCOL combinations.

[martix]

See... its simple!

Why all the useless chatter and waste of time when the thread could have ended in a single post of 2 letters I do not understand...

[Switeck]

You do have 1 incoming listening port for uTorrent, for a partial filter.

But all outgoing connections could be on "anything".